Thanks for your response. Setting up macvtap is not a feasible solution
for our use case. Essentially our use case is that we have two VMs and
for security reasons we want to isolate these VMs as much as possible,
as they are handling potentially sensitive information. One of the VMs
acts as gateway with internet access, the other VM is used by the user.
Given that potentially sensitive information is flowing between the two
VMs, we want to prevent the host from being able to sniff on the traffic
between the two VMs. Is that possible in any way? If so, how can we
prevent the host to see traffic of the internal network?
On 20.07.24 19:59, Marc wrote:
> How to set up an internal network between two KVM network
interfaces
> while using static networking (avoiding dnsmasq) and while avoiding a
> host bridge interface (virbr)?
>
I am also not using any network config in libvirt. All hosts have same vlans and
interfaces and I just use a macvtap on these interfaces.
>
> * I would like to avoid the host `virbr2` interface. This is because
> ideally package sniffers on the host such as tshark / wireshark would be
> unable to see these packages following between an internal network
> between two VMs.
every macvtap is different interface you can easily tcpdump on.
> * dnsmasq on the host operating system or inside the VMs should also be
> avoided in favor of static IP addresses.
I have this also
--
Daniel Winzen
Steinkaulstr. 47
52070 Aachen
Germany
Web:
https://danwin1210.de/
E-Mail: daniel(a)danwin1210.de
Phone: +49 176 98819809
PGP-Key:
https://danwin1210.de/pgp.txt