[libvirt-users] Network questions

Michal Privoznik mprivozn at redhat.com
Mon Feb 6 12:00:07 UTC 2012 

On 16.11.2011 17:18, paul.worner at thomsonreuters.com wrote:
> Hi all,
> 
>  
> 
> When creating a new network:
> 
>  
> 
> 1)    Is there a way to disable automatic spawning of dnsmasq on network
> creation?  I read that leaving out the <DHCP> section should accomplish
> this, but that is not what I am seeing.

You must change the forward type of the network from 'nat'/'route' to
either 'bridge' or 'none'.

> 
> 2)    Is there a way to disable automatic installation of iptables rules?

Yes, in 'nat'/'route' forward type libvirt automatically inserts
iptables rules. So if you wanna change this, change the forward type.
> 
> 3)    For that matter, what is the purpose of the default iptables rule
> set?  Doesn’t line 3 let all traffic pass anyway?
> 

Yes it does.

>  
> 
> Thanks,
> 
> Paul
> 
>  
> 
>  
> 
> Running libvirt 0.9.2 on Ubuntu 11.10 server.
> 
>  
> 
> Here’s the libvirt network config:
> 
>  
> 
> *RAW CONFIG*
> 
> <network>
> 
>   <name>test</name>
> 
>   <bridge name="virbr%d" stp="off" delay="0"/>
> 
>   <forward mode="route"/>
> 
>   <ip address="192.168.0.1" netmask="255.255.255.0">
> 
>   </ip>
> 
> </network>
> 
>  
> 
> *COMMAND*
> 
> virsh net-create test.xml
> 
>  
> 
> *RESULTS*
> 
> virsh net-dumpxml test
> 
> <network>
> 
>   <name>test</name>
> 
>   <uuid>2eff5e7f-847a-1fbf-ec82-01a46ef0f6c2</uuid>
> 
>   <forward mode='route'/>
> 
>   <bridge name='virbr3' stp='off' delay='0' />
> 
>   <mac address='52:54:00:47:E6:15'/>
> 
>   <ip address='192.168.0.1' netmask='255.255.255.0'>
> 
>   </ip>
> 
> </network
> 
> * *
> 
> ps aux | grep dns
> 
> nobody    4391  0.0  0.0  21616   916 ?        S    09:45   0:00 dnsmasq
> --strict-order --bind-interfaces
> --pid-file=/var/run/libvirt/network/test.pid --conf-file=
> --except-interface lo --listen-address 192.168.0.1
> 
>  
> 
> iptables -L --line-numbers
> 
> Chain FORWARD (policy ACCEPT)
> 
> num  target     prot opt source               destination        
> 
> 1    ACCEPT     all  --  anywhere             192.168.0.0/24     
> 
> 2    ACCEPT     all  --  192.168.0.0/24       anywhere           
> 
> 3    ACCEPT     all  --  anywhere             anywhere           
> 
> 4    REJECT     all  --  anywhere             anywhere           
> reject-with icmp-port-unreachable
> 
> 5    REJECT     all  --  anywhere             anywhere           
> reject-with icmp-port-unreachable
> 
>  
> 
> 
> 
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users

More information about the libvirt-users mailing list