[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: networking with virtual machine

Neal Murphy <neal.p.murphy@alum.wpi.edu> writes:

> On Tuesday, September 18, 2012 05:59:47 PM lee wrote:
>> Neal Murphy <neal.p.murphy@alum.wpi.edu> writes:
>> > So yes, if you want 'real' networking, you'll need bridges and taps.
>> 
>> Thank you, I'll have to look into taps then.
>> 
>> Do you think it's a good idea to just create a bridge device with the
>> unused eth0 for this?  I could leave eth1 as is and would basically only
>> have to add a zone and appropriate policy and rules in the shorewall
>> configuration.
>
> If that is the only firewall method you have then yes, enable forwarding, add 
> the bridge to a second shorewall zone, and add iptables rules that drop, 
> reject, allow and deny traffic as you desire. All of your VMs can easily be 
> tapped into the bridge.

The router has a firewall and I'm running shorewall on the host behind
that.  It should be save enough, and it gives me some things like
traffic shaping which the router doesn't do.  I'm not doing firewall
testing and like to keep things simple.

So now I know which way to go and what to read about, thanks :)


-- 
Debian testing amd64
Reply to: