Ubunu Server KVM: Sophos Firewall
I am running a Ubuntu Server with KVM.
The machine uses 8 physical NICs.
Currently i am in a learning and testing state (so please correct me if you see errors):
I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.
Here is where i end up with my knowledge:
In Ubuntu, i do now have the following interfaces list:
- enp2s0
- enp3s0
- enp4s0f0
- enp4s0f1
- enp7s0f0
- enp7s0f1
- enp9s0f0
- enp9s0f1
- lo
- macvtap0
- macvtap1
- virbr0
Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".
I need now a solution to shield the host (ubuntu server) from those two physical NIC's.
My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
Because currently the machine is not shielded from the internet and has therefore direct access which is not good.
Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?
thanks
server firewall kvm
New contributor
add a comment |
I am running a Ubuntu Server with KVM.
The machine uses 8 physical NICs.
Currently i am in a learning and testing state (so please correct me if you see errors):
I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.
Here is where i end up with my knowledge:
In Ubuntu, i do now have the following interfaces list:
- enp2s0
- enp3s0
- enp4s0f0
- enp4s0f1
- enp7s0f0
- enp7s0f1
- enp9s0f0
- enp9s0f1
- lo
- macvtap0
- macvtap1
- virbr0
Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".
I need now a solution to shield the host (ubuntu server) from those two physical NIC's.
My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
Because currently the machine is not shielded from the internet and has therefore direct access which is not good.
Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?
thanks
server firewall kvm
New contributor
add a comment |
I am running a Ubuntu Server with KVM.
The machine uses 8 physical NICs.
Currently i am in a learning and testing state (so please correct me if you see errors):
I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.
Here is where i end up with my knowledge:
In Ubuntu, i do now have the following interfaces list:
- enp2s0
- enp3s0
- enp4s0f0
- enp4s0f1
- enp7s0f0
- enp7s0f1
- enp9s0f0
- enp9s0f1
- lo
- macvtap0
- macvtap1
- virbr0
Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".
I need now a solution to shield the host (ubuntu server) from those two physical NIC's.
My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
Because currently the machine is not shielded from the internet and has therefore direct access which is not good.
Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?
thanks
server firewall kvm
New contributor
I am running a Ubuntu Server with KVM.
The machine uses 8 physical NICs.
Currently i am in a learning and testing state (so please correct me if you see errors):
I have 1 VM running, which is Sophos XG where i have 1 WAN and 1 LAN port in bridged mode.
WAN is running in DHCP and LAN with DHCP server. Sophos up running and delivering devices connected to the bridged LAN port with an IP. So far so good.
Here is where i end up with my knowledge:
In Ubuntu, i do now have the following interfaces list:
- enp2s0
- enp3s0
- enp4s0f0
- enp4s0f1
- enp7s0f0
- enp7s0f1
- enp9s0f0
- enp9s0f1
- lo
- macvtap0
- macvtap1
- virbr0
Where the two "macvtap0/1" are the bridged ports for LAN/WAN from Sophos. Those two are briged from the 2 physical NICS "enp2s0/enp3s0".
I need now a solution to shield the host (ubuntu server) from those two physical NIC's.
My wish would be, if i would like to have network access with the host, i would need to use a cable from the LAN of sophos to one of the remaining pyhical NICs of the server.
Because currently the machine is not shielded from the internet and has therefore direct access which is not good.
Is there a easy way to configure the 2 NICs so that only the Sophos VM can use them but not the Host?
thanks
server firewall kvm
server firewall kvm
New contributor
New contributor
New contributor
asked Dec 15 at 20:01
ambedded
11
11
New contributor
New contributor
add a comment |
add a comment |
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
ambedded is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102169%2fubunu-server-kvm-sophos-firewall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
ambedded is a new contributor. Be nice, and check out our Code of Conduct.
ambedded is a new contributor. Be nice, and check out our Code of Conduct.
ambedded is a new contributor. Be nice, and check out our Code of Conduct.
ambedded is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1102169%2fubunu-server-kvm-sophos-firewall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown