On 01/02/2012 09:09 AM, Tom Horsley wrote: > I don't know why people care so much about this. There are so > many things to be confused by with iptables, the name of an interface > seems to be the least of the problems you'd encounter :-).
Well, I can't speak for Emanuel, but I don't care *that* much. ;-) Since you ask about the reason, however, it's the same reason people care about naming conventions in any other context. Most of us are used to interface names like eth0, em1, virbr0, tun1, etc., and we tend to recognize them as network interfaces much more easily than a long name that doesn't end with a digit. Thus, the convention makes communication easier, which is a good thing on at least a couple of different levels when asking for help. > Anyway, I'm about to try a completely different approach. My > DD-WRT router has support for VLANs. Maybe I can connect my KVM host > to a router port that uses VLAN tagging and setup eth0.1 and eth0.3 > VLANs with eth0.1 being my normal LAN subnet and eth0.3 being > a completely different subnet. (Or maybe I can completely wipe > out all my internet access even on the host while trying this :-). A VLAN-based approach is definitely going to be more robust. Anything iptables based has to route the "segregated" traffic over your home network, so there's an unavoidable mixing of the traffic -- particularly things like ARP, DHCP, UPnP, etc. -- ======================================================================== Ian Pilcher [email protected] "If you're going to shift my paradigm ... at least buy me dinner first." ======================================================================== _______________________________________________ virt mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/virt
