0

I'm using debian 10 with kvm/qemu as hypervisor. You can ignore the bond...

I created X VLAN Tagged and created a bridge on that tagged vlan. 

auto bond0
iface bond0 inet manual
        slaves eno1 eno2
        bond-mode 4

auto bond0.10
iface bond0.10 inet manual
        vlan-raw-device bond0

auto br10
iface br10 inet static
        address 192.168.10.2
        gateway 192.168.10.1
        netmask 255.255.255.0
        bridge_ports bond0.10
        bridge_stp off

The problem is now, that through this "design", the guest cannot access the host... What would be an better design? I want to have following design

Gatway 192.168.10.1 - Host - Guest 192.168.10.10

So there is no way the guest can access to host.

Currently its like:

Gatway 192.168.10.1 - Host 192.168.10.2 - Guest 192.168.10.10

Is there a "better" thing as only to deny via firewall?

Is vSwitch an idea?

Wulf
  • 69
  • 7
  • OK now it makes sense. But you have used a bridge and so your VMs are literally on the same network segment as the host. The way you prevent access is with your host firewall, the same as for any other machine. – Michael Hampton Aug 11 '21 at 13:12
  • @MichaelHampton I updated my question. Would be nice if you can give a look.... – Wulf Aug 12 '21 at 09:27
  • What did you mean by several different systems (gateway and guest) having same IP address (`192.168.10.1`) inside a single Ethernet segment? How it supposed to work? – Nikita Kipriyanov Aug 12 '21 at 10:56
  • @NikitaKipriyanov Each guest should be in a VLAN ID X (192.168.X.10) and Gateway has a address for each vlan. But I want to tag the vlan in the host so that the guest has untagged vlan – Wulf Aug 12 '21 at 11:00
  • 1
    Fix the question then. Now it is very misleading, specifying the same address .1 for both. – Nikita Kipriyanov Aug 12 '21 at 11:06

0 Answers0