I’m looking for some information regarding the interaction of KVM, VLANs, firewalld, and the kernel’s forwarding configuration. I would appreciate input especially from anyone already running a similar configuration in production. In short, I’m trying to figure out if a current configuration is inadvertently opening up traffic across network segments.
On earlier versions of CentOS I’ve run HA clusters with and without VMs (in this case, based on xen). On those clusters, both the host machine’s IPs and the VM IPs were in the same subnet (call it the DMZ).
In a CentOS 7 test HA cluster I’m building I want both traditional services running on the cluster and VMs running on both nodes (not necessarily under control of the cluster). In the new setup, I’d like to retain *some* VMs on the same subnet as the host machine’s IP, however have other VMs on different VLANs. So the physical topology looks like this:
—————– DMZ —————-