1:11 p.m.
We do have certain VLANs that all the VMs need as of now, we will be able to do this at
some point but I need a solution until then.
On 16. Mar 2020, at 11:08, Staniforth, Paul
<P.Staniforth(a)leedsbeckett.ac.uk> wrote:
Can't you put then on separate VLANs?
Regards,
Paul S.
From: Hendrik Peyerl <hpeyerl(a)plusline.net>
Sent: 16 March 2020 09:24
To: users(a)ovirt.org <users(a)ovirt.org>
Subject: [ovirt-users] Client separation on bridge level
Caution External Mail: Do not click any links or open any attachments unless you trust
the sender and know that the content is safe.
Hello everyone,
is there a way to seperate the traffic between VMs on the same bridge on one oVirt-node
with built-in tools from ovirt? We have VMs using the same bridge which should never be
able to talk to each other.
We are currently using ebtables for that, but its not working very good anymore now that
we upgraded to 4.3 with firewalld.
Any suggestions would be greatly appreciated.
Best regards,
Hendrik
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
oVirt Code of Conduct:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
List Archives:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o...
To view the terms under which this email is distributed, please go to:-
http://leedsbeckett.ac.uk/disclaimer/email/
4:08 p.m.
New subject: Client separation on bridge level
Look at Network Filters in the vNIC profile for the network. I haven't tested it but
there is one called clean-traffic-gateway, which I believe allows only communication
between a VM and the designated gateway.
---- On Mon, 16 Mar 2020 10:11:57 +0000 Hendrik Peyerl <hpeyerl(a)plusline.net> wrote
----
We do have certain VLANs that all the VMs need as of now, we will be able to do this at
some point but I need a solution until then.
On 16. Mar 2020, at 11:08, Staniforth, Paul
<mailto:P.Staniforth@leedsbeckett.ac.uk> wrote:
Can't you put then on separate VLANs?
Regards,
Paul S.
From: Hendrik Peyerl <mailto:hpeyerl@plusline.net>
Sent: 16 March 2020 09:24
To: mailto:users@ovirt.org <mailto:users@ovirt.org>
Subject: [ovirt-users] Client separation on bridge level
Caution External Mail: Do not click any links or open any attachments unless you trust
the sender and know that the content is safe.
Hello everyone,
is there a way to seperate the traffic between VMs on the same bridge on one oVirt-node
with built-in tools from ovirt? We have VMs using the same bridge which should never be
able to talk to each other.
We are currently using ebtables for that, but its not working very good anymore now that
we upgraded to 4.3 with firewalld.
Any suggestions would be greatly appreciated.
Best regards,
Hendrik
_______________________________________________
Users mailing list -- mailto:users@ovirt.org
To unsubscribe send an email to mailto:users-leave@ovirt.org
Privacy Statement:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
oVirt Code of Conduct:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
List Archives:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o...
To view the terms under which this email is distributed, please go to:-
http://leedsbeckett.ac.uk/disclaimer/email/
_______________________________________________
Users mailing list -- mailto:users@ovirt.org
To unsubscribe send an email to mailto:users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4AZJIDGF5VR...
5:27 a.m.
New subject: Client separation on bridge level
Thank you for this, I think we can work with this solution (if it works) for most VLANs.
We also have a different case where we have the VMs in a Layer2 VLAN for NFS Shares from a
Storage Pool with no gateways, do you guys maybe have an idea how to seperate those VMs?
Thanks,
Hendrik
On 16. Mar 2020, at 14:08, Alan G <alan+ovirt(a)griff.me.uk>
wrote:
Look at Network Filters in the vNIC profile for the network. I haven't tested it but
there is one called clean-traffic-gateway, which I believe allows only communication
between a VM and the designated gateway.
---- On Mon, 16 Mar 2020 10:11:57 +0000 Hendrik Peyerl <hpeyerl(a)plusline.net> wrote
----
We do have certain VLANs that all the VMs need as of now, we will be able to do this at
some point but I need a solution until then.
> On 16. Mar 2020, at 11:08, Staniforth, Paul <P.Staniforth(a)leedsbeckett.ac.uk>
wrote:
>
> Can't you put then on separate VLANs?
>
>
> Regards,
> Paul S.
> From: Hendrik Peyerl <hpeyerl(a)plusline.net>
> Sent: 16 March 2020 09:24
> To: users(a)ovirt.org <users(a)ovirt.org>
> Subject: [ovirt-users] Client separation on bridge level
>
> Caution External Mail: Do not click any links or open any attachments unless you
trust the sender and know that the content is safe.
>
> Hello everyone,
>
> is there a way to seperate the traffic between VMs on the same bridge on one
oVirt-node with built-in tools from ovirt? We have VMs using the same bridge which should
never be able to talk to each other.
>
> We are currently using ebtables for that, but its not working very good anymore now
that we upgraded to 4.3 with firewalld.
>
> Any suggestions would be greatly appreciated.
>
> Best regards,
> Hendrik
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
> oVirt Code of Conduct:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
> List Archives:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o...
> To view the terms under which this email is distributed, please go to:-
> http://leedsbeckett.ac.uk/disclaimer/email/
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/4AZJIDGF5VR...
1710
days inactive
1712
days old
2 comments
2 participants
participants (2)
-
Alan G -
Hendrik Peyerl