Look here https://sanbarrow.com/transparentbridge.html
I explained a procedure that prevents that one of your VMs can scan another VM while both can scan your local router (192.168.1.1 in your case.
It requires one extra VM and several additional vmnets.
I wonder whats the reason for your request - most users assume that their own VMs are friendly to other local VMs.
Do you use firewalls inside your VMs ?
Do you really assume that I can scan your 192.168.1.* IPs from here (germany) ?
Ulli
I would suggest learning more about networking in Workstation Pro: https://docs.vmware.com/en/VMware-Workstation-Pro/16.0/com.vmware.ws.using.doc/GUID-0CE1AE01-7E79-41...
Your options would depend on what you DO and DO NOT want to scan.
The purpose of a network-scanner is to find all items inside the network range you specified.
A computer that does not want to be detectable by such a scan needs to operate a firewall that then lets the incoming scan-packets timeout.
Your question is similar to a man that opens his eyes inside a wood and then complains about seeing so many trees.
Can you please explain what you want to see instead ?
Ulli
the firewall does not help, I checked first of all, the firewall will close the ports, and there is another system, you try at the beginning, then you say.
Please try to explain what you want to see when you scan your local network.
Ulli
Have you seen my screenshot from the first post? all virtual machines with poppy addresses are displayed there, they were detected by a scanner running on one of these machines and they can be linked that they are all from the same host network, you need to prevent detection.
Of course I have seen your screenshot - thats why I asked those questions.
Take mspaint or whatever and show me what the same sscan should display - then I can try to offer options.
Ulli
it should not find other VM with mac addresses, complete isolation is needed with Internet access for 8 VM so that they do not see each other.
Method 1 is not suitable, I need internet.
2 way NAT also scans all machines
You want complete isolation ? - may I assume that you mean that your VMs are invisible to scans done with simple IP-scanners ?
That depends on your setup.
At the moment I assume that 192.168.1.1 is your local router and ETAXOG is your Windows-host.
All other IPs are used by VMs.
All your VMs use bridged vmnet0.
Is that correct ?
Are you paying for one internet connection ( one public IP) or are you rich and can afford paying for 8 public IPs ?
By the way - visit https://www.whatsmyip.org/
and find out that all your VMs use the same IP.
And in case you are not aware of - you use the same IPs and MAC addresses that I use here ....
Ulli
almost true, only ETAXOG is the vm with which the scan was launched, the machines use a bridge yes, that’s right, all vm have different ip through a proxy and the poppy address has been replaced, by scanning one you can determine that they all belong to me.
> by scanning one you can determine that they all belong to me.
No - they belong to me.
LOL - that was funny.
I never heard the term poppy address - do you mean public address ?
Ulli
if you need internet connection means exposing the vm in network, so the advance scanner definitely scan all your VM's which is available in network.
any how you don't want scan remaining which have this scanner isolate it with different ip pool, it doesn't know ip's of other machines.
mac - gogle translate(((
Look here https://sanbarrow.com/transparentbridge.html
I explained a procedure that prevents that one of your VMs can scan another VM while both can scan your local router (192.168.1.1 in your case.
It requires one extra VM and several additional vmnets.
I wonder whats the reason for your request - most users assume that their own VMs are friendly to other local VMs.
Do you use firewalls inside your VMs ?
Do you really assume that I can scan your 192.168.1.* IPs from here (germany) ?
Ulli
according to the link there linux, I have windows
I do not use a firewall, but I checked that if you close everything tightly, it is scanned anyway.
I used a Windows host too - only the firewall VM used Linux / OpenBSD.
I would say that your request simply makes no sense - nobody outside your local network can address IPs from the private range.
And if you have the enemy inside your local network then your case is hopeless anyway.
Ulli
Need to create several "host-only" networks (vmnet1, vmnet2...) for each VM and connect each network to eth0 like on the screen
I was looking for solution for some time and figured out that third party proxy (Squid) is not required for this task. Image was taken from here Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters has a parameter ForwardBroadcasts was set to 1. Routing and Remote Access service was switched to start automatically. But what is route add or netsh commands should be to reproduce iptables data in Windows? Internet just flooded with not relevant info, mostly for Unix based systems. Thank you for help.
thanks a lot, you've come up with a solution!