New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you prevent a VM using other's IP, if you don't have your own router
How do you prevent a VM using other's IP, if you don't have your own router?
I am trying to sell some VM on Proxmox(KVM). But I realized that I don't have a way to prevent someone configure other's ip on their box. Shall I tell my provider to bind MAC address? If that's the case, I won't be able to do auto provision.
Comments
Take a look at ebtables.
A good suggestion ....
Libvirsh can automatically set ebtables for you via filters. For instance:
virsh edit vm1
.
.
<interface type='bridge'> <mac address='52:54:00:ad:c7:da'/> <source bridge='vmbr1'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.4.20.1'/> </filterref> </interface>
This will restrict the VM's ip to work with 10.4.20.1 only.
FWIW, also make sure to disable netfilter on the bridge for security and performance (http://ebtables.sourceforge.net/misc/brnf-faq.html).
So, I need to update that configure every time when I provision a new VM?
Well, if you are using a gui (rather than doing it via virsh), such as Proxmox, and if that gui doesn't have any settings allowing to automate this process, then yes, you'd have to configure it every time manually.
I saw blesta has a module that work with Proxmox. That's how I plan to do.
I don't know about Blesta nor about Proxmox. I prefer doing things manually - I suggest you study the command line tool virsh. Then you could perhaps write a script that helps you in the process of restricting IPs for Vms.
Does SolusVM do that?
SolusVM does have checkbox to tick to lockdown IPs. They call it IP stealing