VLAN QEMU Hypervisor bridge without host ip

Wulf

12/10/22, 10:26 AM

I'm using debian 10 with kvm/qemu as hypervisor. You can ignore the bond...

I created X VLAN Tagged and created a bridge on that tagged vlan.

auto bond0
iface bond0 inet manual
        slaves eno1 eno2
        bond-mode 4

auto bond0.10
iface bond0.10 inet manual
        vlan-raw-device bond0

auto br10
iface br10 inet static
        address 192.168.10.2
        gateway 192.168.10.1
        netmask 255.255.255.0
        bridge_ports bond0.10
        bridge_stp off

The problem is now, that through this "design", the guest cannot access the host... What would be an better design? I want to have following design

Gatway 192.168.10.1 - Host - Guest 192.168.10.10

So there is no way the guest can access to host.

Currently its like:

Gatway 192.168.10.1 - Host 192.168.10.2 - Guest 192.168.10.10

Is there a "better" thing as only to deny via firewall?

Is vSwitch an idea?

0 + 5

vlan

libvirt

qemu

kvm-virtualization

Michael Hampton

12/11/22, 1:12 PM

OK now it makes sense. But you have used a bridge and so your VMs are literally on the same network segment as the host. The way you prevent access is with your host firewall, the same as for any other machine.

Wulf

12/12/22, 9:27 AM

@MichaelHampton I updated my question. Would be nice if you can give a look....

Nikita Kipriyanov

12/12/22, 10:56 AM

What did you mean by several different systems (gateway and guest) having same IP address (`192.168.10.1`) inside a single Ethernet segment? How it supposed to work?

Wulf

12/12/22, 11:00 AM

@NikitaKipriyanov Each guest should be in a VLAN ID X (192.168.X.10) and Gateway has a address for each vlan. But I want to tag the vlan in the host so that the guest has untagged vlan

Nikita Kipriyanov

12/12/22, 11:06 AM

Fix the question then. Now it is very misleading, specifying the same address .1 for both.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: VLAN QEMU Hypervisor bridge without host ip

TH: VLAN QEMU Hypervisor bridge without host ip

RO: VLAN QEMU Hypervisor bridge without host ip

RU: VLAN QEMU Hypervisor bridge without host ip

VI: VLAN QEMU Hypervisor bridge without host ip

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.