On 10/16/2010 03:01 PM, Justin Clift wrote:
In case of the NAT I would mention that it is setting up Masquerading (rather than SNAT / DNAT) which basically only allows the VM to establish connections to the outside but not the other way around.
From the page:
Also commonly referred to as bridging. In this mode, the
virtual switch is connected to the physical host LAN, passing
guest network traffic back and forth without using NAT. In this
mode, computers external to the host server directly address and
communicate with guest virtual machines.
I suppose you describe the configuration where eth0 is plugged
into the bridge virbr0. If yes, I would title the section as
'bridging' mode. Typically in this case the VMs pick up an address
in the physical subnet from an infrastructure DHCP server and they
can communicate towards the outside or be contacted from anywhere
from the outside (assuming routable addresses). The addresses you
are showing in the example picture 10.10.10.100 and 10.10.10.200
are typically 'private', thus will only be routed in the local
network, but that's ok.
However, there is this other mode libvirt is supporting where the
VM's interfaces are plugged in virbr0, thus they do bridging when
one VM communicates with another VM. However, the bridge can be
given an IP address and when a VM wants to talk to another host or
VM in the network (beyond the VM-hosting host), the packets
'escape' the bridge, are routed on the Linux host towards eth0 and
then delivered to the other host in the local subnet. Now that is
a mix between routing and bridging.