Re: Fwd: libvirtd and listen_addr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/01/2011, at 4:39 AM, Daniel Huhardeaux wrote:
> Le 06/01/2011 18:16, Justin Clift a écrit :
> 
> [...]
> 
>> Hmmm, in your libvirtd.conf file, what does the line say where you have "listen_addr"?
>> 
>> I'm thinking it should be something like:
>> 
>>   listen_addr = "0.0.0.0"
>> 
>> Which I *think* tells it to bind to everything it can.
>> 
>> ?
> 
> Yes but that's not what I want. Let's say we have 3 servers each of them with VMs and all connected through OpenVPN
> 
> server 1: VMs Net 10.0.1.1 (IP of server virbr0) VMs from .1.11 to ...
> server 2: VMs Net 10.0.2.1 (IP of server virbr0) VMs from .2.11 to ...
> server 3: VMs Net 10.0.3.1 (IP of server virbr0) VMs from .3.11 to ...
> 
> Having OpenVPN running, each VM -or other host running OpenVPN- can reach each other. So what I want, for security reason, is that listen_addr of each server is *only* 10.0.[1|2|3].1 which is transparent and independant of other network settings (public addresses, localnet, other VPN, ...).
> 
> Hope I clarify my needs :-)

Heh, yeah.  I think Daniel Berrange's approach of using firewall rules to control the access is probably the most rugged... 

My only other thought, and probably pretty fragile unless you put good scripting around it, is to still do the restarting thing, but change the listen_addr entry before the restart.

Though, I think it'll be an interesting (bad) situation if you want to change or restart one of the virtual networks when libvirtd is attached to it.  Can see problems with that. ;)

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]