zir_blazer
Golden Member
Allright, so situation is as follows. I have a home network consisting on the following:
1) An ISP-provided ZTE H108N ADSL Modem/WiFi 4-Port Router, which seems to have a custom Firmware with a wizard assistant, but it also offers an "Advanced Settings" menu which launchs the typical Web setup of the Router with the entire range of options. While it has 4 LAN Ports, one has a "Reserved for VoIP" sticker blocking it (Never researched if I can use it as a regular LAN instead).
2) Two wired computers, that connects using two LAN Ports
3) A Notebook that connects using WiFi
4) Sometimes a Tablet, Smartphone, or one of those WiFi gadgets
5) My computer, which is also wired to a LAN Port. However, my entire setup consist on using Xen as Hypervisor, and have at least one or several VMs. I use an easy to setup bridge, and the Router sees the VMs itself and assign them a local IP.
Typical usage is that besides that everything shares the Internet pipe, sometimes we also have permanent Shared Folders where we put data to be available for other computers.
Now, with all the Remote Desktop trend, I want to get creative about what I can do with Xen, since the infrastructure is all there. Its easy to setup VNC/SPICE access to a VM, and with a SPICE client on one of the other computers of the network, I was able to access my hosted VM.
There are a multitude of reasons why I would want to share access to a VM. Ideas that I had was to install the CPU heavy applications on that VM, and let the other family members do things like renders on my Haswell Xeon while I sleep, which should blow their old Athlon II out of the water.
My latest idea was to play games like, for example, emulators with ROMs, and instead of relying on Kaillera for Internet Multiplayer, which is rather unstable (Drops often, forcing to restart the game), I could grant remote access with an SPICE client, thereby the game would be processed locally and I wouldn't need Kaillera at all. I still need to test if it can be sucessfully used simultaneously by two persons at the same time doing a little button mashing. I don't know how much bandwidth it uses, the lag from the other side, and the image quality and, FPS, but at least from inside the local network it looked rather promising. Still, it seems to be a nice idea for a personal "gaming cloud".
Now, the problem relies on the fact that if I give access to anyone to that VM, he can access everything else on my network from inside it (The Shared Folders, Router config, etc). If anyone from my local network access my shared VM I don't care since all the things visible from the local network are also visible from their computers, but if I'm sharing it with someone through Internet, it is extremely unsafe. So, what I want to do, is checking if there is a way to make that the VM is absolutely isolated from the local network yet route it to have Internet access.
As far that I know, it should be possible, since there are things like PVC and VLAN that are around those lines, using the same physical infrastructure but separating it onto virtual layers. My Router seems to soport PVC and/or VLAN via "Port Mapping", but settings seems to be only for physical LAN Port, or a Software Access Point for WiFi, when what I would want to do is to put a MAC Address onto a separate network, since my computer, including the host (Xen Dom0) and all the VMs uses the same cable.
Any ideas of how I can achieve this? Keep in mind I'm rather dumb when it comes to networking besides the physical implementation. Somewhere else I was suggested to set two separate bridges for Xen, but I still don't see how that would isolate it from the local network since they would still go through the Router, which should be responsible for that isolation.
Also, since my computer has two NICs, at the absolute worst case scenario and desesperation, I could do PCI Passthrough of the other NIC to the VM I'm intending to share, and have another cable from my computer to the Router (Which would require to get the LAN Port for VoIP working as a standard one).
1) An ISP-provided ZTE H108N ADSL Modem/WiFi 4-Port Router, which seems to have a custom Firmware with a wizard assistant, but it also offers an "Advanced Settings" menu which launchs the typical Web setup of the Router with the entire range of options. While it has 4 LAN Ports, one has a "Reserved for VoIP" sticker blocking it (Never researched if I can use it as a regular LAN instead).
2) Two wired computers, that connects using two LAN Ports
3) A Notebook that connects using WiFi
4) Sometimes a Tablet, Smartphone, or one of those WiFi gadgets
5) My computer, which is also wired to a LAN Port. However, my entire setup consist on using Xen as Hypervisor, and have at least one or several VMs. I use an easy to setup bridge, and the Router sees the VMs itself and assign them a local IP.
Typical usage is that besides that everything shares the Internet pipe, sometimes we also have permanent Shared Folders where we put data to be available for other computers.
Now, with all the Remote Desktop trend, I want to get creative about what I can do with Xen, since the infrastructure is all there. Its easy to setup VNC/SPICE access to a VM, and with a SPICE client on one of the other computers of the network, I was able to access my hosted VM.
There are a multitude of reasons why I would want to share access to a VM. Ideas that I had was to install the CPU heavy applications on that VM, and let the other family members do things like renders on my Haswell Xeon while I sleep, which should blow their old Athlon II out of the water.
My latest idea was to play games like, for example, emulators with ROMs, and instead of relying on Kaillera for Internet Multiplayer, which is rather unstable (Drops often, forcing to restart the game), I could grant remote access with an SPICE client, thereby the game would be processed locally and I wouldn't need Kaillera at all. I still need to test if it can be sucessfully used simultaneously by two persons at the same time doing a little button mashing. I don't know how much bandwidth it uses, the lag from the other side, and the image quality and, FPS, but at least from inside the local network it looked rather promising. Still, it seems to be a nice idea for a personal "gaming cloud".
Now, the problem relies on the fact that if I give access to anyone to that VM, he can access everything else on my network from inside it (The Shared Folders, Router config, etc). If anyone from my local network access my shared VM I don't care since all the things visible from the local network are also visible from their computers, but if I'm sharing it with someone through Internet, it is extremely unsafe. So, what I want to do, is checking if there is a way to make that the VM is absolutely isolated from the local network yet route it to have Internet access.
As far that I know, it should be possible, since there are things like PVC and VLAN that are around those lines, using the same physical infrastructure but separating it onto virtual layers. My Router seems to soport PVC and/or VLAN via "Port Mapping", but settings seems to be only for physical LAN Port, or a Software Access Point for WiFi, when what I would want to do is to put a MAC Address onto a separate network, since my computer, including the host (Xen Dom0) and all the VMs uses the same cable.
Any ideas of how I can achieve this? Keep in mind I'm rather dumb when it comes to networking besides the physical implementation. Somewhere else I was suggested to set two separate bridges for Xen, but I still don't see how that would isolate it from the local network since they would still go through the Router, which should be responsible for that isolation.
Also, since my computer has two NICs, at the absolute worst case scenario and desesperation, I could do PCI Passthrough of the other NIC to the VM I'm intending to share, and have another cable from my computer to the Router (Which would require to get the LAN Port for VoIP working as a standard one).
