[libvirt-users] Network questions
Hi all, When creating a new network: 1) Is there a way to disable automatic spawning of dnsmasq on network creation? I read that leaving out the <DHCP> section should accomplish this, but that is not what I am seeing. 2) Is there a way to disable automatic installation of iptables rules? 3) For that matter, what is the purpose of the default iptables rule set? Doesn't line 3 let all traffic pass anyway? Thanks, Paul Running libvirt 0.9.2 on Ubuntu 11.10 server. Here's the libvirt network config: RAW CONFIG <network> <name>test</name> <bridge name="virbr%d" stp="off" delay="0"/> <forward mode="route"/> <ip address="192.168.0.1" netmask="255.255.255.0"> </ip> </network> COMMAND virsh net-create test.xml RESULTS virsh net-dumpxml test <network> <name>test</name> <uuid>2eff5e7f-847a-1fbf-ec82-01a46ef0f6c2</uuid> <forward mode='route'/> <bridge name='virbr3' stp='off' delay='0' /> <mac address='52:54:00:47:E6:15'/> <ip address='192.168.0.1' netmask='255.255.255.0'> </ip> </network ps aux | grep dns nobody 4391 0.0 0.0 21616 916 ? S 09:45 0:00 dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/test.pid --conf-file= --except-interface lo --listen-address 192.168.0.1 iptables -L --line-numbers Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere 192.168.0.0/24 2 ACCEPT all -- 192.168.0.0/24 anywhere 3 ACCEPT all -- anywhere anywhere 4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable 5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
On 16.11.2011 17:18, paul.worner@thomsonreuters.com wrote:
Hi all,
When creating a new network:
1) Is there a way to disable automatic spawning of dnsmasq on network creation? I read that leaving out the <DHCP> section should accomplish this, but that is not what I am seeing.
You must change the forward type of the network from 'nat'/'route' to either 'bridge' or 'none'.
2) Is there a way to disable automatic installation of iptables rules?
Yes, in 'nat'/'route' forward type libvirt automatically inserts iptables rules. So if you wanna change this, change the forward type.
3) For that matter, what is the purpose of the default iptables rule set? Doesn’t line 3 let all traffic pass anyway?
Yes it does.
Thanks,
Paul
Running libvirt 0.9.2 on Ubuntu 11.10 server.
Here’s the libvirt network config:
*RAW CONFIG*
<network>
<name>test</name>
<bridge name="virbr%d" stp="off" delay="0"/>
<forward mode="route"/>
<ip address="192.168.0.1" netmask="255.255.255.0">
</ip>
</network>
*COMMAND*
virsh net-create test.xml
*RESULTS*
virsh net-dumpxml test
<network>
<name>test</name>
<uuid>2eff5e7f-847a-1fbf-ec82-01a46ef0f6c2</uuid>
<forward mode='route'/>
<bridge name='virbr3' stp='off' delay='0' />
<mac address='52:54:00:47:E6:15'/>
<ip address='192.168.0.1' netmask='255.255.255.0'>
</ip>
</network
* *
ps aux | grep dns
nobody 4391 0.0 0.0 21616 916 ? S 09:45 0:00 dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/test.pid --conf-file= --except-interface lo --listen-address 192.168.0.1
iptables -L --line-numbers
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.0.0/24
2 ACCEPT all -- 192.168.0.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
participants (2)
-
Michal Privoznik -
paul.worner@thomsonreuters.com