Le 06/01/2011 18:48, Justin Clift a écrit :
On 07/01/2011, at 4:39 AM, Daniel Huhardeaux wrote:
Le 06/01/2011 18:16, Justin Clift a écrit :
[...]
Hmmm, in your libvirtd.conf file, what does the line say where you have
"listen_addr"?
I'm thinking it should be something like:
listen_addr = "0.0.0.0"
Which I *think* tells it to bind to everything it can.
?
Yes but that's not what I want. Let's say we have 3 servers each of them with
VMs and all connected through OpenVPN
server 1: VMs Net 10.0.1.1 (IP of server virbr0) VMs from .1.11 to ...
server 2: VMs Net 10.0.2.1 (IP of server virbr0) VMs from .2.11 to ...
server 3: VMs Net 10.0.3.1 (IP of server virbr0) VMs from .3.11 to ...
Having OpenVPN running, each VM -or other host running OpenVPN- can reach each
other. So what I want, for security reason, is that listen_addr of each server
is *only* 10.0.[1|2|3].1 which is transparent and independant of other network
settings (public addresses, localnet, other VPN, ...).
Hope I clarify my needs :-)
Heh, yeah. I think Daniel Berrange's approach of using firewall rules to
control the access is probably the most rugged...
What I've done yet is to listen the VPN IP. If VPN fail to start for a
reason or another I will face the same problem. Another thing is that
the VPN IP is not always reachable from other servers.
Will follow the advice to use iptables.
Thanks to all for your time.
--
Daniel
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list