On 06/27/2012 01:44 AM, Fong Vang wrote: > I'm curious to know how you are providing IPs for your Windows VMs > when connected via a bridge. Define "connected via a bridge". If you are using <interface type='bridge'> (where the bridge is usually itself connected directly to a physical interface) libvirt does not do anything to provide IP addresses to the guests; it is assumed that a DHCP server is already running on the physical network. So in this case, there is no local dnsmasq that the physical network needs to be protected from. If you are using <interface type='network'> (i.e. connecting to a libvirt-managed "virtual network") you are still using a linux host bridge under the covers, and in this case libvirt does run an instance of dnsmasq to serve up IP addresses to the guests. However, in this case the bridge is not directly connected to any physical network, and dnsmasq is set to only listen on the bridge, so it will never see any dhcp requests from the rest of the network. I'm curious what you're experiencing that makes you think some action is needed. > Since broadcasts from the VMs are going > out the bridged interface, I'm thinking about implementing ebtables to > block dhcp broadcasts from going in/out the interface so that dnsmasq > would only respond to dhcp requests from the local guest VMs. Before > I venture down this path, I thought I might ask if there's an easier > way to do this with libvirt. > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list