Hi,
i've configured a few virtual machines with libvirt-bin. The VMs
live behind a virtual network.
$ sudo virsh net-dumpxml default
<network>
<name>default</name>
<uuid>0c2cb263-e12b-8bf5-54af-1da612561cc0</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.128' />
</dhcp>
</ip>
</network>
libvirt maintains some iptable rules to make NAT work. My problem is,
maintaining my own set of additional rules. I'd like to use something
like `ferm', but when I change something in ferm.conf and reload the
rules, the rules of libvirt are deleted.
I've tried:
$ virsh net-destroy default
$ firm
$ virsh net-start default
But the VMs remain unreachable after the destroy. (I've to restart
them)
Another approach would be telling virtsh to write iptables rules to
stdout. So one could do:
$ frim
$ virtsh iptables-rules | sh
But I haven't found something like that.
Any ideas on how to integrate libvirt with my own set of iptable rules?
Bye,
Kurt
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110724211536.GA24653@nuts
