keithruck
Contributor
Contributor

Newbie networking: Allow VM network access through host but block host itself?

Jump to solution

I checked the FAQ and googled (although I have no idea if I'm using the best search terms).

Background: Host is Vista32, VMs are XP, Win98, Ubuntu (several of each, all individually licensed copies- consolidating from a multi-PC test bank). Started with player, had some networking problems so I ended up moving to Workstation, and initially installed two network adapters (one NAT, one Bridged) on each VM to troubleshoot. With that setup, I am getting network access, so I've temporarily left both attached to the VMs (although I need to change that to just bridged).

For the record, I know that the host will still need a physical connection to the internet to service the VMs; what I'm really asking is whether that happens "above" or "below" the connection the Host OS itself uses- can I allow a bridged connection while at a lower level blocking the host itself from accessing the internet (or visa versa)

I'm not a hardware guy, and I don't know enough about how VMWare workstation makes the internet connection through the host, so I may be shooting in the dark, but I welcome any input and suggestions. After mixed success with installing firewall (zonealarm) and some viruscheckers on the host itself I've had interference with being able to load and run VMWare workstation, so I had to uninstall them to keep using the VMs. Rather than waste an unpredictable amount of time figuring out whether there is any workable solution for software protection of the host, it just seems faster and easier to 'disconnect' it from the internet since all of my work is on the VMs, and they would have bridged connections.

I'm interested in doing everything possible to protect the host from viruses and malware, and am wondering if there is any way to set up the connections so that VMWare workstation and the VMs will still have internet access through the host, but block the host itself from any connections (inside or outside the local network). Basically, the host is only there to host the VMs, and I want to avoid any possible corruption including inbound hackers. The VMs have firewalls and viruscheckers and if they catch anything bad, that is part of my test environment and I'll need to know it. But I want to do everything possible to avoid having the (unprotected) host compromised, and it seems like if there is a way to allow the VM connection to pass through without involving the host at all (Bridged), maybe there is some way to then block the host from accessing the internet (and visa versa?). Something that I could turn back on again for updates if needed, but would mostly be off.

I appreciate any advice you can give,

Keith

0 Kudos
1 Solution

Accepted Solutions
devzero
Expert
Expert

>can I allow a bridged connection while at a lower level blocking the host itself from accessing the internet (or visa versa)

yes - easily.

in the host os, you just can unbind tcp/ip protocol from the nic you`re using with vmware. just leave vmware bridge protocol bound to that interface.

your host may see the packets, though - but without ip adress nobody may talk to that via internet

View solution in original post

0 Kudos
2 Replies
devzero
Expert
Expert

>can I allow a bridged connection while at a lower level blocking the host itself from accessing the internet (or visa versa)

yes - easily.

in the host os, you just can unbind tcp/ip protocol from the nic you`re using with vmware. just leave vmware bridge protocol bound to that interface.

your host may see the packets, though - but without ip adress nobody may talk to that via internet

View solution in original post

0 Kudos
keithruck
Contributor
Contributor

DevZero-

Thank you for your reply! This sounds even easier than I had hoped for. I'm travelling for work right now, but I'll implement this as soon as I'm back at home base.

Thanks again,

Keith

0 Kudos