[fedora-virt] Any examples for virtual machines inside a DMZ?
Richard W.M. Jones
rjones at redhat.com
Tue May 10 15:45:19 UTC 2011
On Sat, May 07, 2011 at 07:04:12PM -0400, Tom Horsley wrote:
> I've currently got all my virtual machines networked
> using the br0 bridge to make them all look like they
> are just other machines on my LAN, all in the same
> subnet, all using the same gateway, DHCP server, etc.
>
> What I'd like to do (for purposes of paranoia),
> is something like create another bridge, say br1,
> and through the magic of iptables and wot-not
> make any virtual machines I attach to br1 be
> completely isolated from my local LAN, but still
> get their network traffic forwarded so they
> can talk to the outside world.
>
> I know just enough to imagine this might be possible,
> yet have no idea how to implement any of the
> details. Are there any detailed prescriptions
> out there for doing this kind of thing?
It should be possible using libvirt, without needing to fiddle with
iptables etc (or rather, libvirt will do that for you).
You need to create another virtual network in libvirt and then change
your current guests' <interface><source network='default'/> from
'default' to whatever you decide to call your new network.
This is a good place to start:
http://libvirt.org/formatnetwork.html#examples
and also:
# virsh net-dumpxml default
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the virt
mailing list