[Libvir] [patch 0/5] Misc. fixes to iptables support
Daniel P. Berrange
berrange at redhat.com
Fri Mar 30 16:34:38 UTC 2007
On Fri, Mar 30, 2007 at 05:04:49PM +0100, Mark McLoughlin wrote:
> On Wed, 2007-03-21 at 12:47 +0000, Mark McLoughlin wrote:
> > Hey,
> > What follows is a few misc patches for qemud's iptables
> > support. The main point is to add reload-on-HUP as suggested by
> > danpb.
> >
> > Comments welcome ..
>
> Hmm, I nearly forgot about these patches ... no objections, then?
Go for it. There is one further fixup needing for the forwarding stuff
in the scenario where you specify an explicit device. I don't know exactly
what I was thinking when I first wrote it, but the iptables rules are clearly
wrong. You can't forward to a specific device just by adding --out <dev>
as you rightly pointed out. The only reason it worked for me was that the
two devices I was testing with were both ultimately on the same LAN.
Anyway, what I intended it to do is to use DNAT & SNAT rules along with
the IP address associated with the particular device being targetted. Yes
this only works with static networking, but that's all it was intended to
do anyway - we already have the generic forward capability for dynamic
networks. I'll try and cook up a patch to fix this properly...
I've also got a long writeup pending about the (sorry) state of IPv6 networking
and what we can do with it :-)
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the libvir-list
mailing list