virtualbox.org

Hello,

the last view days I've read a lot of posts in this forum about networking in VB as well as the user manual more than once, but I'm not able to built a VM using VirtualBox similar the way it's done by VMware. So I need assistance from you before I become mad.

HOST:
- Windows XP SP2, VirtualBox 2.0.2
- 2 physical LAN cards (1x 100MBit on board, 1x 1GBit external PCI)
- the 100MBit LAN is connected to Internet router physically

GUEST:
- Suse Linux 10.3 (VM)
- (optional: Sidux Lite in an other VM)

Destination:
Only the OS (Suse Linux, Sidux Lite, etc.) in the GUEST should have internet access, but the HOST must not!
In other words: Windows XP (and other programs on HOST) should never have the possibility to get access to internet!

Using NAT for the GUEST requires a TCP/IP adress at HOST's network LAN card (100MBit) so the router can be found (for DNS, etc.). That works fine in VB, means internet access works from GUEST.
Using HIF and virtual VB network adapter bridged to the 100MBit LAN adapter in principal it's the same.

BUT: In both situations Window XP has also the router adress area visible and is able to get internet access! This is while 100MBit LAN card requires TCP/IP adress space from router!

Is there a way to avoid this? VMware uses a bridge protocol that allows individual TCP/IP adresses for the VM interfaces. At a second machine, that works fine - XP has no connection to internet. At least I prefer to use VB - easier handling, less amount of resources, faster, etc.

Is there anybody who can explain me, If this is reachable anyhow with VB? Or is it possible to suppress Windows XP the using of that LAN card?
Does a way exist to assign a physical LAN card to VM individually, so that the HOST can't use it?

Many thanks in advance

anie

Hello,

I've got the same problem.

HOST:
- Windows Vista Home SP1
- host is behing the proxy

GUEST:
- Windows Server 2003

Thanks in advance.

Anie:
You can set the Host bridge IP address to 0.0.0.0, netmask 255.0.0.0 making it transparent. This is with Host Interface and bridging. This is currently the only way to achieve what you want. And because the Bridge on the Host has no IP address, it can't access the internet or the router.


Barry853:
What is your exact problem? That your Guest is not able to access the internet because of the proxy, or something else? You state that you have the same problem, but you don't specify what it is. As you stated now, you don't have the same problem.

Hello Sasquatch,

thank you first for your fast reply.

I've tested your solution on my host (Windows XP) - ok, I tried it, because Windows doesn't allow to enter IP adress at network configuration dialog for the network bridge as you mentioned.
Entering the first byte of IP 0.0.0.0 forces an error: 0 is no valid entry. Therefore 1 was assumed. Filling the rest with 0 (zero) and entering your subnet id brings up an additional message telling me that this combination of IP and subnet mask is invalid.

Trying to change IP address using <netsh interface ip set address ...> manually at the command line brings up a similar message: "0.0.0.0 is not an acceptable value for the source." (Sorry, that's the poor translation from my german windows version).

Is there a special reason using 0.0.0.0 (IP) ? What's behind of it? Is this a IP/Mask combination allowed on Linux machines only?

I will do some more tests this evening based on your idea - trying 127.0.0.1 etc. as well as other IPs independant from my routers address space.

Thanks again to you,

anie

@Sasquatch

Sorry for that, I guess my problem was obvious to me only. I have almost the same problem as Anie has. I need somehow to block the internet access for the host and make it possible for the guest only. I have no problem with internet access where host and guest are both connected (using Host Interface Networking with bridging). I have tried your solution but with the same result as Anie...

Well, any IP outside the range can do, as long as you use a private scope. Leaving out the gateway and DNS is of course a must .

Setting an IP of 0.0.0.0 is something that is usually done on Linux machines, and it appears that it's only for that OS (and the likes).

Hello Sasquatch,

thank you replying so fast and sorry for the delay - I've crashed my network while doing lots of tests. So it took a little more time than expected.

The most stupid thing I did before posting my problem to this forum was to force the bridge to promiscuous mode using <netsh bridge set a 1 e>
(1=number of adapter displayed) with NIC and HIF. A gateway I've set also - next mistake. Thanks for your tip relating this.

But all I reached was the VM with Linux GUEST get an IP from DHCP (Router), neither ping nor internet did work.

One day later I removed this all, created a new HIF in Windows XP, bridged to NIC, entered IP other than the router net and booted a new Linux-ISO in the corresponding VM so that everything was well detected by Linux - yeah it works!

Result: HOST (Windows XP) can't access internet, but GUEST (Linux) can. Great!!!

In summary, looking back, it's much easier as expected - as long as you don't change NAT- and HIF-mode, bridging and unbridging while your Guest-OS is installed yet and sometimes running!

Many thanks to you again,

anie

I asked myself "Why would anyone want to do this"?

I thought about this and realized that I already know the answer.

I really don't want to use Windows for web browsing when I use my credit card online.

You should put this information into a FAQ or make this thread sticky or whatever.

Sorry to revive an old thread, but I'm new to this. I use VirtualBox 5 under Windows 8 host, and Linux Manjaro as guest. I assume NIC is the ethernet adapter listed in the Network Connections, but how do I create a HIF? Can someone give directions for the options to use in VirtualBox Network Settings, and the Windows Network Center? Thank you.

None of the software versions you mention existed at the time of the above thread, which I'm about to lock. I suggest that you start your own topic and ask your actual question. Also, if your question is about configuring a Linux Guest then I suggest that you ask it in the "Linux Guests" forum.