Hi,
I’m exploring network configuration options within Qubes OS.
On standard Linux systems, using QEMU+KVM with a single physical Ethernet device, it’s possible to assign distinct MAC addresses (optionally with VLAN tags) to individual VMs with macvtap devices. This allows setting up network policies in the router based on MAC addresses or VLAN tags. For example, one VM could be allowed to access the intranet or specific subnets, while another is restricted to public addresses. A prerequisite for this setup is that the physical network device remains in the host rather than being passed through.
In contrast, Qubes OS passes physical devices to a dedicated sys-net VM, which other VMs can use (ideally through a firewall VM). While having two Ethernet devices would allow creating separate network VMs for each, my single device necessitates pass-through to a single sys-net VM, preventing its assignment to multiple network VMs.
Is it possible to have multiple connections with distinct MAC addresses (potentially VLAN tags) over a single physical interface with Qubes OS?
Thanks,
Rex