On Mon, 27.04.15 20:17, Kai Krakow (hurikha...@gmail.com) wrote: > Tomasz Torcz <to...@pipebreaker.pl> schrieb: > > >> Well, would that enable automatic, correcting routing between the > >> container and the host's external network? That's kinda what this all > >> is about... > > > > If you have radvd running, it should. By the way, speaking of NAT > > in context of IPv6 is a heresy. > > Why? It's purpose here is not saving some addresses (we have many in IPv6), > it's purpose is to have security and containment. The services provided by > the container - at least in my project - are meant to be seen as a service > of the host (as Lennart pointed out as a possible application in another > post). I don't want the containers being addressable/routable from outside > in. And putting a firewall in place to counterfeit this is just security by > obscurity: Have one configuration problem and your firewall is gone and the > container publicly available. > > The whole story would be different if I'd setup port forwarding afterwards > to make services from the containers available - but that won't be > the case.
Sidenote: systemd-nspawn already covers that for ipv4: use the --port= switch (or -p). Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
