myitanalyst
Contributor
Contributor

Team Isolation, but still need internet access without interacting with company network.

I am sure this is more of a networking question than a VMWare question, but I figured someone has done it. I did a search in the community, but haven't really found a clear answer.

Let's say I create a team that has the following:

192.168.200.0 Network

P2V of our 2003 Domain Controller with DHCP and DNS

Virtual Windows XP

Virtual 2003 Server (Member of Domain)

Host is XP64Bit and a member of our AD network.

I want to keep the VM machines all isolated from our existing AD network so using a Team is the simple answer... BUT if I want to make sure any of the VM machines have access to the internet (BUT NOT our company network) what is the best cheapest way to achieve this.

Thanks.

0 Kudos
7 Replies
rriva
Expert
Expert

Create another Linux VM with two ethernet interfaces,

the first on on the same network of other VM, the second bridged to your AD Netowrk.

Use the IP address of your brand new Linux as the default router of all VM's

Create your own rules to gave access only to internet and not to your AD network.

Price : 0 !

Bye

R

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanx!

RRiva | http://about.me/riccardoriva | http://www.riccardoriva.com
myitanalyst
Contributor
Contributor

I have no Linux experience at all so I wonder if there is a Windows solution... Since I have Windows Servers and Clients if there is a feature built into Windows that would allow me to do this then that would be my preference.

Thanks

0 Kudos
rriva
Expert
Expert

The only problem is that you must create another VM, because you want to keep separate you actual TEAM from your production AD.

I've said you to install Linux because it's free and IPTables is a very powerful firewall.

You could find other firewall also for Linux, but not sure at the same level ....

Some free products are :

Zone Alarm

OutPost

But you could find a Linux with Firewall appliance VM if you look at VMTN.

Bye

R

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanx!

RRiva | http://about.me/riccardoriva | http://www.riccardoriva.com
myitanalyst
Contributor
Contributor

Yes... I see about needing another VM.

Now if there is an already built Linux with just the needed tools in appliance mode with some good instructions then I would definitely consider it... being I have never messed with Linux. If you know where to find such a thing then please share.

When I get free over the weekend I'll do some research on this.

In one of my environments I have access to a secondary broadband link that has nothing to do with our corporate network so I could also just make a second NIC in a windows server and install the routing and route out that network... the problem is I can't guarantee this will always be available.

Thanks.

0 Kudos
myitanalyst
Contributor
Contributor

I did some research over the weekend and found the IPCop Appliance. If need be I'll go this route... but for my information what would be the equivalent Windows based solution to achieve the same result of ONLY allowing the VM's of the team access to the internet and NOT the internal company network?

Thanks.

0 Kudos
rriva
Expert
Expert

The equivalent solution would be to install a Windows VM with the ethernet interface.

Connect the first one to one network

Connect the second one to the other network

and then install a software firewall to define the acl to permit or deny some network traffic in both direction.

It would be the same thing you're going to do with a free Linux VM, but in this case you have to pay the Windows OS License and also the software firewall, otherwise you can choose from some free firewall as I told you in my previous message.

Bye

R

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanx!

RRiva | http://about.me/riccardoriva | http://www.riccardoriva.com
0 Kudos
myitanalyst
Contributor
Contributor

Thanks for the replies rriva.

Licensing is not an issue as all of this is in development mode and we have full rights through technet and msdn to test all of this... which is what we are doing.

I am just absolutely green when it comes to Linux so the learning curve may be the issue there. I have downloaded the VM Appliance so I will play with it some later today.

Thanks

0 Kudos