[CentOS-virt] Network isolation for KVM guests

C. L. Martinez carlopmart at gmail.com
Fri Mar 31 13:48:47 UTC 2017


On Fri, Mar 31, 2017 at 06:14:22AM -0400, Dima (Dan) Yasny wrote:
> On Fri, Mar 31, 2017 at 5:56 AM, C. L. Martinez <carlopmart at gmail.com>
> wrote:
> 
> > On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
> > > Use libvirt with mac/ip spoofing enabled.
> > >
> > > https://libvirt.org/formatnwfilter.html
> > >
> > > https://libvirt.org/firewall.html
> > >
> > > --
> > > Sent from the Delta quadrant using Borg technology!
> > >
> > Thanks Nux and Kristian but I don't see if these solutions will be really
> > efective in my environment. Let me to explain. In this host I three
> > physical interfaces: eth0, eth1 and wlan0.
> >
> >  eth0 is connected to my internal network. eth1 is connected to a public
> > router and wlan0 is connected to another public router. wlan0 and eth1 are
> > bonded to provide failover Internet connections. CPU doesn't supports pci
> > passthrough (pci passthrough would solve my problems).
> >
> 
> If assigning a NIC directly to a VM would solve the problem, you could try
> using macvtap instead of PCI passthrough
> 
> 

Oops .. bad luck (according to https://access.redhat.com/solutions/1978833):

Does bridge/macvtap interfaces work on wireless interfaces in RHEL?
 SOLUTION VERIFIED - Updated October 2 2015 at 6:23 PM - English 
Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Issue

If a bridge/macvtap interface is created using a wireless adapter, it fails to communicate. However, the wired physical ethernet card works without an issue
Resolution

Communication over an interface that's bridged with a wireless interface(Wi-Fi) won't work because most Access Points (APs) won't accept frames that have a source address that is not authenticated with the AP. The same holds true with APs that allow open authentication(without password)
Bridging can done only with physical ethernet controllers


-- 
Greetings,
C. L. Martinez


More information about the CentOS-virt mailing list