LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices


Reply
  Search this Thread
Old 06-26-2017, 03:48 AM   #1
linux_fan1
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Rep: Reputation: 0
Virtual firewall on top of KVM


Hello,

I plan on running a dedicated firewall distro, but I want to run it in a KVM VM.


I have a machine with 2 NIC's, which I intend to assign to WAN and LAN. However, both NIC's do not support VT-d, so PCI-passthrough is a big no-go.
Therefore, I had the setup in mind of using a macvtap in private mode for the WAN-interface and a standard bridge for the LAN-interface.

I was just wondering: what do I do with that WAN-interface? Let's say it's called eth0 and there's a macvtap in private mode linked to it, which gets the firewall WAN interface assigned.
How do you configure the eth0-interface itself in the linux host? Do you set it to manual mode, thereby not assigning it an IP?
Do you give it an IP, static or DHCP?
Do you protect it also with IPTABLE rules?

I'm just wondering, how do you implement this type of setup securely that protects both the host and the virtual firewall guest from the WAN-side?


Any advice you can give is appreciated!
 
Old 06-26-2017, 03:18 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,567

Rep: Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781Reputation: 2781
I would build a firewall vm machine and have two virtual nic's on it. Then I'd direct all internal to the green virtual nic. While you could use physical nic's on some systems and some vm's, it isn't needed.

Once you create a vm then you configure all the things that a physical machine would do. The only real different for the most part is how the virtual nic can attach to the host.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel-based Virtual Machine (KVM): Switching from KVM guest to host (e.g. Linux Mint) & maximize guest screen fanoflq Linux - Newbie 2 07-13-2016 07:10 PM
virtual networking with KVM johndoe777 Linux - Newbie 1 08-20-2014 05:23 PM
connecting to kvm virtual machine sanaz Linux - Virtualization and Cloud 1 10-06-2012 11:02 AM
KVM Virtual network mmajidi Linux - Virtualization and Cloud 6 01-28-2012 12:44 AM
xm top equivalent in KVM eyemole80 Linux - Virtualization and Cloud 5 01-13-2012 02:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud

All times are GMT -5. The time now is 11:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration