Le 06/01/2011 18:48, Justin Clift a écrit :
On 07/01/2011, at 4:39 AM, Daniel Huhardeaux wrote:
Le 06/01/2011 18:16, Justin Clift a écrit :

[...]

Hmmm, in your libvirtd.conf file, what does the line say where you have 
"listen_addr"?

I'm thinking it should be something like:

   listen_addr = "0.0.0.0"

Which I *think* tells it to bind to everything it can.

?

Yes but that's not what I want. Let's say we have 3 servers each of them with 
VMs and all connected through OpenVPN

server 1: VMs Net 10.0.1.1 (IP of server virbr0) VMs from .1.11 to ...
server 2: VMs Net 10.0.2.1 (IP of server virbr0) VMs from .2.11 to ...
server 3: VMs Net 10.0.3.1 (IP of server virbr0) VMs from .3.11 to ...

Having OpenVPN running, each VM -or other host running OpenVPN- can reach each 
other. So what I want, for security reason, is that listen_addr of each server 
is *only* 10.0.[1|2|3].1 which is transparent and independant of other network 
settings (public addresses, localnet, other VPN, ...).

Hope I clarify my needs :-)

Heh, yeah.  I think Daniel Berrange's approach of using firewall rules to 
control the access is probably the most rugged...

What I've done yet is to listen the VPN IP. If VPN fail to start for a reason or another I will face the same problem. Another thing is that the VPN IP is not always reachable from other servers.

Will follow the advice to use iptables.

Thanks to all for your time.
--
Daniel

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to