I know that with the virsh command I can create several types of networks (a "NAT network", for example) as we can see in these URLs...

KVM network management
KVM default NAT-based networking (page 33)

QUESTION: How can I create a network (lan_n) where only guests/VMs have connectivity, with no outbound connectivity and no host/hypervisor connectivity?

NOTE: The connectivity to other resources will be provided by a pfSense firewall server that will have access to another network (wan_n) with outbound connectivity and other resources.

Network layout...

                [N]wan_n
                 ↕
                [I]wan_n
            [V]pfsense_vm
                [I]lan_n
                 ↕
                [N]lan_n
                 ↕
   .............................
   ↕             ↕             ↕
  [V]some_vm_0  [V]some_vm_1  [V]some_vm_4
                [V]some_vm_2  [V]some_vm_5
                [V]some_vm_3

 _ [N] - Network;
 _ [I] - Network Interface;
 _ [V] - Virtual Machine.

Thanks! =D

ORIGINAL QUESTION: https://serverfault.com/q/1066478/276753

Eduardo Lúcio

Tecnologia, Desenvolvimento e Software Livre

LightBase Consultoria em Software Público

eduardo.lucio@lightbase.com.br

+55-61-3347-1949 - http://brlight.org - Brasil-DF

Software livre! Abrace essa idéia!

"Aqueles que negam liberdade aos outros não a merecem para si mesmos."

Abraham Lincoln