[systemd-devel] [SPAM] Re: Custom options and passing options via command line.

Lennart Poettering lennart at poettering.net
Tue May 10 16:48:32 UTC 2022


On Di, 10.05.22 18:29, Kamil Jońca (kjonca at op.pl) wrote:

> Lennart Poettering <lennart at poettering.net> writes:
>
> > On Di, 10.05.22 17:59, Kamil Jońca (kjonca at op.pl) wrote:
> >
> >> Maybe I was not clear.
> >> I have ("internal") interfaces qemu1 and qemu2. and interface eth ("external")
> >> I wat to nat traffic from interface qemu1 via eth , but I do not want
> >> nat traffic from interface qemu2 via eth2/
> >>
> >> How to achieve this?
> >
> > hmm, eth? eth2? is the latter a typo?
> >
> > Assuming it is a typo: set IPMasquerade=yes only in the .network file
> > that matches qemu1, not the one matching qemu2.
> Wait.
> eth = interface which got (statically or by dhcp) address 192.168.1.1
> qemu1 = bridge interface with bunch of VMs, address 192.168.2.1 subnet /24
> qemu2 = bridge interface with bunch of VMs, address 192.168.3.1 subnet /24
>
> I want that outgoing via eth traffic from qemu1 was masquaraded to
> 192.168.1.1
> and also want that outgoing via eth traffic from qemu2 was not touched
> (ie. has have source addresses 192.168.3.0/24)

Yes. So for the two bridge interfaces, define two distinct .network
files, and set IPMasquerade=yes in one and leave it off in the other.

> >> Of course. Like most nontrivial things I want to do.
> >> That was my point.
> >
> > But why involve a callout at all if it's not dynamic?
> Why do you think it is not "dynamic"?
> Subnet for which I want to mask is given via ipsec (and I understand
> that this should be handled by ipsec scripts)  or DHCP (how?)

Ah, well, OK so if the stuff is dynamic, but based on something else
than a network interface? then networkd is not the right place to
configure that.

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list