DNS forwarding for guest domains on isolated network
Jörg Kastning
joerg.kastning at gmail.com
Wed Nov 11 08:40:59 UTC 2020
Hi @all,
I'm having trouble to realize my use case and hope somebody could help me.
# Use case
For a home lab I want to deploy several guest domains. These domains
must not have a direct or NAT connection to the internet or my LAN. They
should only be able to reach my LAN and the internet through a proxy.
# What I've done
I've created the following virtual switch in isolated mode:
$ sudo virsh net-dumpxml private1
<network connections='3'>
<name>private1</name>
<uuid>THE-UUID</uuid>
<bridge name='virbr1' stp='on' delay='0'/>
<mac address='DE:AD:BE:EF:FF:FF'/>
<domain name='private1'/>
<ip address='192.168.100.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.100.128' end='192.168.100.254'/>
</dhcp>
</ip>
</network>
I've setup a guest domain that serves as a proxy and several other guests.
# My issue
Nameresolution for *.private1 works fine on this network. But I'm not
able to resolve domains from the outside world like github.com.
I understood that libvirt is forwarding dns resolution requests to the
hosts nameserver configured in /etc/resolv.conf in case the dnsmasq
instance for the virtual network is not able to resolve the name.
My guess, in my setup this don't work, because the virtual switch is in
isolated mode, right?
# My questions
* What can I do to achieve my use case described above?
* Is it possible to use the isolated mode here or do I have to use a
different mode?
It's important that the guest domains could only connect to the internet
by using the proxy.
Regards,
Joerg
More information about the libvirt-users
mailing list