[systemd-devel] [SPAM] Re: Custom options and passing options via command line.
Kamil Jońca
kjonca at op.pl
Tue May 10 16:29:08 UTC 2022
Lennart Poettering <lennart at poettering.net> writes:
> On Di, 10.05.22 17:59, Kamil Jońca (kjonca at op.pl) wrote:
>
>> Maybe I was not clear.
>> I have ("internal") interfaces qemu1 and qemu2. and interface eth ("external")
>> I wat to nat traffic from interface qemu1 via eth , but I do not want
>> nat traffic from interface qemu2 via eth2/
>>
>> How to achieve this?
>
> hmm, eth? eth2? is the latter a typo?
>
> Assuming it is a typo: set IPMasquerade=yes only in the .network file
> that matches qemu1, not the one matching qemu2.
Wait.
eth = interface which got (statically or by dhcp) address 192.168.1.1
qemu1 = bridge interface with bunch of VMs, address 192.168.2.1 subnet /24
qemu2 = bridge interface with bunch of VMs, address 192.168.3.1 subnet /24
I want that outgoing via eth traffic from qemu1 was masquaraded to
192.168.1.1
and also want that outgoing via eth traffic from qemu2 was not touched
(ie. has have source addresses 192.168.3.0/24)
>
>> > If this does not deal in interfaces, but in IP addresses instead, no
>> > need to involve networkd. Just define the firewall outside of
>> > networkd?
>> Of course. Like most nontrivial things I want to do.
>> That was my point.
>
> But why involve a callout at all if it's not dynamic?
Why do you think it is not "dynamic"?
Subnet for which I want to mask is given via ipsec (and I understand
that this should be handled by ipsec scripts) or DHCP (how?)
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
More information about the systemd-devel
mailing list