[CentOS-virt] Network isolation for KVM guests (SOLVED)

Nux! nux at li.nux.ro
Tue Apr 4 10:34:11 UTC 2017


Ok, sure.

For bridging physical with wireless you could use parprouted.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "C. L. Martinez" <carlopmart at gmail.com>
> To: "Discussion about the virtualization on CentOS" <centos-virt at centos.org>
> Sent: Tuesday, 4 April, 2017 11:27:07
> Subject: Re: [CentOS-virt] Network isolation for KVM guests (SOLVED)

> This can be if one of these interfaces isn't a wireless nic. But I need to use a
> wireless nic and another phys nic.
> 
> At least, I have solved the problem using network namespaces. All works ok and
> expected now.
> 
> Many thanks to all for your help
> 
> On Tue, Apr 04, 2017 at 10:39:05AM +0100, Nux! wrote:
>> Just create a bridge, hook the host physical interface that you want in it, hook
>> the VMs interface in it, done.
>> No need for passthrough.
>> 
>> This can be done via libvirt/virsh or if a UI is wanted then virt-manager makes
>> this really easy.
>> 
>> Now assign an IP in the VM and it should work. You don't need to assign any IP
>> on he host interface itself. Rinse and repeat for the rest of the interfaces.
>> 
>> --
>> Sent from the Delta quadrant using Borg technology!
>> 
>> Nux!
>> www.nux.ro
>> 
>> ----- Original Message -----
>> > From: "C. L. Martinez" <carlopmart at gmail.com>
>> > To: "Discussion about the virtualization on CentOS" <centos-virt at centos.org>
>> > Sent: Friday, 31 March, 2017 19:18:43
>> > Subject: Re: [CentOS-virt] Network isolation for KVM guests
>> 
>> > On Fri, Mar 31, 2017 at 05:06:53PM +0200, Sven Kieske wrote:
>> >> On 31/03/17 15:55, C. L. Martinez wrote:
>> >> > I need to attach two physical interfaces to a guest and these phy interfaces
>> >> > have IP and routes assigned and I need to get them off the main routing table.
>> >> 
>> >> I do not understand this.
>> >> 
>> >> You can attach a physical (or virtual, doesn't matter), interface to any
>> >> given vm, without assigning routes or IPs to these interfaces directly.
>> > 
>> > No, I can't because this host doesn't support PCI passthrough. One of these
>> > interfaces is a wireless nic.
>> > 
>> >> 
>> >> Just do the network configuration inside the vm, and the routing, well
>> >> on your router? You will just need the route for the vm networks on your
>> >> host, but what is your attack scenario to keep this separated from other
>> >> routes on this host? you need at least CAP_NET_ADMIN to fiddle with those.
>> > 
>> > How? If the same host routes Internet traffic in the main routing table I expose
>> > host's services to Internet.
>> > 
>> >> 
>> >> --
>> >> Mit freundlichen Grüßen / Regards
>> >> 
>> >> Sven Kieske
>> >> 
>> >> Systemadministrator
>> >> Mittwald CM Service GmbH & Co. KG
>> >> Königsberger Straße 6
>> >> 32339 Espelkamp
>> >> T: +495772 293100
>> >> F: +495772 293333
>> >> https://www.mittwald.de
>> >> Geschäftsführer: Robert Meyer
>> >> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
>> >> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
>> >> 
>> > 
>> > 
>> > 
>> > 
>> >> _______________________________________________
>> >> CentOS-virt mailing list
>> >> CentOS-virt at centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos-virt
>> > 
>> > 
>> > --
>> > Greetings,
>> > C. L. Martinez
>> > _______________________________________________
>> > CentOS-virt mailing list
>> > CentOS-virt at centos.org
>> > https://lists.centos.org/mailman/listinfo/centos-virt
>> _______________________________________________
>> CentOS-virt mailing list
>> CentOS-virt at centos.org
>> https://lists.centos.org/mailman/listinfo/centos-virt
> 
> --
> Greetings,
> C. L. Martinez
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt at centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt


More information about the CentOS-virt mailing list