Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Looking for hints on KVM in DMZ on server
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
bastibasti
Guru
Guru


Joined: 27 Nov 2006
Posts: 586

PostPosted: Fri Sep 20, 2024 11:01 am    Post subject: Looking for hints on KVM in DMZ on server Reply with quote

Hi,

I am currently running a small webserver on a KVM on my gentoo server. It uses bridged networking, so the webserver (kvm-guest) has a local ip like any other client on the LAN.

Is it possible, to configure it somehow, that the KVM Guest has a kind of DMZ? so a theoretical intruder it is not able to access anything on the LAN? So basically I would port forward the 443 to the KVM HOST and somehow forward it to the KVM GUEST as the only networking path for the guest (web server)?

Any brainstorming ideas or a push into the right direction would be very welcome... I want to prevent building another server as standalone firewall, wasting more energy etc.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22626

PostPosted: Fri Sep 20, 2024 3:03 pm    Post subject: Reply with quote

You could switch to NAT-based networking, at which point this is easy. I think you could do it with bridging and the right iptables setup, but that is a bit more complicated, in my opinion.
Back to top
View user's profile Send private message
bastibasti
Guru
Guru


Joined: 27 Nov 2006
Posts: 586

PostPosted: Sat Sep 28, 2024 12:31 pm    Post subject: Reply with quote

thanks... I have switched setup... running the dmz externally on external hardware. I think its less of a headache
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22626

PostPosted: Sat Sep 28, 2024 6:27 pm    Post subject: Reply with quote

I meant do the NAT in Linux, on the host machine. However, if you have it working, there is no need to modify it further.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum