Ubunu Server KVM: Sophos Firewall












0














I am running a Ubuntu Server with KVM.
The machine uses 8 physical NICs.



Currently i am in a learning and testing state (so please correct me if you see errors):



I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.



Here is where i end up with my knowledge:
In Ubuntu, i do now have the following interfaces list:



- enp2s0
- enp3s0
- enp4s0f0
- enp4s0f1
- enp7s0f0
- enp7s0f1
- enp9s0f0
- enp9s0f1
- lo
- macvtap0
- macvtap1
- virbr0


Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".



I need now a solution to shield the host (ubuntu server) from those two physical NIC's.



My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
Because currently the machine is not shielded from the internet and has therefore direct access which is not good.



Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?



thanks










share|improve this question







New contributor




ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0














    I am running a Ubuntu Server with KVM.
    The machine uses 8 physical NICs.



    Currently i am in a learning and testing state (so please correct me if you see errors):



    I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
    WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.



    Here is where i end up with my knowledge:
    In Ubuntu, i do now have the following interfaces list:



    - enp2s0
    - enp3s0
    - enp4s0f0
    - enp4s0f1
    - enp7s0f0
    - enp7s0f1
    - enp9s0f0
    - enp9s0f1
    - lo
    - macvtap0
    - macvtap1
    - virbr0


    Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".



    I need now a solution to shield the host (ubuntu server) from those two physical NIC's.



    My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
    Because currently the machine is not shielded from the internet and has therefore direct access which is not good.



    Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?



    thanks










    share|improve this question







    New contributor




    ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0







      I am running a Ubuntu Server with KVM.
      The machine uses 8 physical NICs.



      Currently i am in a learning and testing state (so please correct me if you see errors):



      I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
      WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.



      Here is where i end up with my knowledge:
      In Ubuntu, i do now have the following interfaces list:



      - enp2s0
      - enp3s0
      - enp4s0f0
      - enp4s0f1
      - enp7s0f0
      - enp7s0f1
      - enp9s0f0
      - enp9s0f1
      - lo
      - macvtap0
      - macvtap1
      - virbr0


      Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".



      I need now a solution to shield the host (ubuntu server) from those two physical NIC's.



      My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
      Because currently the machine is not shielded from the internet and has therefore direct access which is not good.



      Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?



      thanks










      share|improve this question







      New contributor




      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I am running a Ubuntu Server with KVM.
      The machine uses 8 physical NICs.



      Currently i am in a learning and testing state (so please correct me if you see errors):



      I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
      WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.



      Here is where i end up with my knowledge:
      In Ubuntu, i do now have the following interfaces list:



      - enp2s0
      - enp3s0
      - enp4s0f0
      - enp4s0f1
      - enp7s0f0
      - enp7s0f1
      - enp9s0f0
      - enp9s0f1
      - lo
      - macvtap0
      - macvtap1
      - virbr0


      Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".



      I need now a solution to shield the host (ubuntu server) from those two physical NIC's.



      My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
      Because currently the machine is not shielded from the internet and has therefore direct access which is not good.



      Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?



      thanks







      server firewall kvm






      share|improve this question







      New contributor




      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Dec 15 at 20:01









      ambedded

      11




      11




      New contributor




      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      ambedded is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.



























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          ambedded is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102169%2fubunu-server-kvm-sophos-firewall%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          ambedded is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          ambedded is a new contributor. Be nice, and check out our Code of Conduct.













          ambedded is a new contributor. Be nice, and check out our Code of Conduct.












          ambedded is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102169%2fubunu-server-kvm-sophos-firewall%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          數位音樂下載

          When can things happen in Etherscan, such as the picture below?

          格利澤436b