Hi,
I don't see why this should not work with the given solutions. But I'm
relatively new to KVM / libvirt. Alternative:
Personally I use Shorewall (Shoreline FW) and bridge setups (also works
with a bonding interface). This way you can create zones, interfaces,
addresses, forwarding-rules etc and give per VM permission to let's say
only use a certain IP, only access certain parts of the network, talk to
a certain limited list of IPs etc. I can not imagine you can't create
what you want with Shorewall. It looks complicated, but actually is very
intuitive if you give it some time and effort.
Please feel free to provide a better description of what you want to
accomplish. Maybe I misunderstand what you want to achieve.
--
Met vriendelijke groet,
Richard Landsman
http://rimote.nl
T: +31 (0)50 - 763 04 07
(ma-vr 9:00 tot 18:00)
24/7 bij storingen:
+31 (0)6 - 4388 7949
@RimoteSaS (Twitter Serviceberichten/security updates)
On 03/31/2017 11:56 AM, C. L. Martinez wrote:
On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
Use libvirt with mac/ip spoofing enabled.
https://libvirt.org/formatnwfilter.html
https://libvirt.org/firewall.html
--
Sent from the Delta quadrant using Borg technology!
Thanks Nux and Kristian but I don't see if these solutions will be really efective in my environment. Let me to explain. In this host I three physical interfaces: eth0, eth1 and wlan0.
eth0 is connected to my internal network. eth1 is connected to a public router and wlan0 is connected to another public router. wlan0 and eth1 are bonded to provide failover Internet connections. CPU doesn't supports pci passthrough (pci passthrough would solve my problems).
I need to deploy a fw vm to control traffic between internal and external interfaces. In BSD systems you can seggregate all ip address and route tables from principal routing table. It is the same effect that I would like to implement in this host.
And I don't see how to implement using CentOS (or another linux distro).
_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-virt
