[libvirt] Network definition questions
Laine Stump
laine at laine.org
Thu Mar 28 19:22:59 UTC 2013
On 03/27/2013 04:00 PM, Gene Czarcinski wrote:
> If an IPv4 address is *not* specified, then the IPv4 network is
> isolated and, by default, internal (internal to the specific
> interface) IPv4 routing is enabled..
Define "enable IPv4 routing"
ipv4 forwarding is not explicitly enabled in this case, but guests
connected to the bridge can talk to each other.
>
> If an IPv6 address is *not* specified, then the IPv6 network is
> isolated and, by default, internal IPv6 routing is disabled but can be
> enabled if ipv6='yes' is specified on <network>.
Correct (but you knew this better than me :-)
>
> If an IPv6 address is specified, then it is routed.
Define "routed". If there is no <forward> element, then rules are added
to reject any traffic that tries to be forwarded beyond the bridge, or
forwarded into the bridge from outside. However, IPv6 traffic between
interfaces directly connected to the bridge (i.e. the guests) and the
bridge itself is allowed.
>
> If an IPv4 address is specified, then it can be
> Network-Address-Translated or routed. Not having a <forward>
> explicitly specified does not mean that a route is not established.
Do you mean the direct route for the bridge's own subnet? If there is no
<forward>, then the rules added by networkAddGeneralIptablesRules will
be in effect - aside from allowing receive of dhcp, dns, and possibly
tftp to the host from guests (and ignoring inter-guest traffic), these
rules will reject attempts to forward into or out of the bridge.
>
>
> Do I understand thing correctly?
>
Not sure. Did what I said match up with what you understand? :-)
More information about the libvir-list
mailing list