[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] VMWare and Firewall
- Subject: [ale] VMWare and Firewall
- From: timothy at meanor.net (timothy at meanor.net)
- Date: Mon, 04 Jun 2007 15:52:16 -0400
You could use the NAT virtual network for the VMs (it's VMnet8 in VMware server, if that's what you're using). With this set up, the VMs can see each other, and the VMware server host acts as the default gateway. Apply the ip tables rules to the host interface that is on the NAT network ("VMware Network Adapter VMnet8"). Of course, this doesn't work if hosts on other networks need access to the VMs (e.g. via ssh).
>>
>>
>>That's a problem as some of the VM's are windows boxes and we don't want to
>>trust
>>them to protect themselves.
>>
>>
>>Thus spake Jim Popovitch (yahoo at jimpop.com):
>>
>>> On Mon, 2007-06-04 at 15:01 -0400, Robert L. Harris wrote:
>>> >
>>> > It is bridged. I'm running the firewall on the host OS. So I would
>>need
>>> > to apply it to "vmnet1" or "vmnet8" ? running tcpdump on these
>>interfaces
>>> > doesn't show any traffic.
>>>
>>> You need to add iptables rules inside each virtual machine. The host
>>> can not protect the bridged interface.
>>>
>>> -Jim P.
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://www.ale.org/mailman/listinfo/ale
>>
>>:wq!
>>---------------------------------------------------------------------------
>>Robert L. Harris | GPG Key ID: E344DA3B
>> @ x-hkp://pgp.mit.edu
>>DISCLAIMER:
>> These are MY OPINIONS With Dreams To Be A King,
>> ALONE. I speak for First One Should Be A Man
>> no-one else. - Manowar
>>
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale