Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
torr20092014-12-15 11:41:22
Virtualization
torr2009, 2014-12-15 11:41:22

Disable both routing through host and guest machines running proxmox ve?

How to disable routing through host and guest machines running proxmox ve?
During the inspection of the local network, it turned out that the proxmox hypervisor by default sends packets to the external network, that is, it works as a gateway in the local network (through its own gateway).
All Linux virtual machines (both KVM and OpenVZ) are also routers.
What is the right way to disable it? Given that the Proxmox hypervisor must have access to the Internet and virtual machines must have access to the Internet and to each other?
As it turned out, Dlink DPH-150S VoIP phones, already known for their "security", have the same feature.
Below are the settings used:
route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.9     *               255.255.255.255 UH    0      0        0 venet0
192.168.1.0     *               255.255.255.0   U     0      0        0 vmbr0
default         192.168.1.57    0.0.0.0         UG    0      0        0 vmbr0

cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto vmbr0
iface vmbr0 inet static
        address 192.168.1.5
        netmask 255.255.255.0
        gateway 192.168.1.57
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
#       pre-up ifconfig eth0 mtu 9000

pveversion -v
proxmox-ve-2.6.32: 3.3-139 (running kernel: 2.6.32-34-pve)
pve-manager: 3.3-5 (running version: 3.3-5/bfebec03)
pve-kernel-2.6.32-20-pve: 2.6.32-100
pve-kernel-2.6.32-32-pve: 2.6.32-136
pve-kernel-2.6.32-19-pve: 2.6.32-96
pve-kernel-2.6.32-33-pve: 2.6.32-138
pve-kernel-2.6.32-22-pve: 2.6.32-107
pve-kernel-2.6.32-17-pve: 2.6.32-83
pve-kernel-2.6.32-34-pve: 2.6.32-139
pve-kernel-2.6.32-26-pve: 2.6.32-114
pve-kernel-2.6.32-11-pve: 2.6.32-66
pve-kernel-2.6.32-18-pve: 2.6.32-88
pve-kernel-2.6.32-23-pve: 2.6.32-109
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-1
pve-cluster: 3.0-15
qemu-server: 3.3-3
pve-firmware: 1.1-3
libpve-common-perl: 3.0-19
libpve-access-control: 3.0-15
libpve-storage-perl: 3.0-25
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-8
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.1-10
ksm-control-daemon: 1.1-1
glusterfs-client: 3.5.2-1

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Armenian Radio, 2014-12-15
@gbg

On virtual machines, you need to disable ip-forwarding.

/etc/sysctl.conf:
net.ipv4.ip_forward = 0

Access to the Internet is organized not by routing, but through a proxy with filtering and authentication.

Report
S
Sergey Petrikov, 2014-12-15
@RicoX

sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv6.conf.all.forwarding=0
echo "net.ipv4.ip_forward=0" >> /etc/sysctl.conf
echo "net.ipv6.conf. all.forwarding=0" >> /etc/sysctl.conf

Similar questions
A
Andrey Smirnov2019-04-17 16:28:28
Why can't I turn on Windows Sandbox? 1Reply
I
Intenditore2014-12-08 00:22:07
A graphics-accelerated virtual machine (like Parallels) or Final Cut in a virtual machine. How? 0Reply
Z
Z2016-12-07 17:24:03
How to run calculations on the server? 1Reply
C
carend2016-12-25 13:30:15
Do you need to configure security on a server hosted in a DC on Windows Server 16? 2Reply
A
anininin2021-01-21 12:24:48
Virtual Box and its virtualization? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question