Hi,
I have an i7 that has slowly become mostly a kvm/qemu host.
I put a 4-way ethernet card in and got them all working, but since it's currently an Xubuntu install I couldn't get routing or masquerade working.
In any case I don't want the virtualization host to be the router directly. So my intent is this:
So I guess here are my questions:
More information:
I have an i7 that has slowly become mostly a kvm/qemu host.
I put a 4-way ethernet card in and got them all working, but since it's currently an Xubuntu install I couldn't get routing or masquerade working.
In any case I don't want the virtualization host to be the router directly. So my intent is this:
- Reinstall with a bare bones minimal kvm/qemu host OS, possibly server 12.04.
- Add an Xubuntu VM so I have a GUI, and give it my video card and such.
- Add a full-featured router VM and give it my 4-way video card. And maybe the on-board one too. I'm thinking maybe pfSense.
- Add a bunch of other VMs as I have need.
- I want the host to see exactly one network interface, and that would probably best be a virtual pipe from "inside" a secure firewall, inaccessible from outside.
So I guess here are my questions:
- Does the VM host require the same advanced TCP/IP kernel features as the the router guest? I think not, but I'd like to be sure.
- Do I have to define the NICs in the host and then donate them somehow to the guest?
More information:
- I need advanced router features:
- VLANs (802.1q: REAL vlans)
- SPI firewall
- Access rules for each VLAN, including between internal networks.
- Multiple VPN endpoints (not just pass-through) with good performance.
- Allow an endpoint to appear inside of an internal VLAN
- The endpoint should be isolated from the rest of the network based on firewall rules.
- IPV6 tunneling.
- More.
- I have a Linksys EA6500 and have tried DD-WRT on it.
- DD-WRT is inconsistent, buggy and absolutely out of the question.
- I've tried it on several occasions including recently, and it comes up short every time.
- SOHO routers are too slow to do what I need.
- I intend to hook the EA6500 up to one of the ports and give it a VLAN. It will be isolated from more secure VLANs.
- Once I get this working, I'll get one or two more 4-way NICs.