Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

How do you prevent a VM using other's IP, if you don't have your own router
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How do you prevent a VM using other's IP, if you don't have your own router

dnwkdnwk Member
edited February 2014 in Help

How do you prevent a VM using other's IP, if you don't have your own router?
I am trying to sell some VM on Proxmox(KVM). But I realized that I don't have a way to prevent someone configure other's ip on their box. Shall I tell my provider to bind MAC address? If that's the case, I won't be able to do auto provision.

Comments

  • fileMEDIAfileMEDIA Member

    Take a look at ebtables.

  • FrankZFrankZ Veteran

    @fileMEDIA said:
    Take a look at ebtables.

    A good suggestion ....

  • ChumbiChumbi Member

    Libvirsh can automatically set ebtables for you via filters. For instance:

    virsh edit vm1
    .
    .

    <interface type='bridge'> <mac address='52:54:00:ad:c7:da'/> <source bridge='vmbr1'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.4.20.1'/> </filterref> </interface>

    This will restrict the VM's ip to work with 10.4.20.1 only.

    FWIW, also make sure to disable netfilter on the bridge for security and performance (http://ebtables.sourceforge.net/misc/brnf-faq.html).

  • dnwkdnwk Member

    @Chumbi said:
    Libvirsh can automatically set ebtables for you via filters. For instance:

    virsh edit vm1
    .
    .

    <interface type='bridge'> <mac address='52:54:00:ad:c7:da'/> <source bridge='vmbr1'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.4.20.1'/> </filterref> </interface>

    This will restrict the VM's ip to work with 10.4.20.1 only.

    FWIW, also make sure to disable netfilter on the bridge for security and performance (http://ebtables.sourceforge.net/misc/brnf-faq.html).

    So, I need to update that configure every time when I provision a new VM?

  • ChumbiChumbi Member

    @dnwk said:
    So, I need to update that configure every time when I provision a new VM?

    Well, if you are using a gui (rather than doing it via virsh), such as Proxmox, and if that gui doesn't have any settings allowing to automate this process, then yes, you'd have to configure it every time manually.

  • dnwkdnwk Member
    edited February 2014

    @Chumbi said:
    Well, if you are using a gui (rather than doing it via virsh), such as Proxmox, and if that gui doesn't have any settings allowing to automate this process, then yes, you'd have to configure it every time manually.

    I saw blesta has a module that work with Proxmox. That's how I plan to do.

  • ChumbiChumbi Member

    I don't know about Blesta nor about Proxmox. I prefer doing things manually - I suggest you study the command line tool virsh. Then you could perhaps write a script that helps you in the process of restricting IPs for Vms.

  • dnwkdnwk Member

    @Chumbi said:
    I don't know about Blesta nor about Proxmox. I prefer doing things manually - I suggest you study the command line tool virsh. Then you could perhaps write a script that helps you in the process of restricting IPs for Vms.

    Does SolusVM do that?

  • Awmusic12635Awmusic12635 Member, Host Rep

    SolusVM does have checkbox to tick to lockdown IPs. They call it IP stealing

Sign In or Register to comment.