[ovirt-users] ovirtmgmt network security
Luca 'remix_tj' Lorenzetto
lorenzetto.luca at gmail.com
Mon Oct 30 09:26:38 UTC 2017
On Mon, Oct 30, 2017 at 8:45 AM, Istvan Buki <buki.istvan at gmail.com> wrote:
> Hello,
>
> thank you for your patience for trying to let me see the light.
>
> Indeed I don't understand what you are explaining. Maybe if I give you more
> concrete details it will help.
>
> My internal network is 192.168.196.0
> My DMZ network is 192.168.188.0
>
> ovirt-engine is running on a centos server with IP 192.168.186.3
> ovirt host is on a centos server with IP 192.168.186.4
>
> On the host I created a VM that I want to be in the DMZ. When I created the
> VM, nic 1 was automatically added and is linked to the ovirtmgmt network.
> In the VM nic1 becomes eth0 and was assigned an IP address with DHCP
> 192.168.186.167.
>
> After that I added a host device to that VM using passthrough. This device
> is called ens7 in the VM and I gave IP 192.186.188.4.
> That device is directly connected to my physical DMZ switch and from there
> to the firewall.
> This part is OK.
>
> My problem is that through eth0 my VM has access to my internal network.
> Removing the device seems impossible because this is ovirtmgmt network.
> I can not change or remove the IP of my host because it would not be
> reachable anymore on my internal network.
>
> Maybe the solution is obvious but I can't see it. I'm running in circle with
> this problem and it makes me crazy.
>
Hi Istvan,
why are you using device passthrough?
Anyway. If you don't need the VM to access to ovirtmgmt, remove nic1.
As far as i can understand, you're directly communicating through DMZ.
Luca
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca at gmail.com>
More information about the Users
mailing list