On 16.11.2011 17:18, paul.worner at thomsonreuters.com
wrote:> Hi all,
>
>
>
> When creating a new network:
>
>
>
> 1) Is there a way to disable automatic spawning of dnsmasq on network
> creation? I read that leaving out the <DHCP> section should
accomplish
> this, but that is not what I am seeing.
You must change the forward type of the network from
'nat'/'route' to
either 'bridge' or 'none'.
>
> 2) Is there a way to disable automatic installation of iptables rules?
Yes, in 'nat'/'route' forward type libvirt automatically inserts
iptables rules. So if you wanna change this, change the forward
type.>
> 3) For that matter, what is the purpose of the default iptables rule
> set? Doesn?t line 3 let all traffic pass anyway?
>
Yes it does.
>
>
> Thanks,
>
> Paul
>
>
>
>
>
> Running libvirt 0.9.2 on Ubuntu 11.10 server.
>
>
>
> Here?s the libvirt network config:
>
>
>
> *RAW CONFIG*
>
> <network>
>
> <name>test</name>
>
> <bridge name="virbr%d" stp="off"
delay="0"/>
>
> <forward mode="route"/>
>
> <ip address="192.168.0.1"
netmask="255.255.255.0">
>
> </ip>
>
> </network>
>
>
>
> *COMMAND*
>
> virsh net-create test.xml
>
>
>
> *RESULTS*
>
> virsh net-dumpxml test
>
> <network>
>
> <name>test</name>
>
> <uuid>2eff5e7f-847a-1fbf-ec82-01a46ef0f6c2</uuid>
>
> <forward mode='route'/>
>
> <bridge name='virbr3' stp='off' delay='0'
/>
>
> <mac address='52:54:00:47:E6:15'/>
>
> <ip address='192.168.0.1' netmask='255.255.255.0'>
>
> </ip>
>
> </network
>
> * *
>
> ps aux | grep dns
>
> nobody 4391 0.0 0.0 21616 916 ? S 09:45 0:00 dnsmasq
> --strict-order --bind-interfaces
> --pid-file=/var/run/libvirt/network/test.pid --conf-file>
--except-interface lo --listen-address 192.168.0.1
>
>
>
> iptables -L --line-numbers
>
> Chain FORWARD (policy ACCEPT)
>
> num target prot opt source destination
>
> 1 ACCEPT all -- anywhere 192.168.0.0/24
>
> 2 ACCEPT all -- 192.168.0.0/24 anywhere
>
> 3 ACCEPT all -- anywhere anywhere
>
> 4 REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
> 5 REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
>
>
>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users