Guest-Only Networking?
Posted: 11. Aug 2009, 16:51
I know this is going to sound strange...
I have two networks in the building, one that is not connected to the internet, and one that is. The boss does not want the internal network to be accessible from the web AT ALL. As of right now, there are two machines at each workstation with a KVM. I am wanting to remove one machine and load a VM on the remaining one.
The host OS would be the one that is used only for the internal network and the guest would have access to the web. That way, if a guest is infected, I just have to replace the virtual HDD. With the exception of a shared folder between the two, there would be no other interaction between the host and guest.
Now for the problem and the purpose of my question... The host has two network cards - the host can talk through this card to get to the internal network. The host cannot talk through the other NIC at all... it is only for the guest, which gets it on the web. How do you set up a NIC on the host in such a way that the guest can use it if it is "disabled" on the host. My first idea is to assign static addresses to the internet NICs, give the guest a gateway address, but not the host. But that just gets rid of the host's route to the web, not the other way around (I think... Since the host still has an IP (but not a gateway), things on that network could still access the host.)
Bottom line is I need to keep the two networks separate, but I want to reduce the number of machines in use. But how to keep the host from using both NICs...
I have two networks in the building, one that is not connected to the internet, and one that is. The boss does not want the internal network to be accessible from the web AT ALL. As of right now, there are two machines at each workstation with a KVM. I am wanting to remove one machine and load a VM on the remaining one.
The host OS would be the one that is used only for the internal network and the guest would have access to the web. That way, if a guest is infected, I just have to replace the virtual HDD. With the exception of a shared folder between the two, there would be no other interaction between the host and guest.
Now for the problem and the purpose of my question... The host has two network cards - the host can talk through this card to get to the internal network. The host cannot talk through the other NIC at all... it is only for the guest, which gets it on the web. How do you set up a NIC on the host in such a way that the guest can use it if it is "disabled" on the host. My first idea is to assign static addresses to the internet NICs, give the guest a gateway address, but not the host. But that just gets rid of the host's route to the web, not the other way around (I think... Since the host still has an IP (but not a gateway), things on that network could still access the host.)
Bottom line is I need to keep the two networks separate, but I want to reduce the number of machines in use. But how to keep the host from using both NICs...