Hi all, I am looking for the preferred way to restrict the network access for VirtualBox guests. Although I know that terms like NAT and bridge and iptables are highly relevant google keywords for this one, I am stuck with the following HOWTOs:
- http://www.tolaris.com/2009/03/05/using ... irtualbox/
- http://www.cyberciti.biz/tips/linux-ipt ... affic.html
- http://www.scottro.net/vboxbridge.html
Although these give me some rough idea about setting up a virtual interface and attaching some iptables rules for that, I'm not sure whether they are still up-to-date for that latest VirtualBox version.
In the end, I'd like to set up my guest networks such that it is possible to browse the internet, use apt, dropbox, etc to download files *in* the guest systems, upgrade the guest OSs, etc BUT it should be impossible to transfer content from the guest systems to the outside world...
Should I edit /etc/network/interfaces manually or use a tool like brctl? Any practical advice is very welcome.
Best regards,
Pieter
Restricted network access for VirtualBox 2.1+/3.0 guests
Re: Restricted network access for VirtualBox 2.1+/3.0 guests
The best way is via a VM router, using 2 network interfaces, 1 bridged and 1 internal, the internal one connects to the Guests.
[This space is intentionally left blank]
If you can read this, you can read the VirtualBox Manual, the Forum FAQ, and the QuickClick FAQ
-=[ Search this forum with Keywords, VirtualBox solutions at you're fingertips]=-
If you can read this, you can read the VirtualBox Manual, the Forum FAQ, and the QuickClick FAQ
-=[ Search this forum with Keywords, VirtualBox solutions at you're fingertips]=-
Re: Restricted network access for VirtualBox 2.1+/3.0 guests
Thanks for your reply. Are the instructions on http://greenpossum.awardspace.com/ipcop-in-vbox.html what you have in mind?
When I was reading http://www.tolaris.com/2009/03/05/using ... irtualbox/, I thought that blocking outgoing traffic for guest systems could be realized even simpler (that is: with just one extra iptables line in /etc/network/interfaces)... In that case, the firewall would be configured at the host level, instead of in a dedicated VM so I guess it would be even more efficient as well. Any experience there?
Thanks again and best regards,
Pieter
When I was reading http://www.tolaris.com/2009/03/05/using ... irtualbox/, I thought that blocking outgoing traffic for guest systems could be realized even simpler (that is: with just one extra iptables line in /etc/network/interfaces)... In that case, the firewall would be configured at the host level, instead of in a dedicated VM so I guess it would be even more efficient as well. Any experience there?
Thanks again and best regards,
Pieter
Re: Restricted network access for VirtualBox 2.1+/3.0 guests
Its both possible, but, in order to keep things simple and to be able to have greater/deeper control what goes back and forth it is much better to use the bridge/internal network VM construction, for example a setup to test ddos and such scenarios your router VM could be running near 100% cpu, you don't want that to happen on the Host.
[This space is intentionally left blank]
If you can read this, you can read the VirtualBox Manual, the Forum FAQ, and the QuickClick FAQ
-=[ Search this forum with Keywords, VirtualBox solutions at you're fingertips]=-
If you can read this, you can read the VirtualBox Manual, the Forum FAQ, and the QuickClick FAQ
-=[ Search this forum with Keywords, VirtualBox solutions at you're fingertips]=-