On Sat, Mar 08, 2008 at 04:33:32PM +0100, Mads Chr. Olesen wrote: > Greetings! > > The attached patch adds support for having routed virtual networks, in > addition to the masquerading setup possible with the "<forward />" > stanza. > > I have added a <route dev="ethX" /> stanza (dev is optional), completely > equivalent to the <forward /> stanza. This is still forwarding of traffic, so I think we should just use the existing <forward/> element and have an extra attribute to indiciate the type of forwarding, eg <forward/> (defaults to mode="nat" for compat) <forward mode="nat"/> <forward mode="route"/> <forward mode="nat" dev="ethX"/> <forward mode="route" dev="ethX"/> > Summary of changes: > * Added <route /> stanza to XML parsing/creation > * Refactored qemudAddIptablesRules to allow for the routed network type > * In iptables.c: > * Renamed iptables(.*)ForwardAllowIn to > iptables(.*)ForwardAllowRelatedIn, to better reflect their function > * Added iptables(.*)ForwardAllowIn functions, that do not require > traffic to be related > > Comments are very much appreciated :-) I'm a little unclear on how this actually works. You add iptables rules to allow traffic in/out, but you're not adding any routing table entries, nor turning on proxy_arp, so I don't see how this will actually work in practice. Are you assuming the admin has already added suitable routing rules & turned on proxy arp ? Regards, Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list