I have a set of public IPs for virtual machines. Each unique public IP is to be assigned to a unique guest. With bridged networking I share eth0 with KVM machines.
The ifcfg-eth0 file has configuration:
DEVICE=eth0 ONBOOT=yes BRIDGE=br0 HWADDR=b8:ac:6f:65:31:e5 DNS1=8.8.8.8 TYPE=EthernetThe ifcfg-br0 file has configuration:
DEVICE=br0 TYPE=Bridge BOOTPROTO=static ONBOOT=yes IPADDR=121.33.7.1 GATEWAY=121.33.7.0 NETMASK=255.255.255.0 DELAY=0 DNS1=8.8.8.8I use the default libvirt network file, a bridge summary returns
bridge name bridge id STP enabled interfaces br0 8000.705240103540 no eth0 virtual-machine-0 virtual-machine-1 virtual-machine-2 virtual-machine-3It works fine for guest with both incoming connections and outgoing connections. But the problem with the configuration is that if a guest changes his network file in vm with another availabe public ip, he would be able to obtain the ip that isn’t originally assigned to his vm. How to assign a particular public ip to a guest network interface?
Answer
Just found the right way to do it. Add a etables reule so that the vm guest that has interface virtual-machine-0 can use ip 121.33.7.5 only.
ebtables -A FORWARD -i virtual-machine-0 -p IPv4 --ip-src ! 121.33.7.5 -j DROP
Attribution
Source : Link , Question Author : Purres , Answer Author : Purres
