Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
1. Setup the bridge Interface
copy real interface towards bridge
| Code Block | ||
|---|---|---|
| ||
[root@nmsprime ~]# cd /etc/sysconfig/network-scripts/ [root@nmsprime network-scripts]# cp ifcfg-eno49 ifcfg-br0 |
Edit the Interface and add BRIDGE interface
| Code Block | ||
|---|---|---|
| ||
[root@nmsprime network-scripts]# vi ifcfg-eno49 TYPE=Ethernet BOOTPROTO=static DEVICE=eno49 ONBOOT=yes BRIDGE=br0 |
2. Add the public IP towards the bridge Interface
Edit the bridge file and add the public IP towards our new bridge
| Code Block | ||
|---|---|---|
| ||
[root@nmsprime network-scripts]# vi ifcfg-br0 TYPE=Bridge BOOTPROTO=static DEVICE=br0 ONBOOT=yes IPADDR=<public ip> NETMASK=<public netmask> GATEWAY=<public gw> DNS1=<public DNS, e.g. 8.8.8.8> |
Restart the network interface
| Code Block | ||
|---|---|---|
| ||
[root@nmsprime ~]# systemctl restart network |
Check the bridge
| Code Block | ||
|---|---|---|
| ||
[root@nmsprime ~]# ip addr show br0 [root@nmsprime ~]# ping google.de |
3. Setup Firewalld
The real Host normally only needs SSH access. It is recommend to allow SSH only from dedicated IPs
| Code Block |
|---|
# add ACL firewall-cmd --permanent --zone=public --add-source=192.168.100.0/24 firewall-cmd --permanent --zone=public --add-source=192.168.222.123/32 # add SSH firewall-cmd --permanent --zone=public --add-port=22/tcp # Reload firewall-cmd --reload # Check firewall-cmd --zone=public --list-all |
- TODO: check firewall settings – copy from threat https://unix.stackexchange.com/questions/159873/whitelist-source-ip-addresses-in-centos-7
| Info |
|---|
This is a 1-to-1 copy from the perfect article, section 3: https://www.linuxtechi.com/install-kvm-hypervisor-on-centos-7-and-rhel-7/ |