On 10/06/2018 03:44 PM, scrap@xxxxxxxxxxx wrote:
Hello Cole,
thanks a lot for your kind reply! Let me try to answer your questions:
Do you have in mind a specific libvirt/qemu feature that you want
exposed, or are you asking for this kind of on/off switch to
implemented lower in the stack?
I am just asking for implementation of that kind of on/off switch,
because it would be lots easier to quickly disable internet access for
specific VMs with any possibility like that.
You can avoid public internet access by choosing an appropriate
network source: NAT guests are not accessible from the outside world.
Currently I have selected "NAT" with device model "virtio", but the VM
has still access to public internet. Maybe I misunderstood something?
What kind of network source are you using?
The host is connected to network via cable, the virtual machine NIC is
configured as NAT with device model "virtio" (what is creating a
interface called "vnet0" on the host). This VM has full public internet
access, but I want to restrict its access to the host only (to create a
file exchange between host and guest, but without internet access).
Okay, in this case what you want to use is an 'isolated' virtual
network. Stuff this XML in a file:
<network>
<name>isolated</name>
<forward mode='none'/>
<ip address='192.168.130.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.130.2' end='192.168.130.254'/>
</dhcp>
</ip>
</network>
Then from the command line do:
sudo virsh net-define $filename
sudo virsh net-autostart isolated
sudo virsh net-start isolated
Then in virt-manager change the VM network source to use this new
'isolated' network. vm and host can communicate but the vm can't
communicate with the outside world
- Cole
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
