How to isolate VM from host network

Discussions related to using VirtualBox on Windows hosts.
Post Reply
Mikhi
Posts: 4
Joined: 28. May 2021, 17:18

How to isolate VM from host network

Post by Mikhi »

Hello!

I looked over almost all the internet to find a solution for my problem.

I have 2 guest VMs with Win10, and I want them to be isolated from other devices in host network. But I want them to access the internet, and from my host via port forwarding.

Host network: 192.168.x.x
VM network: 10.0.2.x
Host->VM via Port Forwarding = OK
VM->Host Network = NOT Ok

I thought to create an internal network and route all the traffic trough a 3rd guest VM with bridge,and block outbound packets for my host network. But how do I port forward between 3 machines

What other solutions are out there?

Thank you!
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How to isolate VM from host network

Post by scottgus1 »

See Virtualbox Networks: In Pictures: "Sandbox", does exactly this:
Mikhi wrote:create an internal network and route all the traffic trough a 3rd guest VM with bridge,and block outbound packets for my host network
"Sandbox" keep the VM from seeing the LAN but allows internet.

You can port forward in the Sandbox's "router OS" VM from the public LAN/Internet side to allow access to the VMs from the internet.
Mikhi
Posts: 4
Joined: 28. May 2021, 17:18

Re: How to isolate VM from host network

Post by Mikhi »

@scottgus1

Thank you! I was looking for that architecture.
But I have some question:
1. Unmanaged switch is Bridged Network?
2. As I understood corectly the architecture, I have to create the folllwing:

1 VM with pfSense using Bridge Network and get ip from physical router via DHCP
N VM as guest with Internal Network and assign DHCP to pfSense's DHCP server or static IP in pfSense iP's range

But it is a bit unclear, how do I SSH into VMs that are in Internal Network, to control them? Additional settings for port forwarding in pfSense VM?

Thank you!
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How to isolate VM from host network

Post by scottgus1 »

Mikhi wrote:1. Unmanaged switch is Bridged Network?
If you are referring to the 'unmanaged switch' pictured in the tutorial inside the host's physical network adapter, that is the Bridged connection. This 'unmanaged switch' is not something you make or attach to your PC, it gets "made" by Bridged automatically, and only goes to a physical adapter.
Mikhi wrote:1 VM with pfSense using Bridge Network and get ip from physical router via DHCP
Correct. This connection goes on pfSense's WAN side. The LAN side of pfSense goes to the N VMs' Internal network. So the pfSense VM has two network adapters, one Bridged, one Internal.
Mikhi wrote:how do I SSH into VMs that are in Internal Network ... Additional settings for port forwarding in pfSense VM?
Yes. The pfSense VM is essentially a router, like your house router. You should be able to port-forward through the pfSense router, setting up SSH ports to the VMs on the Internal network. I don't know how to port-forward in pfSense, unfortunately; you'll have to web-search that one.
Mikhi
Posts: 4
Joined: 28. May 2021, 17:18

Re: How to isolate VM from host network

Post by Mikhi »

@scottgus1
Thank you for help. I have finished the implementation and port forwarding.

I attach steps to make it work.
1. Disable private network from Interface->WAN(bottom settings)
2. Go to firwall nat and add a new nat.
Source/port: any/any because we dont know the port that os is opening (basically random)

Destionation is also wan address because we send to wan interface

Destionation port is our desired port

And redirect target ip and port are the one that goes to our internal network.

Also in addition to firewall rules. I have added all private networks 10.x.x.x/8 172.16.x.x/12 192.168.x.x/16 to be safe.

Attaching images.
Attachments
nat2.png
nat2.png (27.27 KiB) Viewed 5739 times
wan1.png
wan1.png (33.17 KiB) Viewed 5739 times
nat1.png
nat1.png (58.81 KiB) Viewed 5739 times
Post Reply