June 24, 2011

KVM network bridge iptables question

I have a Linux server that hosts KVM virtual machines.

eth0 for local network traffic has a static IP and has virtual bridge vbr0 for KVM virtual machines to use for local traffic

eth1 is setup with virtual bridge vbr1 only and doesn't have any IP, vbr1 is used to provide public interface to a KVM running a firewall distro. This firewall distro has the public IP address and also a private IP address on vbr0 that is the default gateway for all my other KVMs.

So my question: With eth1 not having an IP addresss are there any iptable rules that need to be setup on eth1 on the real server to protect from hacking attempts and are there any ways for people to gain access to the real host thru eth1 with it not having an IP?


Click Here!