Securing a guest VM to give it internet access, but block access to host LAN

Solution 1:

Solution - add a firewall rule to the host: block (local IP = all, program=virtualbox.exe, remote IP = {range you want to block})

Solution 2:

You say Linux so I'm assuming you have IPtables installed. You can only allow inbound/outbound traffic on port 80 (HTTP), port 443 (HTTPS) and outbound DNS. Use at your own risk as I have not tested these rules. Also, make sure you are the physical machine when you do it. If you are remotely connecting you may disconnect yourself and not be able to get back to the machine.

#delete all rules
iptables -F

#change default policy to drop everything
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#add rules for port 80 and 443 to only allow this traffic
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

#allow outbound DNS
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT

#allow loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

List Rules:

iptables -L

Securing a guest VM to give it internet access, but block access to host LAN

Solution 1:

Solution 2:

Related

Recent Posts