the firewall does not help, I checked first of all, the firewall will close the ports, and there is another system, you try at the beginning, then you say.

Please try to explain what you want to see when you scan your local network.

Ulli

Have you seen my screenshot from the first post? all virtual machines with poppy addresses are displayed there, they were detected by a scanner running on one of these machines and they can be linked that they are all from the same host network, you need to prevent detection.

Of course I have seen your screenshot - thats why I asked those questions.
Take mspaint or whatever and show me what the same sscan should display - then I can try to offer options.

Ulli

it should not find other VM with mac addresses, complete isolation is needed with Internet access for 8 VM so that they do not see each other.

Method 1 is not suitable, I need internet.

2 way NAT also scans all machines

You want complete isolation ? - may I assume that you mean that your VMs are invisible to scans done with simple IP-scanners ?
That depends on your setup.
At the moment I assume that 192.168.1.1 is your local router and ETAXOG is your Windows-host.
All other IPs are used by VMs.
All your VMs use bridged vmnet0.
Is that correct ?

Are you paying for one internet connection ( one public IP) or are you rich and can afford paying for 8 public IPs ?
By the way - visit https://www.whatsmyip.org/
and find out that all your VMs use the same IP.
And in case you are not aware of - you use the same IPs and MAC addresses that I use here ....

Ulli

almost true, only ETAXOG is the vm with which the scan was launched, the machines use a bridge yes, that’s right, all vm have different ip through a proxy and the poppy address has been replaced, by scanning one you can determine that they all belong to me.

> by scanning one you can determine that they all belong to me.
No - they belong to me.

LOL - that was funny.
I never heard the term poppy address - do you mean public address ?

Ulli

if you need internet connection means exposing the vm in network, so the advance scanner definitely scan  all your VM's which is available in network.

any how you don't want scan remaining which have this scanner isolate it with different ip pool, it doesn't know ip's of other machines.

mac - gogle translate((( 

according to the link there linux, I have windows
I do not use a firewall, but I checked that if you close everything tightly, it is scanned anyway.

I used a Windows host too - only the firewall VM used Linux / OpenBSD.
I would say that your request simply makes no sense - nobody outside your local network can address IPs from the private range.
And if you have the enemy inside your local network then your case is hopeless anyway.

Ulli

Need to create several "host-only" networks (vmnet1, vmnet2...) for each VM and connect each network to eth0 like on the screen

I was looking for solution for some time and figured out that third party proxy (Squid) is not required for this task. Image was taken from here Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters has a parameter  ForwardBroadcasts was set to 1. Routing and Remote Access service was switched to start automatically. But what is route add or netsh commands should be to reproduce iptables data in Windows? Internet just flooded with not relevant info, mostly for Unix based systems. Thank you for help.

thanks a lot, you've come up with a solution!