Hello everyone, I’m currently trying to implement Qubes OS for a corporate environment.
I would like to know if I can make it so, my machine have at the same time one secure IP adress ( secure/admin ) and an other ( general use) and both of them passing through the same eth0 port. I want this so the server that make some IP filtering only allow action from certain VMs
I’ve tried by connecting two sys-net to eth0 port but that’s blocked by the system.
Can I make it so on one sys-net, communication is forwarded with the IP address of 2 different firewalls.
The goal is that communication forwarded with admin IP would be allowed to access some servers through VPN and IP authentication and other won’t.
- My current idea/wish is to do something like this:
|special rights VMs | --| firewall |–|Vpn |–|firewall 2 |_ .,.,…,._| firewall 3 |—|regular VMs |
.,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,. |.,.,. |
…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,. | sys-net |
,.,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,. |.,.,.|
.,.,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,.,…,. ip1.,ip2
-
Is the only solution to connect regular ones to a sys-net 2 and connect it via wifi or usb connection ?
-
Is it sufficient to block access from regular VMs to admin servers via the firewall.
thanks for your attention.