[virt-tools-list] [libvirt-users] Virt-manager: Restricted networks

Laine Stump laine at redhat.com
Tue Oct 2 14:43:12 UTC 2018


On 10/02/2018 09:53 AM, Cole Robinson wrote:
> On 10/02/2018 08:50 AM, Olivier Léobal wrote:
>> Hello,
>>
>> 'Isolated' networks created in VMM (I’m running 1.4.3) still connect
>> to the host (as gateway). Is it possible to avoid this? It is my
>> understanding that QEMU provides a 'restrict' option for that, but I
>> don't understand it well, and can’t find it in VMM.
>>
> 
> ccing libvirt-users
> 
> That's expected of isolated mode, according to this:
> 
> https://wiki.libvirt.org/page/VirtualNetworking#Isolated_mode
> 
> I'm not sure if/how to go about creating a network that only VMs can
> communicate on

If you want a network that doesn't even allow connections between the
host and the guests, then you won't want DNS or DHCP running on the host
for that network either, and for that matter, you will want the host to
not have any IP address for that network. (Of course in this case the
guests on the network will need to have their IP addresses statically
configured, or you'll need to run your own dhcp server on one of the
guests).

If that is what you want, then you want a network declared like this:


<network>
  <name>reallyisolated</name>
</network>

This will setup a bridge that has no IP address on the host, no DHCP
server, and no DNS server, but the guests will still be able to
communicate among themselves.

If you want the host to handle dhcp requests from the guests, but not
allow any traffic, then you can add in an IP address with a <dhcp>
section, but configure the firewall of the host to reject all traffic on
the bridge interface other than dhcp; guests will still be able to
communicate with each other.




More information about the virt-tools-list mailing list