[CentOS-virt] Network isolation for KVM guests

Fri Mar 31 10:14:22 UTC 2017
Dima (Dan) Yasny <bugagagashenki at gmail.com>

On Fri, Mar 31, 2017 at 5:56 AM, C. L. Martinez <carlopmart at gmail.com>
wrote:

> On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
> > Use libvirt with mac/ip spoofing enabled.
> >
> > https://libvirt.org/formatnwfilter.html
> >
> > https://libvirt.org/firewall.html
> >
> > --
> > Sent from the Delta quadrant using Borg technology!
> >
> Thanks Nux and Kristian but I don't see if these solutions will be really
> efective in my environment. Let me to explain. In this host I three
> physical interfaces: eth0, eth1 and wlan0.
>
>  eth0 is connected to my internal network. eth1 is connected to a public
> router and wlan0 is connected to another public router. wlan0 and eth1 are
> bonded to provide failover Internet connections. CPU doesn't supports pci
> passthrough (pci passthrough would solve my problems).
>

If assigning a NIC directly to a VM would solve the problem, you could try
using macvtap instead of PCI passthrough


>
>  I need to deploy a fw vm to control traffic between internal and external
> interfaces. In BSD systems you can seggregate all ip address and route
> tables from principal routing table. It is the same effect that I would
> like to implement in this host.
>
>  And I don't see how to implement using CentOS (or another linux distro).
>
> --
> Greetings,
> C. L. Martinez
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt at centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20170331/97d67739/attachment-0005.html>