I am currently using a VMWare ESXi 5.5 server for my virtualisation. The network setup is like this:
PFSense firewall is the center of it all and connected to: LAN Network (physical NIC 1 assigned by VMWare) DMZ network (no physical NIC assigned by VMWare) WAN (physical NIC 2 assigned only to the firewall by VMWare)
The host is member of the LAN network. There are a couple of servers in the DMZ and LAN network which are all linux based so all in all nothing too fancy.
In my scenario the firewall takes care of all traffic and the physical NIC 2 is exclusively available to the firewall (not the host). This way the firewall is able to get the public IP address which is assigned by my internet provider via DHCP (cable provider).
Finally I am now able from my client which is member of the LAN network of course to access all servers I want and need to which I managed by specific firewall rules on the PFSense. Everything is peachy so far.
So my question now is how do I implement this scenario within KVM and make the KVM host (which will probably be a Ubuntu server 13.10 or 14.04 or Debian based one) a network related "dumb" host and let the firewall be the pit for all network traffic.
I have experimented a little on my laptop with KVM and installing a guest (Ubuntu server 13.10 based) but it had only one physical NIC and I didn't want to pull the internet cable for this test. :)
So all help, suggestions and ideas on how to get this setup be accomplished is greatly appreciated. If there is a lack of information please let me know and I will try to update this post accordingly but I hope the general idea on what I want to do has become clear during this post.
VJ
P.S.: For better understanding here is a picture of my current VMWare network setup.