[CentOS-virt] Network isolation for KVM guests
Sven Kieske
s.kieske at mittwald.de
Fri Mar 31 15:06:53 UTC 2017
On 31/03/17 15:55, C. L. Martinez wrote:
> I need to attach two physical interfaces to a guest and these phy interfaces have IP and routes assigned and I need to get them off the main routing table.
I do not understand this.
You can attach a physical (or virtual, doesn't matter), interface to any
given vm, without assigning routes or IPs to these interfaces directly.
Just do the network configuration inside the vm, and the routing, well
on your router? You will just need the route for the vm networks on your
host, but what is your attack scenario to keep this separated from other
routes on this host? you need at least CAP_NET_ADMIN to fiddle with those.
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +495772 293100
F: +495772 293333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20170331/1243210e/attachment.sig>
More information about the CentOS-virt
mailing list