Hi Andrew, In the medium term I think that might be easier and more scalable - oVirt should allow you to not have to deal with libvirt "plumbing".
Re-reading your original e-mail, I only now understand that you're using the default network to setup NAT, and that you weren't adding iptables rules on your own. If you do prefer to go with that, I have very little knowledge of libvirt's NAT. Maybe others on the list know more... Yours, Lior. On 18/12/14 19:00, Andrew Wagner wrote: > Lior, > > The main purpose of this is for testing. Medium-term, my plan is to spin > up another VLAN and routable private subnet with DHCP to trunk our > virtualization hosts onto. That requires more people to get involved to > get the testing environment in place. I suppose I can spin up a DHCP > server and private network outside of libvirt on the machine itself and > add to oVirt. > > Andrew > > On 12/18/2014 2:41 AM, Lior Vernia wrote: >> Hi Andrew, >> >> On 17/12/14 22:39, Andrew Wagner wrote: >>> All, >>> >>> I'm testing out oVirt for one of our projects that wants to try an >>> all-in-one setup before going to a larger deployment. For their testing, >>> they want to use the default NAT'd network from libvirtd on the host. >>> >>> I've install oVirt, installed the extnet hook, enabled IP forwarding in >>> sysctl.conf and loaded the setting, and created a vm that attaches to >>> the libvirtd "default" network and gets an IP. The VM can ssh to the >>> virbr0 IP address, in this case 192.168.122.1, to access the host. >>> However, the VM cannot reach any IP address off of the NAT'd subnet. I >>> haven't changed any of the default iptables rules that oVirt and >>> libvirtd create. Looking at ip route and the iptables rules, I feel that >>> traffic should be getting directed appropriately. >> Could you elaborate why there's need to meddle with the networking at >> the level of libvirt and to use the extnet hook? >> >> If all you need is an IP address and NAT, I would think a default oVirt >> setup would do as long as you have a DHCP server and add proper iptables >> rules to the host. >> >> Even if you do in fact need the specific libvirt network and to use the >> hook, maybe it's worth trying without them first - just to make sure >> your iptables rules are alright (they would be my prime suspect). >> >>> Does anyone have any thoughts as to what the issue may be? For some >>> reason, the ovirtmgmt bridge doesn't seem to be receiving or allowing >>> traffic from virbr0 to pass across it. I can provide more information if >>> that would be helpful! >>> >>> Andrew Wagner >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
