Hi there all.

I am battered trying to get this going. I am trying to set up a firewall distro on a kvm guest, up to here it is all good and no problems.

I would like to have all traffic from eth0 pass through the guest running a firewall, but at the same time prevent the host being accessable without traffic first passing over the firewall guest.

/ other guests and vm host
eth0 <-> guest funning firewall <->
\ eth1

The simplest solution is to use vt-d but unfortunately the MOBO only has a beta BIOS firmware to enable vt-d, not ideal for an eventual production environment.

What would you guys recommend?

Just a quick update to see if anyone can advise on my though process.

Currently thinking best way to go is to set up a bridge using eth0 and then somehow create ebtables rule sets to drop all packets destined for the host virtual machine and pass everything onto the firewalling guest vm.

Please critique.

a bridge is the only way to do this right, and yes, you'll need to use ebtables to configure the fine details

1 members found this post helpful.

Thanks for the pointers in the right direction. Got it working.

After spending hours trying to configure different things, I found this article. Great for this type of setup for others like me not that proficient with the virtualization and virtualized networking aspects as of yet.

http://glycogen.net/2012/03/19/setup...fsense-router/

In the article, the author states that you have to disable SELinux, DO NOT DO THIS. I believe he had problems running iso images as install sources. Just relable the files to have the correct SELinux context
or
(if you only want to relable a single file)

Please note that it is for setting up a very basic iptables ruleset on the host VM, but it will get the traffic passed properly. Make sure to revise the rules for production systems.

Now, I can endulge in learning how to use pfsense(network and guest vm guests) as well as shorewall(vm host firewall).

1 members found this post helpful.