[CentOS-virt] Network isolation for KVM guests
Dima (Dan) Yasny
bugagagashenki at gmail.com
Fri Mar 31 10:14:22 UTC 2017
On Fri, Mar 31, 2017 at 5:56 AM, C. L. Martinez <carlopmart at gmail.com>
> On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
> > Use libvirt with mac/ip spoofing enabled.
> > https://libvirt.org/formatnwfilter.html
> > https://libvirt.org/firewall.html
> > --
> > Sent from the Delta quadrant using Borg technology!
> Thanks Nux and Kristian but I don't see if these solutions will be really
> efective in my environment. Let me to explain. In this host I three
> physical interfaces: eth0, eth1 and wlan0.
> eth0 is connected to my internal network. eth1 is connected to a public
> router and wlan0 is connected to another public router. wlan0 and eth1 are
> bonded to provide failover Internet connections. CPU doesn't supports pci
> passthrough (pci passthrough would solve my problems).
If assigning a NIC directly to a VM would solve the problem, you could try
using macvtap instead of PCI passthrough
> I need to deploy a fw vm to control traffic between internal and external
> interfaces. In BSD systems you can seggregate all ip address and route
> tables from principal routing table. It is the same effect that I would
> like to implement in this host.
> And I don't see how to implement using CentOS (or another linux distro).
> C. L. Martinez
> CentOS-virt mailing list
> CentOS-virt at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS-virt