Re: Network isolation for KVM guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Fri, Mar 31, 2017 at 05:06:53PM +0200, Sven Kieske wrote:
> On 31/03/17 15:55, C. L. Martinez wrote:
> > I need to attach two physical interfaces to a guest and these phy interfaces have IP and routes assigned and I need to get them off the main routing table.
> I do not understand this.
> You can attach a physical (or virtual, doesn't matter), interface to any
> given vm, without assigning routes or IPs to these interfaces directly.

No, I can't because this host doesn't support PCI passthrough. One of these interfaces is a wireless nic.

> Just do the network configuration inside the vm, and the routing, well
> on your router? You will just need the route for the vm networks on your
> host, but what is your attack scenario to keep this separated from other
> routes on this host? you need at least CAP_NET_ADMIN to fiddle with those.

How? If the same host routes Internet traffic in the main routing table I expose host's services to Internet.

> -- 
> Mit freundlichen Grüßen / Regards
> Sven Kieske
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +495772 293100
> F: +495772 293333
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt@xxxxxxxxxx

C. L. Martinez
CentOS-virt mailing list

[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     []     [Xfree86]     [Linux USB]

  Powered by Linux