Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Virtual firewall on top of KVM

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
aquilares
Posts: 9
Joined: 2017-06-26 07:49

Virtual firewall on top of KVM

#1 Post by aquilares »

Hello,

I plan on running a dedicated firewall distro, but I want to run it in a KVM VM.


I have a machine with 2 NIC's, which I intend to assign to WAN and LAN. However, both NIC's do not support VT-d, so PCI-passthrough is a big no-go.
Therefore, I had the setup in mind of using a macvtap in private mode for the WAN-interface and a standard bridge for the LAN-interface.

I was just wondering: what do I do with that WAN-interface? Let's say it's called eth0 and there's a macvtap in private mode linked to it, which gets the firewall WAN interface assigned.
How do you configure the eth0-interface itself in the linux host? Do you set it to manual mode, thereby not assigning it an IP?
Do you give it an IP, static or DHCP?
Do you protect it also with IPTABLE rules?

I'm just wondering, how do you implement this type of setup securely that protects both the host and the virtual firewall guest from the WAN-side?


Any advice you can give is appreciated!

Post Reply