I have a physical machine (PM) with physical ports eth0 and eth1. It is running a virtual machine VM0 via KVM. As consequence, eth0 appears aliased to virbr0, such that the only ports that are "up" are eth1 and virbr0. Other VM's lay behind VM0, which is running Sophos UTM. Presumably, the route from outside to VM1 is in eth1 thence virbr0 and through Sophos into the vLan. But PM and VM0 both have WAN ports bearing the same IP address.
First, how is that possible? PM can ping the Internet and VM1, so there is communication between all network segments. But it seems there should be broken communications between PM and VM0. I find the topology and connections of virbr0 very confusing!
Second, is this desirable? Seems not to me as I need to have different rules for the PM and VM0, but cannot write different rules given the identical IP addresses.
I don't understand why I am even able to communicate with both machines. I am using NoMachine (VNC-like) to address PM at the shared IP. Then I run a nested NoMachine session from PM to access VM1 and then access VM0 via browser addressed to its LAN port.
How can I detangle this? How did it get tangled?
This thread was automatically locked due to age.
