[ovs-discuss] Isolated Network an NAT with open Vswitch

Scott Lowe scott.lowe at scottlowe.org
Mon Dec 1 17:20:11 UTC 2014


Please see my responses inline, prefixed by [SL].


On Dec 1, 2014, at 9:51 AM, michi_wirth at freenet.de wrote:

> Hey everybody,
>  
> at first, I am a newbie with Open Vswitch, but I have some experience with ESXi vswitch.
> But for my education, I have to create a bridge with some VM´s Connected.
> Actually the vm´s can ping each other, but they can ping also the KVM-Host - is it possible to disable this, because we want to scan with OpenVAS and it would be nice if we have a isolated network.


[SL] Welcome to the Open vSwitch community!

If I'm not mistaken, you should be able to achieve this using an OVS bridge that has no physical interfaces (an "isolated bridge"). VMs can connect to this OVS bridge and communicate with each other, but can't communicate with the outside world.


> Conflicting - sometimes we need connection to the internet from the vm´s such as for updates and would use a natter, is natting possible with openvswitch?
>  
> Thank you!


[SL] You could run a VM that is connected to 2 different bridges (one that is isolated with no physical interfaces and one that has at least one physical interface) and have that VM perform NAT/firewalling. I'm sure there are other approaches as well, but that's one way of doing it.

Good luck!

-- 
Scott




More information about the discuss mailing list