On Mon, Oct 30, 2017 at 8:45 AM, Istvan Buki <buki.istvan@gmail.com> wrote:
> Hello,
>
> thank you for your patience for trying to let me see the light.
>
> Indeed I don't understand what you are explaining. Maybe if I give you more
> concrete details it will help.
>
> My internal network is 192.168.196.0
> My DMZ network is 192.168.188.0
>
> ovirt-engine is running on a centos server with IP 192.168.186.3
> ovirt host is on a centos server with IP 192.168.186.4
>
> On the host I created a VM that I want to be in the DMZ. When I created the
> VM, nic 1 was automatically added and is linked to the ovirtmgmt network.
> In the VM nic1 becomes eth0 and was assigned an IP address with DHCP
> 192.168.186.167.
>
> After that I added a host device to that VM using passthrough. This device
> is called ens7 in the VM and I gave IP 192.186.188.4.
> That device is directly connected to my physical DMZ switch and from there
> to the firewall.
> This part is OK.
>
> My problem is that through eth0 my VM has access to my internal network.
> Removing the device seems impossible because this is ovirtmgmt network.
> I can not change or remove the IP of my host because it would not be
> reachable anymore on my internal network.
>
> Maybe the solution is obvious but I can't see it. I'm running in circle with
> this problem and it makes me crazy.
>

Hi Istvan,

why are you using device passthrough?

Anyway. If you don't need the VM to access to ovirtmgmt, remove nic1.
As far as i can understand, you're directly communicating through DMZ.