new host networking and iptables

arno. · Post by **arno.** » 29. Jan 2009, 12:34

Hi,

I'm using virtualbox on linux to run some linux guests.

I trust guests os less than host os. So I want to have strict firewall rules managed from my host. Currently, I'm using virtualbox 1.6.6 and I'm using the usual bridge settings stuff. I firewall rules with ebtables.

Now, I'm trying virtualbox 2.1.2 and host networking configuration seems more simple: if just choose eth0 interface, virtualbox network seems to work fine. Problem is, I just can't manage to set firewall rules from my host. Even if I block everything

Code: Select all

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

I can't access anything from my host anymore, but traffic from my guest in not blocked at all.
So, do you known how to block guest traffic from my host when using simple host networking in virtualbox 2.1.2 ?

Thanks

Post by **sej7278** » 29. Jan 2009, 14:13

i believe you can still use the old tap/tun method from 2.0 with 2.1, which makes it much easier to firewall - as you can block the forwarding chain to prevent WAN/LAN/host access.

the new system i've found you can block access to your host at least, such as the following on the host (ip is the guest):

iptables -I INPUT -s 192.168.0.2 -j DROP

however if you wanted to block WAN access you'd have to configure the firewall on your router not your host.

i don't know how you'd block access to other hosts on your LAN.

arno. · Post by **arno.** » 29. Jan 2009, 18:54

sej7278 wrote:
however if you wanted to block WAN access you'd have to configure the firewall on your router not your host.

Thanks, that's what I wanted to known

So I think I'll stay with tap/tun method.