I haven't used nspawn much. But I think the terminology is the opposite – veth *is* the most similar to other tools' "host-only network", as it essentially creates a connection completely separate from the physical LAN, unless the host itself decides to route between them. (Compare with VirtualBox's vboxnet0.) Meanwhile, the opposite option would be macvlan, which attaches to a physical interface (like "bridged network" in VirtualBox) and separates traffic by MAC. In between, you have the option of first creating a "host-only" veth, and *then* putting it in a Linux bridge interface (br0/virbr) together with eth0. (I don't remember if nspawn can do this automatically or whether you need to 'ip link set veth0 master br0'...) <div class="gmail_quote"><div dir="ltr">On Tue, Jun 20, 2017, 19:07 Samuel Taylor <<a href="mailto:sam@tailornetworks.com">sam@tailornetworks.com</a>> wrote: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello to all, I'm new to the scene here so forgive me if this is not the most appropriate place to post this. I have posed this question to Freenet IRC a couple of times but I've not had any takers. At the moment I am in the process of deploying a couple of nspawn containers, one utilizing a VirtualEthernet config and the other sharing the network adapter of the host, which I believe is typically, outside of the nspawn universe, referred to as host-only networking? (please correct me if I am wrong). At present I have omitted --network-veth from the default systemd-nspawn .service unit file for containers, to enable the use of host-only networking within one of my containers. For the second container which utilizes a VirtualEthernet I have configured this parameter using the .nspawn file. Is there a way of avoiding having to modify the default systemd-nspawn unit file and instead configuring host-only networking within the .nspawn file? I have noted from the documentation that a network interface can be specified i.e [Network] Interface=eth0 However, from the documentation this would appear to remove the adapter from the calling namespace, and it would only be available within my container, which is not the case when removing --network-veth from the equation and not setting anything at all. If this is considered a bad practice I will instead use the VirtualEthernet and Port parameters on my container currently utilising host-only networking. I've been really enjoying getting my hands dirty with systemd the last few days, so if you could shed some light on where I'm going wrong here, that would be greatly appreciated! Many thanks, Sam Sent from my iPhone _______________________________________________ systemd-devel mailing list <a href="mailto:systemd-devel@lists.freedesktop.org" target="_blank">systemd-devel@lists.freedesktop.org</a> <a href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a> </blockquote></div><div dir="ltr">-- </div><div data-smartmail="gmail_signature">Mantas Mikulėnas <<a href="mailto:grawity@gmail.com">grawity@gmail.com</a>> Sent from my phone </div>