[fedora-virt] Isolate KVM from LAN, but not WAN?
Laine Stump
laine at laine.org
Sun Mar 16 17:48:30 UTC 2014
On 03/15/2014 01:40 PM, Tom Horsley wrote:
> I came up with a nifty way to do this using VLANs, in
> my router, but my new router doesn't support VLANs,
> so I keep thinking I really ought to be able to do this
> with iptables, but nothing I try seems to work.
>
> Here's my old technique:
>
> http://home.comcast.net/~tomhorsley/game/isolate.html
>
> Now I need to figure out some way to make everything
> run on the host without any help from the router.
>
> Any ideas?
I haven't worked through the details, but it seems like this should be
fairly straightforward to do with libvirt's nwfilter rules:
http://libvirt.org/formatnwfilter.html
> Am I going to have to run a 2nd virtual machine just
> to serve as a "router" for the isolated machine
> and block all local lan traffic inside the 2nd VM
> (I'm pretty sure I could get that to work, but it
> seems like a lot bigger hammer than I ought to need :).
and I don't think you could get much more control than you would using
nwfilter.
More information about the virt
mailing list