On 12-03-2014 14:11, Paul Gideon Dann wrote: > On Wednesday 12 Mar 2014 14:06:30 Mauro Santos wrote: >> No netctl here :) >> >> I systemd-networkd enabled on boot and 3 files in /etc/systemd/network >> >>> cat brkvm.netdev >> >> [NetDev] >> Name=brkvm >> Kind=bridge >> >>> cat brkvm.network >> >> [Match] >> Name=brkvm >> >> [Network] >> Description=Bride for use with virtual machines and containers >> Address=192.168.56.1/24 >> >>> cat vb-veth.network >> >> [Match] >> Name=vb-* >> >> This last one is sort of a hack to bring the network up as it shows up, >> I suppose systemd-nspawn should do it by itself, this might be a bug, >> unless there is a good reason not to bring the network up automatically. >> >> Inside the container I do manual setup of the network address since I'm >> not actually booting it. >> >> Mind you that you may have to do systemctl daemon-reload (not really >> sure if this one is needed) and restart systemd-networkd for any changes >> to make effect. > > Can I ask you both why you chose this route of creating a private network? As far as I can > tell, by default systemd-spawn will allow the container to use the host's interface. I would > have thought that would be adequate for most usecases? > > Paul > Because I have both a virtual machine and container that need to talk to each other. Initially I had this setup specifically because of qemu, I wanted access to a few ports inside the virtual machine and having to setup some kind of nat would be a pain (and another variable in case things didn't work). After I saw that systemd-nspawn now has more network isolation features I just used the setup I had. It's possible this is overkill for what I want but it was the solution I came up with at the time. -- Mauro Santos
