Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th January 2011, 05:52
JeffPalmer JeffPalmer is offline
Junior Member
 
Join Date: Jan 2011
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Angry Isolating VMWare Appliance in Linux

I'm running a Mandriva 2010.2 system. Inside of that, I'm runnng a VMWare virtual Mandriva 2010.2 Linux system. My plan was to run a mail server (Postfix) in the virtual environment, protecting the host system should the mail server become compromised. Everything is working, but I am unable to isolate the virtual system from accessing the host system.

System configuration:

Host system has 2 NIC cards, one to the internet (NET), the other to my internal LAN (192.168.0.0 - LOC). The system acts as a firewall for my internal network (using Shorewall).

The virtual system is connected via NAT (VMNET8: 192.168.100.1), virtual system set up with 192.168.100.2 (DMZ).

The virtual system can access the internet with no problems. IPTables is setup for DNAT to pass packets on port 25 to x.x.x.1 (which forwards to x.x.x.2) in the DMZ. The virtual system is able to collect and send mail. Systems on the LAN are able to connect to the virtual system and download mail, as well as remote connect to the virtual system to perform various maintenance items.

My intention was to set up the virtual box to accept connections:
DMZ to NET works fine.
FW and LOC to DMZ works fine.
But I am unable to block connections from DMZ to LOC or FW (I am able to ping from 192.168.100.2 to FW or any IP in LOC).

I have been unable to determine what route pings take to get from 192.168.100.2 to any address in 192.168.0.0. I tried blocking addresses from the DMZ to LOC in a number of different ways, but have been unable to block traffic originating from DMZ to any address in LOC.

I originally tried a Host-Only configuration with the virtual system, but while I was able to segregate the networks, I could not get the VM to access the internet. Changing to NAT solved that problem, but did not isolate the virtual network from the LAN.

Thanks in advance for any advice.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
isolated, linux, networking, vmware

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vmware server 2.0.2-x with Ubuntu server 10.04 VMware Remote Console Plug-in letsharehowto HOWTO-Related Questions 12 6th December 2011 20:23
Unsupported memory accesses after HowTo Installing Xen On An Ubuntu 8.04 petervanbussel HOWTO-Related Questions 10 20th December 2009 19:46
VMware Server and Linux Mint 5 waellerbe HOWTO-Related Questions 1 2nd June 2008 10:42
Problems installing NForce4 sound drivers Wraithfire Installation/Configuration 21 16th April 2006 17:30
KErnel not showing all my memory Jorem Kernel Questions 8 13th April 2006 12:59


All times are GMT +2. The time now is 23:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.