View previous topic :: View next topic |
Author |
Message |
bastibasti Guru
Joined: 27 Nov 2006 Posts: 586
|
Posted: Fri Sep 20, 2024 11:01 am Post subject: Looking for hints on KVM in DMZ on server |
|
|
Hi,
I am currently running a small webserver on a KVM on my gentoo server. It uses bridged networking, so the webserver (kvm-guest) has a local ip like any other client on the LAN.
Is it possible, to configure it somehow, that the KVM Guest has a kind of DMZ? so a theoretical intruder it is not able to access anything on the LAN? So basically I would port forward the 443 to the KVM HOST and somehow forward it to the KVM GUEST as the only networking path for the guest (web server)?
Any brainstorming ideas or a push into the right direction would be very welcome... I want to prevent building another server as standalone firewall, wasting more energy etc. |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22853
|
Posted: Fri Sep 20, 2024 3:03 pm Post subject: |
|
|
You could switch to NAT-based networking, at which point this is easy. I think you could do it with bridging and the right iptables setup, but that is a bit more complicated, in my opinion. |
|
Back to top |
|
|
bastibasti Guru
Joined: 27 Nov 2006 Posts: 586
|
Posted: Sat Sep 28, 2024 12:31 pm Post subject: |
|
|
thanks... I have switched setup... running the dmz externally on external hardware. I think its less of a headache |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22853
|
Posted: Sat Sep 28, 2024 6:27 pm Post subject: |
|
|
I meant do the NAT in Linux, on the host machine. However, if you have it working, there is no need to modify it further. |
|
Back to top |
|
|
|