I haven't used nspawn much. But I think the terminology is the opposite – veth *is* the most similar to other tools' "host-only network", as it essentially creates a connection completely separate from the physical LAN, unless the host itself decides to route between them. (Compare with VirtualBox's vboxnet0.)
Meanwhile, the opposite option would be macvlan, which attaches to a physical interface (like "bridged network" in VirtualBox) and separates traffic by MAC. In between, you have the option of first creating a "host-only" veth, and *then* putting it in a Linux bridge interface (br0/virbr) together with eth0. (I don't remember if nspawn can do this automatically or whether you need to 'ip link set veth0 master br0'...) On Tue, Jun 20, 2017, 19:07 Samuel Taylor <[email protected]> wrote: > Hello to all, > > I'm new to the scene here so forgive me if this is not the most > appropriate place to post this. I have posed this question to Freenet IRC a > couple of times but I've not had any takers. > > At the moment I am in the process of deploying a couple of nspawn > containers, one utilizing a VirtualEthernet config and the other sharing > the network adapter of the host, which I believe is typically, outside of > the nspawn universe, referred to as host-only networking? (please correct > me if I am wrong). > > At present I have omitted --network-veth from the default systemd-nspawn > .service unit file for containers, to enable the use of host-only > networking within one of my containers. For the second container which > utilizes a VirtualEthernet I have configured this parameter using the > .nspawn file. Is there a way of avoiding having to modify the default > systemd-nspawn unit file and instead configuring host-only networking > within the .nspawn file? I have noted from the documentation that a network > interface can be specified i.e > > [Network] > Interface=eth0 > > However, from the documentation this would appear to remove the adapter > from the calling namespace, and it would only be available within my > container, which is not the case when removing --network-veth from the > equation and not setting anything at all. > > If this is considered a bad practice I will instead use the > VirtualEthernet and Port parameters on my container currently utilising > host-only networking. > > I've been really enjoying getting my hands dirty with systemd the last few > days, so if you could shed some light on where I'm going wrong here, that > would be greatly appreciated! > > Many thanks, > > Sam > > > Sent from my iPhone > _______________________________________________ > systemd-devel mailing list > [email protected] > https://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- Mantas Mikulėnas <[email protected]> Sent from my phone
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
