Ok, I've been having a ball configuring my OpenWrt routers and doing some cool stuff with VLANs, bridges and trunks on both the WRTs and on a regular Linux host running kvm based virtual machines (previously VMware). I wrote up a document roughly describing my home network along with the configuration of the kvm host and the WRT routers:
"wrt1" acts as my main firewall (running OpenWrt + shorewall) and I have it divided into 3 vlans. I have vlan 1 which is the WAN (public) zone that faces the Internet and connects to the DSL modem. I have vlan 2 which is the DMZ and contains my web and mail servers. I have vlan 0 which is the LAN (private) zone that my user desktop/laptops connect to.
I just recently bought a Quad Core AMD processor and motherboard with 4GB of RAM (all for $199) from Tiger Direct and I decided I had enough resources I could virtualize a couple of my older machines. I decided to move my mail server into a virtual machine guest and an XP guest (don't really have a need for it but it's there for testing).
The mail server is in the DMZ and the XP instance needed to be on the private LAN side so initially I installed them in VMware server 2.0 and ran two network cards. I trunked the VLANs from the main firewall WRT downstairs to the WRT upstairs where my desktop is. I ran two network cards in the desktop, one on a DMZ port for the mail guest and one on a LAN port for the XP guest. I really wanted to run one physical network card plugged into a trunk port and split out the VLANs on the Linux host for the two guests. I couldn't figure out how to make VMware do that and there is nothing in the documentation about it.
I really wanted to use kvm/qemu/libvirt for my virtual machines instead of VMware but I had trouble getting it running at first and caused me to go to VMware. Well, after getting some time to learn more about kvm and figure out where I went wrong I decided to switch the guests over to kvm. You can even convert the disk image from VMware format to qemu format using the qemu-img command that is included with qemu.
Not only could I easily migrate my guests from VMware to kvm/qemu but I could get both DMZ and LAN connectivity to them over one cable from the host to the WRT. I just trunked DMZ/LAN to the port the KVM host was set up on, then created the vlan interfaces eth0.0 (LAN) and eth0.2 (DMZ) on the host. I created a bridge br0 which is used to bridge eth0.0 (LAN) with the interface on the XP guest and bridge br2 on eth0.2 (DMZ) with eth0 on the mail host.
I have all (most) of the configurations at the bottom of the page that I linked at the top of this post.
What I really need to do is find another one of those $199 deals and move my entire DMZ into guests on that server.