Ulrich Dangel wrote:
On Friday 13 February 2009 19:21:10 Thomas Woerner wrote:
Hi,
i just got the same idea, so here are some thoughts.
Some Questions:
3) What do you want to do with user-customized firewalls?
I want do to port forwarding for a nat network for statically configured ip
addre
On Friday 13 February 2009 19:21:10 Thomas Woerner wrote:
Hi,
i just got the same idea, so here are some thoughts.
> Some Questions:
> 3) What do you want to do with user-customized firewalls?
I want do to port forwarding for a nat network for statically configured ip
addressed.
A solution co
One way to do this is to place a tiny VM (static kernel+very small
initramfs [uClibc+busybox+iptables+dnsmasq]) between VM clusters and the
host, rather than giving the host an IP on each cluster's bridge
directly. The tool that launches it (via libvirt) appends extra files to
the initramfs giv
Karl Wirth wrote:
Hi,
I would like your feedback on the following idea.
What if we could flexibly change the iptables rules for the different
guests as they are deployed onto the node/host. The idea would be to do
all of this within the iptables of the host leaving alone the iptables
of the
Daniel P. Berrange wrote:
> Actually I believe Karl's use case is that the host explicitly *does*
> know the IP the guest is /supposed/ to be using, and wants to prevent
> it spoofing someone else's IP.
>
Yes. This is what I was thinking.
> I agree with your general point though, that when tryi
On Fri, Feb 06, 2009 at 01:36:23PM -0500, Karl Wirth wrote:
> Hi,
>
> I would like your feedback on the following idea.
>
> What if we could flexibly change the iptables rules for the different
> guests as they are deployed onto the node/host. The idea would be to do
> all of this within the ip
On Sat, Feb 07, 2009 at 12:44:07AM +, David Lutterkort wrote:
> On Fri, 2009-02-06 at 13:36 -0500, Karl Wirth wrote:
> > What if we could flexibly change the iptables rules for the different
> > guests as they are deployed onto the node/host. The idea would be to do
> > all of this within the
On Fri, 2009-02-06 at 13:36 -0500, Karl Wirth wrote:
> What if we could flexibly change the iptables rules for the different
> guests as they are deployed onto the node/host. The idea would be to do
> all of this within the iptables of the host leaving alone the iptables
> of the guests themselves
Hi,
I would like your feedback on the following idea.
What if we could flexibly change the iptables rules for the different
guests as they are deployed onto the node/host. The idea would be to do
all of this within the iptables of the host leaving alone the iptables
of the guests themselves.
H