Standard TUNTAP Networking - Guest0 eth0 type: tuntap tundev: tun0 address: 192.168.0.10 tunip: 192.168.0.1 netmask: 255.255.255.0 Guest1 eth0 type: tuntap tundev: tun1 address: 192.168.1.10 tunip: 192.168.1.1 netmask: 255.255.255.0 Guest2 eth0 type: tuntap tundev: tun2 address: 192.168.2.10 tunip: 192.168.2.1 netmask: 255.255.255.0

All three guests are able to communicate with the Host and, if ip_forwarding is enabled on the Host, each other.

Unless other hosts on UML Host's network are configured with routes to 192.168.0.0/24, 192.168.1.0/24, or 192.168.2.0/24, they won't be able to communicate with the Guests.   NAT rules on the host could also help the UMLazi guests communicate with the outside network.

This configuration offers the best options for network security, as each Guest's TUNTAP interface can be individually firewalled, preventing a compromise of one host from allowing unrestricted access to the other hosts.

Bridged Networking In this example,  Guest0 and Guest1 are on the same isolated virtual network (bridge).  Although the guests may freely communicate with each other Guest0 eth0 type: bridge bridge: bridge0 tundev: tun0 address: 192.168.0.10 netmask: 255.255.255.0 Guest1 eth0 type: bridge bridge: bridge0 tundev: tun1 address: 192.168.0.20 netmask: 255.255.255.0 Guest2 eth0 type: bridge bridge: bridge1 tundev: tun2 address: 192.168.1.20 netmask: 255.255.255.0

In this example, Guest0 and Guest1 are on virtual network 192.168.0.0/24 named "bridge0".  They may communicate with each other, but they're unable to send packets to the Host, to Guest2, or to the Local Network.

Guest2 is linked directly to the Local Network via "bridge1" on the host.  bridge1 was created by the system administrator before starting Guest2 by creating a bridge, assigning it the IP address "192.168.1.10", and adding "eth0" to it as a member.  Guest2 is assigned a live Local Network IP, because for all intents and purposes, it's sitting on the local network.