10:41 a.m.
How to set up an internal network between two KVM network interfaces
while using static networking (avoiding dnsmasq) and while avoiding a
host bridge interface (virbr)?
Currently I am using this for the network.
<network>
<name>Internal</name>
<bridge name='virbr2' stp='on' delay='0'/>
</network>
And then for the VM.
<interface type='network'>
<source network='Internal'/>
<model type='virtio'/>
<driver name='qemu'/>
</interface>
* I would like to avoid the host `virbr2` interface. This is because
ideally package sniffers on the host such as tshark / wireshark would be
unable to see these packages following between an internal network
between two VMs.
* SLIRP should be avoided due to past security issues. [1]
* dnsmasq on the host operating system or inside the VMs should also be
avoided in favor of static IP addresses.
By comparison, this is possible in VirtualBox. [2]
Is that possible with KVM too? Could you please show an example
configuration file on how to accomplish that?
[1] CVE-2019-6778
[2] VirtualBox has this capability. VirtualBox can have an internal
network using static networking. No vibr bridge interfaces can be seen
on the host operating system. And VM to VM internal traffic is not
visible to package analyzers on the host operating system either.
Regards,
Daniel
--
Daniel Winzen
Steinkaulstr. 47
52070 Aachen
Germany
Web: https://danwin1210.de/
E-Mail: daniel(a)danwin1210.de
Phone: +49 176 98819809
PGP-Key: https://danwin1210.de/pgp.txt
12:59 p.m.
New subject: KVM static internal networking without host bridge interface
(virbr)
How to set up an internal network between two KVM network
interfaces
while using static networking (avoiding dnsmasq) and while avoiding a
host bridge interface (virbr)?
I am also not using any network config in libvirt. All hosts have same vlans and
interfaces and I just use a macvtap on these interfaces.
* I would like to avoid the host `virbr2` interface. This is because
ideally package sniffers on the host such as tshark / wireshark would be
unable to see these packages following between an internal network
between two VMs.
every macvtap is different interface you can easily tcpdump on.
* dnsmasq on the host operating system or inside the VMs should also
be
avoided in favor of static IP addresses.
I have this also
11:58 a.m.
New subject: KVM static internal networking without host bridge interface
(virbr)
Thanks for your response. Setting up macvtap is not a feasible solution
for our use case. Essentially our use case is that we have two VMs and
for security reasons we want to isolate these VMs as much as possible,
as they are handling potentially sensitive information. One of the VMs
acts as gateway with internet access, the other VM is used by the user.
Given that potentially sensitive information is flowing between the two
VMs, we want to prevent the host from being able to sniff on the traffic
between the two VMs. Is that possible in any way? If so, how can we
prevent the host to see traffic of the internal network?
On 20.07.24 19:59, Marc wrote:
> How to set up an internal network between two KVM network
interfaces
> while using static networking (avoiding dnsmasq) and while avoiding a
> host bridge interface (virbr)?
>
I am also not using any network config in libvirt. All hosts have same vlans and
interfaces and I just use a macvtap on these interfaces.
>
> * I would like to avoid the host `virbr2` interface. This is because
> ideally package sniffers on the host such as tshark / wireshark would be
> unable to see these packages following between an internal network
> between two VMs.
every macvtap is different interface you can easily tcpdump on.
> * dnsmasq on the host operating system or inside the VMs should also be
> avoided in favor of static IP addresses.
I have this also
--
Daniel Winzen
Steinkaulstr. 47
52070 Aachen
Germany
Web: https://danwin1210.de/
E-Mail: daniel(a)danwin1210.de
Phone: +49 176 98819809
PGP-Key: https://danwin1210.de/pgp.txt
12:58 p.m.
New subject: KVM static internal networking without host bridge interface
(virbr)
Given that potentially sensitive information is flowing between the two
VMs, we want to prevent the host from being able to sniff on the traffic
between the two VMs. Is that possible in any way? If so, how can we
prevent the host to see traffic of the internal network?
So why not have ipsec traffic between both? I think this is the only thing you can do
against sniffing from the host. Although I don't really get if you can ever secure
guests against their hosts.
94
days inactive
106
days old
3 comments
2 participants
participants (2)
-
Daniel -
Marc