i want to be able to access my KVMs from the host via a private network for emergencies, so i created a vmbr2 and added a second interface on the VMs with a private ip address.
# for LAN
auto vmbr2
iface vmbr2 inet static
address 172.16.0.1
netmask 255.255.255.0
broadcast 172.16.0.255
bridge_ports dummy0
bridge_stp off
bridge_fd 0
this works and i can access the vm via 172.16.0.x
but if you are inside a vm you can ping, sniff or potentially access other VMs and the host too, i think this is insecure so i need a way that the VMs don't see each other, only the host be able to access via private network.
i think maybe iptables could do this but i don't really know how so any tips would be appreciated :)
# for LAN
auto vmbr2
iface vmbr2 inet static
address 172.16.0.1
netmask 255.255.255.0
broadcast 172.16.0.255
bridge_ports dummy0
bridge_stp off
bridge_fd 0
this works and i can access the vm via 172.16.0.x
but if you are inside a vm you can ping, sniff or potentially access other VMs and the host too, i think this is insecure so i need a way that the VMs don't see each other, only the host be able to access via private network.
i think maybe iptables could do this but i don't really know how so any tips would be appreciated :)