KVM/libvirt - all traffic from eth0 to virtual guest
Hi there all.
I am battered trying to get this going. I am trying to set up a firewall distro on a kvm guest, up to here it is all good and no problems. I would like to have all traffic from eth0 pass through the guest running a firewall, but at the same time prevent the host being accessable without traffic first passing over the firewall guest. / other guests and vm host eth0 <-> guest funning firewall <-> \ eth1 The simplest solution is to use vt-d but unfortunately the MOBO only has a beta BIOS firmware to enable vt-d, not ideal for an eventual production environment. What would you guys recommend? |
Just a quick update to see if anyone can advise on my though process.
Currently thinking best way to go is to set up a bridge using eth0 and then somehow create ebtables rule sets to drop all packets destined for the host virtual machine and pass everything onto the firewalling guest vm. Please critique. |
a bridge is the only way to do this right, and yes, you'll need to use ebtables to configure the fine details
|
Thanks for the pointers in the right direction. Got it working.
After spending hours trying to configure different things, I found this article. Great for this type of setup for others like me not that proficient with the virtualization and virtualized networking aspects as of yet. http://glycogen.net/2012/03/19/setup...fsense-router/ In the article, the author states that you have to disable SELinux, DO NOT DO THIS. I believe he had problems running iso images as install sources. Just relable the files to have the correct SELinux context Quote:
Quote:
Please note that it is for setting up a very basic iptables ruleset on the host VM, but it will get the traffic passed properly. Make sure to revise the rules for production systems. Now, I can endulge in learning how to use pfsense(network and guest vm guests) as well as shorewall(vm host firewall). |
All times are GMT -5. The time now is 04:44 AM. |