"So you want those VMs to see internet without being visible from the production LAN?"

Yes. I don't want it to broadcast for other MS devices on the production network. Specifically, I want to deny it from talking to existing domain controllers. If it can't talk to a specific IP range on the LAN, they should appear invisible to the domain controllers.

"What is a network path to the internet from a computer that is not connected to a production LAN?"

Perhaps I didn't phrase the question properly to avoid rhetorical responses to give some kid an ego boost for shutting down the noob VM guy. What I need is a means to only allow the VMs to talk to the default gateway for the LAN of the host and possibly bypass broadcast packets to that same LAN. I was thinking that maybe someone else out there might have a suggestion on iptables for filtering outgoing and incoming MS broadcasts and MS service hosts.

Thank you for explaining.

I suggest that you discuss your plans with production network administrator. Failing that can have some consequences.

Perfect answer since I am the production network administrator! Now I remember why I've never bothered signing up here in the past ... no need to respond I won't be back. Sorry I wasted your time ... Cheers!

I believe when Peter asked "What is a network path to the internet from a computer that is not connected to a production LAN?", he was trying to get you to ask YOURSELF how you would accomplish this same task forgetting all about virtualization. Almost all the time, the guests have no concept that they are not running on real hardware. And, almost all the time, any troubleshooting or "how do I do this?" questions are handled EXACTLY the same way they would be if the hardware were real.

Why so sensitive, Ben? Part of the reason that Peter is advising you to see the network admin is that what you want to accomplish is not really a VMWare issue. Ask yourself how you would "hide" your machines if they were normal physical machines. A quick and dirty method that may be sufficient for you is NAT between the hidden machines and the internet gateway. Whatever, my point is that the the problem/solution doesn't appear to be a virtualization thing.

Plus we didnt' know you were the net admin! A lot of people try to sneak past the net admin and we certainly don't want to get in trouble that way. You wouldn't want someone here helping one of your coworkers to bypass any of your security protocols, right?

So if you decide to post back, please try to provide as much detail to what you're trying to accomplish. The members will try to help out as much as they can, but please remember that this forum is focused mainly on VMWare virtualization issues.

Hope to see you again.