Drop vibr to eth0

Kernels, Network, and Services configuration
Post Reply
Message
Author
cherrylady88
Posts: 5
Joined: 2021-07-17 15:48

Drop vibr to eth0

#1 Post by cherrylady88 »

Hello I want that my vibr adapter from my kvm only communicates with tun0 on my host, I want to drop all connections between eth0 and vibr, what do I need to write in iptables or UFW firewall to do this?

arochester
Global Moderator
Global Moderator
Posts: 2015
Joined: 2010-12-07 19:55
Has thanked: 1 time
Been thanked: 2 times

Re: Drop vibr to eth0

#2 Post by arochester »

"vibr adapter" ?

CwF
Posts: 1124
Joined: 2018-06-20 15:16
Has thanked: 1 time
Been thanked: 4 times

Re: Drop vibr to eth0

#3 Post by CwF »

arochester wrote: 2021-07-17 16:53 "vibr adapter" ?
The virtual network started for kvm?
I read the question, don't get it, I'm tired...
OP, be more clear. Typically when guest eth0 is bridged on guest eth0, they don't communicate.
Maybe you want them to? You shouldn't.

"vibr" if I'm following, is for multiple vm's all bridged on their eth0's on host eth0 to communicate with each other, not the host. There are other channels to use between guest and host, spice and virtiofs, and many older ways.


cherrylady88
Posts: 5
Joined: 2021-07-17 15:48

Re: Drop vibr to eth0

#5 Post by cherrylady88 »

arochester wrote: 2021-07-17 16:53 "vibr adapter" ?
Virbr and vnet is starting when kvm is starting, I want that my vm only uses the hosts vpn tun0 adapter, the problem is it doenst when the openvpn connection drops it just bridges the connection to eth0, I want to prevent this.

cherrylady88
Posts: 5
Joined: 2021-07-17 15:48

Re: Drop vibr to eth0

#6 Post by cherrylady88 »

CwF wrote: 2021-07-17 17:07
arochester wrote: 2021-07-17 16:53 "vibr adapter" ?
The virtual network started for kvm?
I read the question, don't get it, I'm tired...
OP, be more clear. Typically when guest eth0 is bridged on guest eth0, they don't communicate.
Maybe you want them to? You shouldn't.

"vibr" if I'm following, is for multiple vm's all bridged on their eth0's on host eth0 to communicate with each other, not the host. There are other channels to use between guest and host, spice and virtiofs, and many older ways.
No, I dont want them to communicate, I want that the VM adapter only communicates with hosts tun0 adapter on the VPN tunnel. The problem is when the VPN has connection issues, the VM connects to the internet directly through eth0, and bridges the tun0 adapter, I hope you understand what I want to ask, my english is not that good.


CwF
Posts: 1124
Joined: 2018-06-20 15:16
Has thanked: 1 time
Been thanked: 4 times

Re: Drop vibr to eth0

#8 Post by CwF »

There are virtual adapters and physical.
Is it the case that 'tun0' is a virtual instance running on the physical eth0?
Then when the virtual instance quits, you are left with physical eth0...

The solution would not be an iptables rule but a hardware or naming rule, and I can't think through it...
The guest can't know what mode your host eth0 is in. You need routes that don't vary, so another nic to connect to a vpn handling vm that when down, is down.

cherrylady88
Posts: 5
Joined: 2021-07-17 15:48

Re: Drop vibr to eth0

#9 Post by cherrylady88 »

CwF wrote: 2021-07-20 15:20 There are virtual adapters and physical.
Is it the case that 'tun0' is a virtual instance running on the physical eth0?
Then when the virtual instance quits, you are left with physical eth0...

The solution would not be an iptables rule but a hardware or naming rule, and I can't think through it...
The guest can't know what mode your host eth0 is in. You need routes that don't vary, so another nic to connect to a vpn handling vm that when down, is down.
yes the tun0 is a virtual openvpn adapter with a killswitch function in iptables, my problem is the killswitch only works for the host machine but not for the VM, if the connection on tun0 has a disconnect, the VM adapter connects/bridges to eth0, thats what I want to prevent, I want that there is no connection between eth0 and the VM adapter, just between tun0 and VM adapter.

Post Reply