[CentOS-virt] Network isolation for KVM guests

C. L. Martinez

carlopmart at gmail.com
Fri Mar 31 09:56:41 UTC 2017


On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
> Use libvirt with mac/ip spoofing enabled.
> 
> https://libvirt.org/formatnwfilter.html
> 
> https://libvirt.org/firewall.html
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
Thanks Nux and Kristian but I don't see if these solutions will be really efective in my environment. Let me to explain. In this host I three physical interfaces: eth0, eth1 and wlan0.

 eth0 is connected to my internal network. eth1 is connected to a public router and wlan0 is connected to another public router. wlan0 and eth1 are bonded to provide failover Internet connections. CPU doesn't supports pci passthrough (pci passthrough would solve my problems).

 I need to deploy a fw vm to control traffic between internal and external interfaces. In BSD systems you can seggregate all ip address and route tables from principal routing table. It is the same effect that I would like to implement in this host.

 And I don't see how to implement using CentOS (or another linux distro). 

-- 
Greetings,
C. L. Martinez



More information about the CentOS-virt mailing list