What is the correct approach in this case? Virtual Networks

[joais]

Hey!

We are short in IPV4s and some of our machines do not need internet access at all, in fact, it would be much better if they were isolated from the internet. For example, we have our database and web server in separated machines, currently, each has its own ipv4, however, an ideal scenario would be one in which we have a private network that the database and webserver are connected to so that the webserver still has access to the internet but the database is completely isolated.

What am I exactly looking for? could it be a virtual switch or a VLAN, perhaps a simple virtual network can achieve this alone?

Best regards.

 

[Stoiko Ivanov]

What am I exactly looking for? c

from your description I think the following:
* create a new bridge (vmbr1) - don't add any network interfaces as ports (that way you're sure it's not connected to the outside)
* set the virtual nic in the database VM to be connected to vmbr1 (and configure a private IP for that nic inside the VM)
* create a second nic for the webserver VM and connect it to vmbr1 (and configure a private IP in the same network as above for that nic inside the VM)
* check connectivity - reconfigure the webserver to reach the database vm via the private IP

I hope this helps!

 

[guletz]

an ideal scenario would be one in which we have a private network that the database and webserver are connected to so that the webserver still has access to the internet but the database is completely isolated.

... and a firewall on database VM who will permit to replay only for new connections from the webserver only.

Good luck / Bafta !