[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v2 2/4] net: support set public ip for forward mode nat



On Fri, 8 Feb 2013 17:25:11 +0000
"Daniel P. Berrange" <berrange redhat com> wrote:

> On Mon, Feb 04, 2013 at 10:45:24AM +0100, Natanael Copa wrote:
> > Support setting which public ip to use for NAT via attribute
> > address in subelement <nat> in <forward>:
> > 
> > ...
> >   <forward mode='nat'>
> >       <nat address='1.2.3.4'/>
> >   </forward>
> 
> Unless I'm mis-understanding, this is just identical to
> using a range, with the start + end addresses equal eg
> 
>   <forward mode='nat'>
>     <nat>
>       <address start='1.2.3.4' end='1.2.3.4'/>
>     </nat>
>   </forward>

Almost, its redundant with no 'end' attribute.
   <forward mode='nat'>
     <nat>
       <address start='1.2.3.4'/>
     </nat>
   </forward>
 
> if so, then this is redundant - we should just use the
> <address start='1.2.3.4' end='1.2.3.4'/> syntax
> for everything, and not special case the scenario
> where start+end are equal.

I sent a rebase without 2/4 which is still somewhat redundant.

If you specify 'start', but not 'end', it will generate different iptables lines:
  iptables ... --to-source 1.2.3.4
vs
  iptables ... --to-source 1.2.3.4-1.2.3.4

It appears that iptables currently accepts both forms and generate the
same thing. I cannot guarantee that iptables maintainers will remove
duplicate ways of specifying same rules in future or treat them
different, so it might be an idea to be able to specify both variants.

-nc


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]