virtualbox.org

Hello all,

why do i need to bind the TCP/IP driver on a NIC which should only be used as a bridged NIC
The host should not have access to my LAN via this NIC.

Background:
I have a VM as a virtual firewall/router and give other VM's access only via a host only network

So i setup the firewall VM with two NIC's, one as bridged to the host's NIC, the other as host only network.
My other VM's have only one NIC in the host only network.
So all trafic from the VM's to the LAN is routed by the firewall VM.

This works fine, but i have to bind the host's NIC not only to the VirtualBox Bridged Network Driver
it has also be bound to the TCP/IP driver.
When not having the TCP/IP binding i can't access the LAN from the firewall VM.
I don't understand why, i think the firewall uses it's own TCP/IP stack, why do i need the host's stack?

This behaviour results in a direct LAN access for the host bypassing the firewall VM, which is a security issue.

How could i solve this?
Thank for ideas, regards

Carsten

How strange. I would have thought the same, that disabling TCP/IP would prevent the Host from using the NIC for traffic while allowing the Guest to use it. If you're 100% sure that it's not working like this, explain it as good as you can in a ticket using the Bugtracker (separate account needed).

very strange, i tried it several times with the firewall VM, with or without restarting the VM.
After rebooting the host i couldn't observe it anymory: now it works without the TCP/IP binding
Sorry for disturbing