Virtual Machines in DMZ on Host in Intranet
Posted: 13. May 2009, 14:48
I am setting up a dual firewall dmz for my virtual web server, ftp, remote desktop over http, etc. I have two nic's on my host. My plan is to break up my team and dedicate one for virtual machines connected to my dmz switch. I would then have the other nic for the host computer to be connected to the intranet switch so i could access the other network computers and use it for whatever i may need. I plan on setting up a proxy server for the two to communicate.
Is this setup as secure as the vm being a physical server in the dmz? Is there a way to stop the host from using the nic on the dmz? I know the vm's will only see the network adapter bridged to the dmz, but i'm afraid that my host will connect to the dmz and be vulnerable.
I've ran ideas through my head, but my thinking is if its truly disabled on the host, then it won't be available for the vm's.
Is this setup as secure as the vm being a physical server in the dmz? Is there a way to stop the host from using the nic on the dmz? I know the vm's will only see the network adapter bridged to the dmz, but i'm afraid that my host will connect to the dmz and be vulnerable.
I've ran ideas through my head, but my thinking is if its truly disabled on the host, then it won't be available for the vm's.