Open Stack

I have some questions regarding the way that networking is handled via 
qemu/kvm+libvirt, namely I'm trying to replicate OpenStack's use of the 
magic IP on newly spun-up instances.  My apologies in advance if this is 
not the proper mailing list for such a question.  I've already been to 
the libvirt mailing list, but to no avail.

I am trying to determine how exactly I can manipulate traffic from a 
_guest's_ NIC using iptables on the _host_.  On the host, there is a 
bridged virtual NIC that corresponds to the guest's NIC.  That interface 
does not have an IP setup on it on the host, however within the vm 
itself the IP is configured and everything works as expected.  I was 
told on the libvirt list that nwfilter handles things like this, but 
after further discussion was able to determine that nwfilter does NOT 
handle a situation in which one would redirect traffic destined for one 
IP to another IP -- a situation that iptables would normally handle.

I'm wondering, in that case, how OpenStack is (seemingly) "magically" 
making this happen?  Because libvirt (via nwfilter) handles outbound 
traffic produced by a guest system (and thus, that traffic does not 
traverse iptables) that there would be no way to facilitate this...but 
as we all know, OpenStack does it :)

Any insight or pointing in the right direction would be so helpful, 
thanks in advance!


-- 
Andre Goree
-=-=-=-=-=-
Email     - andre at drenet.net
Website   - http://www.drenet.net
PGP key   - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-