I've been trying to figure out how to make a virtual machine that has network access to the outside world, but not to any machines on my local LAN.
This seems like something that would be an FAQ, but I can't find anything quite like it in any examples. This is sort of a continuation of a thread in the fedora users list where specific details of my setup can be found: http://lists.fedoraproject.org/pipermail/users/2011-December/411283.html Unfortunately, none of the answers I got there actually seem to work. I can still ping things on my LAN from inside the virtual machine I'm trying to isolate. I figured maybe the virt list might have someone who has done something like this. I tried making a new bridge, with no physical interface attached. I can indeed make the virtual machine connect to it, and it has absolutely no access to any networking until I setup NAT in the iptables, at which point it has access to both the outside world, and my local LAN via the magic of NAT. This seems to prove that the host machine can both prevent networking from operating in the virtual machine or allow networking, so you'd think there would be a middle ground somewhere where I could have NAT working to get to the outside world, but not working to get to machines on my LAN. Unfortunately, nothing I've tried with iptables or ebtables has worked. My only two alternatives seem to be full network access, or no network access at all :-(. I don't insist on using NAT and a bridge, that was just what I thought of. If there is another way to achieve this, feel free to point me in a different direction. Thanks for any help you can provide (this seemed like it ought to be so simple :-). _______________________________________________ virt mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/virt
