Scorpion99 wrote: Did you try Host-Only (private network with the host) instead of NAT?

The OP states "The Guest is also Windows (in this case) and needs to have Internet access, but not have access to other machines on the LAN" so using Host-Only by itself will not allow the Guest to have the required Internet access although it will isolate it from the Host's LAN!

That is correct, I am sure "Host Only" will restrict the VM to only the ability to access the Host, but what I need is for the VM to only have internet access.  No access to the host or the LAN the host is on.  Prior to version 9.0 of Workstation, if you put the VM on NAT it could not access the Host or the LAN, but 9.0 seems to have removed that restriction and in my opinion resulted in a security hole that I now need to find another way to close.  Any suggestions would be appreciated.

russciii wrote: That is correct, I am sure "Host Only" will restrict the VM to only the ability to access the Host, but what I need is for the VM to only have internet access.  No access to the host or the LAN the host is on.

It terms of the VM itself and any Network Connectivity VMware Workstation provides through the Host you have choices and one requires there to be a second physical network adapter on the Host with a subnet that is isolated from the Host and the primary subnet the Host is using for other LAN Communications.  Then you can bind VMnet0 to the second adapter while disabling all but VMware Bridge Protocol the second adapter to achieve this.  The other option is to have no virtual adapter and use a USB Wi-Fi (or USB Ethernet) network adapter connected to the Guest and attach to an isolated router that is configured for Internet Connectivity only.

russciii wrote: Prior to version 9.0 of Workstation, if you put the VM on NAT it could not access the Host or the LAN, but 9.0 seems to have removed that restriction and in my opinion resulted in a security hole that I now need to find another way to close.  Any suggestions would be appreciated.

That statement is not totally true!  A VM with a NAT Network Adapter can still access the Host and the LAN the Host is on in other version too.  If you need to isolate the VM then as I already said "The other option is to have no virtual adapter and use a USB Wi-Fi (or USB Ethernet) network adapter connected to the Guest and attach to an isolated router that is configured for Internet Connectivity only."

Additionally through the use of Firewalls and managed switches/routers you can implement additional security.

WoodyZ‌ - I need do something similar. Instead of having a separate LAN/ Network could I just connect the isolated VM to the internet using a 3G USB dongle (i.e. USB 3G data card)?

Using VMWare Workstation 10.0

Hi xbliss,

That's pretty much what Woody said yes, normally that should work.

If it doesn't then please open a new topic.

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva