Hi all,

 

When creating a new network:

 

1)    Is there a way to disable automatic spawning of dnsmasq on network creation?  I read that leaving out the <DHCP> section should accomplish this, but that is not what I am seeing.

2)    Is there a way to disable automatic installation of iptables rules?

3)    For that matter, what is the purpose of the default iptables rule set?  Doesn’t line 3 let all traffic pass anyway?

 

Thanks,

Paul

 

 

Running libvirt 0.9.2 on Ubuntu 11.10 server.

 

Here’s the libvirt network config:

 

RAW CONFIG

<network>

  <name>test</name>

  <bridge name="virbr%d" stp="off" delay="0"/>

  <forward mode="route"/>

  <ip address="192.168.0.1" netmask="255.255.255.0">

  </ip>

</network>

 

COMMAND

virsh net-create test.xml

 

RESULTS

virsh net-dumpxml test

<network>

  <name>test</name>

  <uuid>2eff5e7f-847a-1fbf-ec82-01a46ef0f6c2</uuid>

  <forward mode='route'/>

  <bridge name='virbr3' stp='off' delay='0' />

  <mac address='52:54:00:47:E6:15'/>

  <ip address='192.168.0.1' netmask='255.255.255.0'>

  </ip>

</network

 

ps aux | grep dns

nobody    4391  0.0  0.0  21616   916 ?        S    09:45   0:00 dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/test.pid --conf-file= --except-interface lo --listen-address 192.168.0.1

 

iptables -L --line-numbers

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination        

1    ACCEPT     all  --  anywhere             192.168.0.0/24     

2    ACCEPT     all  --  192.168.0.0/24       anywhere           

3    ACCEPT     all  --  anywhere             anywhere           

4    REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

5    REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable