Isolate Physical NIC to Guest

sar881 · Post by **sar881** » 29. Apr 2011, 18:31

Is there a way to isolate a physical NIC so that it can only be used by a guest machine, without any interaction with the host? I want to set up a guest that I can access remotely across the Internet, but don't want my Host being accessible. So far, I've used a bridged network connection, but the best that seems to do is share the NIC between the host and the guest.

On a related note, I looked for this, but couldn't find an answer: If some-one or -thing penetrated my guest, would they have access to my host machine as well? Is there any documentation on the security best practices for setting something akin to a DMZ for a guest?

Any help would be appreciated. Thanks!

Post by **Perryg** » 29. Apr 2011, 18:36

Setup a separate (USB adapter) that the guest uses. wifi or Ethernet. will make access to the guest alone.
Do not use shared folders and firewall the guest from the host.

sar881 · Post by **sar881** » 29. Apr 2011, 19:59

The NIC is not a USB device, rather, a PCI card. Will this method still work?

Post by **Perryg** » 29. Apr 2011, 20:01

No.
VirtualBox can not separate the PCI device from the host. But if you want your guest to work as you said the USB route is your only option and it does work.

Post by **BillG** » 30. Apr 2011, 02:54

If you want to do this with PCI NICs you need two of them. You dedicate one to the host and one to the guest. The guest only NIC has only the bridged networking filter enabled (no access to the host IP stack) while the host only NIC has the bridged networking filter disabled (no access to the guest).

virtualbox.org

Isolate Physical NIC to Guest

Isolate Physical NIC to Guest

Re: Isolate Physical NIC to Guest

Re: Isolate Physical NIC to Guest

Re: Isolate Physical NIC to Guest

Re: Isolate Physical NIC to Guest