Re: How can I create a VM in virt-manager that can access the internet through the host but can't even see the host or other devices on the LAN?
On Fri, May 17, 2024 at 11:25 AM Michal Prívozník <mprivozn(a)redhat.com> wrote:
On 5/17/24 14:21, Anchal Nigam wrote:
> I don't have a router that I can create custom rules to block things. I was
hoping there would be a way to do this entirely on the host but it doesn't look like
it is possible.
>
macvtap IS purely host thing. No need to set anything on the router. In
fact, you'd need a special switch if you wanted two guests using macvtap
on the same host to talk to each other (it's called hairpinning).
Michal
If it was my setup I would
- Create an internal network for these test guests
- Connect the network to the router using a vlan or a specific
network/30 with a route definition on the vm server. Ideally you could
then say in said router that any traffic coming from network/30 goes
straight outside.