Hi, I'm playing with 'systemd-container, according to (1) the masq option is set to yes in this case.
$ cat /etc/systemd/network/80-container-vz.network # This network file matches the bridge interface created by systemd-nspawn's # --network-zone= switch. See systemd-nspawn(1) for details. [Match] Name=vz-* Driver=bridge [Network] # Default to using a /24 prefix, giving up to 253 addresses per virtual network. Address=0.0.0.0/24 LinkLocalAddressing=yes DHCPServer=yes IPMasquerade=no LLDP=yes EmitLLDP=customer-bridge For now, I'm testing with the above option 'IPMasquerade=no' (default value is 'IPMasquerade=yes'). So my questions are: - Is my above assumption correct (disabling systemd's IPMasquerade and enabling masquerading in Shorewall) - What are the best practices with regard to Shorewall and systemd-container The two bridges interfaces are configured with the bridge option in '/etc/shorewall/interfaces'. I'm aware of (2) but I'm not sure which part applies here. Any help is appriciated. 1) https://www.phoronix.com/scan.php?page=news_item&px=systemd-networkd-IP-Forward 2) http://shorewall.org/bridge-Shorewall-perl.html#veth -Matt -- Matt Darfeuille _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
