Host firewall and bridged mode networking

[deathstalker]

Hello,

I'm running virtual Windows 8 on a Linux host. If I want to host, let's say, a game server, on the guest, how should I configure the host firewall? The virtual network card is in bridged mode. There's a router where the host machine is connected to so I have to do port forwarding there first. But is that all or should I also take the host firewall into account? And how about VM network card promiscuous mode setting? I guess it doesn't matter as long as I don't need to sniff the traffic.

[BillG]

No, that isn't how you do it. If the guest is in bridged mode it has its own IP which is directly reachable from the router. You forward the traffic directly to the guest, not via the host. The firewall in the host OS should never see the traffic.

On promiscuous mode, you can normally leave it off (unless you want to run a network sniffer, as you say).

[deathstalker]

No, that isn't how you do it. If the guest is in bridged mode it has its own IP which is directly reachable from the router. You forward the traffic directly to the guest, not via the host. The firewall in the host OS should never see the traffic.

I thought so too. It does have its own IP and it can be seen in the router network map (it has the same MAC number as the host but I guess this is normal?). But it isn't that simple...

I use UFW firewall manager on the host system (and gufw as a GUI for it) and when the default incoming traffic policy is set to "deny", server(s) on the VM cannot be reached from outside. I also tried to probe the corresponding ports via the ShieldsUP service and they show up as stealth. If I set the incoming policy to "allow", the servers work properly. So the guest traffic apparently goes through the host firewall as well.

So far I have only messed around with UFW and haven't looked at the actual iptables/netfilter rules. The host machine is connected to the router via WiFi (VM attached to wlan0) although I'm not sure if this is important.

[deathstalker]

Does anyone know more about this? I once thought that it would be just like BillG said but it's apparently not. Could it be due to having the host computer connected to the router via Wifi? I think I saw something about Linux hosts and wireless networks...


BTw, I think the Linux host board could be a better place for this...