On 06/27/2012 01:44 AM, Fong Vang wrote:
I'm curious to know how you are providing IPs for your Windows
VMs
when connected via a bridge.
Define "connected via a bridge".
If you are using <interface type='bridge'> (where the bridge is usually
itself connected directly to a physical interface) libvirt does not do
anything to provide IP addresses to the guests; it is assumed that a
DHCP server is already running on the physical network. So in this case,
there is no local dnsmasq that the physical network needs to be
protected from.
If you are using <interface type='network'> (i.e. connecting to a
libvirt-managed "virtual network") you are still using a linux host
bridge under the covers, and in this case libvirt does run an instance
of dnsmasq to serve up IP addresses to the guests. However, in this case
the bridge is not directly connected to any physical network, and
dnsmasq is set to only listen on the bridge, so it will never see any
dhcp requests from the rest of the network.
I'm curious what you're experiencing that makes you think some action is
needed.
Since broadcasts from the VMs are going
out the bridged interface, I'm thinking about implementing ebtables to
block dhcp broadcasts from going in/out the interface so that dnsmasq
would only respond to dhcp requests from the local guest VMs. Before
I venture down this path, I thought I might ask if there's an easier
way to do this with libvirt.