Re: Network isolation for KVM guests (SOLVED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This can be if one of these interfaces isn't a wireless nic. But I need to use a wireless nic and another phys nic.

At least, I have solved the problem using network namespaces. All works ok and expected now.

Many thanks to all for your help

On Tue, Apr 04, 2017 at 10:39:05AM +0100, Nux! wrote:
> Just create a bridge, hook the host physical interface that you want in it, hook the VMs interface in it, done.
> No need for passthrough.
> 
> This can be done via libvirt/virsh or if a UI is wanted then virt-manager makes this really easy.
> 
> Now assign an IP in the VM and it should work. You don't need to assign any IP on he host interface itself. Rinse and repeat for the rest of the interfaces.
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> ----- Original Message -----
> > From: "C. L. Martinez" <carlopmart@xxxxxxxxx>
> > To: "Discussion about the virtualization on CentOS" <centos-virt@xxxxxxxxxx>
> > Sent: Friday, 31 March, 2017 19:18:43
> > Subject: Re:  Network isolation for KVM guests
> 
> > On Fri, Mar 31, 2017 at 05:06:53PM +0200, Sven Kieske wrote:
> >> On 31/03/17 15:55, C. L. Martinez wrote:
> >> > I need to attach two physical interfaces to a guest and these phy interfaces
> >> > have IP and routes assigned and I need to get them off the main routing table.
> >> 
> >> I do not understand this.
> >> 
> >> You can attach a physical (or virtual, doesn't matter), interface to any
> >> given vm, without assigning routes or IPs to these interfaces directly.
> > 
> > No, I can't because this host doesn't support PCI passthrough. One of these
> > interfaces is a wireless nic.
> > 
> >> 
> >> Just do the network configuration inside the vm, and the routing, well
> >> on your router? You will just need the route for the vm networks on your
> >> host, but what is your attack scenario to keep this separated from other
> >> routes on this host? you need at least CAP_NET_ADMIN to fiddle with those.
> > 
> > How? If the same host routes Internet traffic in the main routing table I expose
> > host's services to Internet.
> > 
> >> 
> >> --
> >> Mit freundlichen Grüßen / Regards
> >> 
> >> Sven Kieske
> >> 
> >> Systemadministrator
> >> Mittwald CM Service GmbH & Co. KG
> >> Königsberger Straße 6
> >> 32339 Espelkamp
> >> T: +495772 293100
> >> F: +495772 293333
> >> https://www.mittwald.de
> >> Geschäftsführer: Robert Meyer
> >> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> >> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> >> 
> > 
> > 
> > 
> > 
> >> _______________________________________________
> >> CentOS-virt mailing list
> >> CentOS-virt@xxxxxxxxxx
> >> https://lists.centos.org/mailman/listinfo/centos-virt
> > 
> > 
> > --
> > Greetings,
> > C. L. Martinez
> > _______________________________________________
> > CentOS-virt mailing list
> > CentOS-virt@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos-virt
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos-virt

-- 
Greetings,
C. L. Martinez
_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-virt




[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]

  Powered by Linux