Re: [Libvir] Patch for routed virtual networks
søn, 09 03 2008 kl. 21:09 +0000, skrev Daniel P. Berrange:
On Sat, Mar 08, 2008 at 04:33:32PM +0100, Mads Chr. Olesen wrote:
> I have added a <route dev="ethX" /> stanza (dev is optional),
completely
> equivalent to the <forward /> stanza.
This is still forwarding of traffic, so I think we should just use the
existing <forward/> element and have an extra attribute to indiciate
the type of forwarding, eg
<forward/> (defaults to mode="nat" for compat)
<forward mode="nat"/>
<forward mode="route"/>
<forward mode="nat" dev="ethX"/>
<forward mode="route" dev="ethX"/>
Sure, makes sense - an updated patch is attached.
I'm a little unclear on how this actually works. You add iptables
rules to
allow traffic in/out, but you're not adding any routing table entries, nor
turning on proxy_arp, so I don't see how this will actually work in practice.
Are you assuming the admin has already added suitable routing rules & turned
on proxy arp ?
Well, in my case (dedicated server, hetzner.de) this is all that is
needed. My physical interface has IP 85.10.XXX.XXX, and then I have a
secondary IP range which gets routed at that interface, IP range
78.47.YYY.YYY/30. I then setup my virtual interface with an IP in that
range, by setting
<ip address="78.47.YYY.YYY" netmask="255.255.255.248" />
Thus, to get packets routed at the virtual machines, it just needs to be
allowed by iptables, and /proc/sys/net/ipv4/ip_forward needs to be set
to 1.
Other setups obviously might need more work.
--
Mads Chr. Olesen <shiyee(a)shiyee.dk>
shiyee.dk
Attachments:
- routed-virtual-net.cvs.patch2 (text/plain — 14.8 KB)