[fedora-virt] Any examples for virtual machines inside a DMZ?

Tom Horsley horsley1953 at gmail.com
Sat May 7 23:04:12 UTC 2011

I've currently got all my virtual machines networked
using the br0 bridge to make them all look like they
are just other machines on my LAN, all in the same
subnet, all using the same gateway, DHCP server, etc.

What I'd like to do (for purposes of paranoia),
is something like create another bridge, say br1,
and through the magic of iptables and wot-not
make any virtual machines I attach to br1 be
completely isolated from my local LAN, but still
get their network traffic forwarded so they
can talk to the outside world.

I know just enough to imagine this might be possible,
yet have no idea how to implement any of the
details. Are there any detailed prescriptions
out there for doing this kind of thing?

