-1

What I'm trying to do is to reach a specific IP address from a VirtualBox guest with host-only networking in another subnet. I want to keep the guest machine isolated (not reachable from outside except for that specific IP and more important no internet access). I'm not sure if that is possible at all since it is called "host-only" network and maybe there is another, better solution for this - I'm happy about any type of advice.

This is my current setup:

Host machine A (Ubuntu 14.04):

eth0: 192.168.0.100, gateway 192.168.0.1

vboxnet0: 192.168.56.1

Guest machine B (Windows 10) with host-only adapter:

192.168.56.101, gateway 192.167.56.1

Another machine C:

192.168.0.101

What I need is that machine B can reach machine A and C but no other machines/network or internet. I can currently ping the host machine A from the guest machine B via ping 192.168.0.100 but not machine C. I tried creating a route on the host machine A using the command

ip route add 192.168.56.101 via 192.168.0.100 dev eth0

but ping from B to A won't work after doing this.

Edit: It is now clear to me that creating a route on the host dosn't make sense and is the wrong approach for this question.

I have to admit that I am not a network expert and therefore I am happy about any kind of feedback.

Improve this question
7
  • 2
    Why are you adding this route to machine A? The guest machine with an 192.168.56.x address clearly isn't on eth0, is it?
    – grawity_u1686
    Commented Sep 30, 2019 at 6:38
  • I thought of machine A acting like a "router" which tunnels the traffic from machine B to C using a route. But I guess from your comment that this approach might be wrong. What would be the correct way to configure such a scenario?
    – bender
    Commented Sep 30, 2019 at 6:52
  • That's true, but this specific route logically doesn't make any sense on machine A. It would perhaps make sense on machine C, telling it how to reach B via A. (The router A actually already knows how to reach both.)
    – grawity_u1686
    Commented Sep 30, 2019 at 6:56
  • Unfortunately I'm not able to modify machine C so I guess this setup is not possible for me. Thanks anyway!
    – bender
    Commented Sep 30, 2019 at 7:45
  • Are you able to modify the LAN router (192.168.0.1 or such) that both A and C are connected to?
    – grawity_u1686
    Commented Sep 30, 2019 at 7:55

1 Answer 1

Reset to default
0

Just for reference, I would like to post a solution that worked for me after trying different ways.

The following steps worked for me with Ubuntu 14.04 as host and Windows 10 as guest:

  1. Make sure IP forwarding is enabled

    sudo sysctl net.ipv4.ip_forward=1
sudo sysctl -p

  2. Set iptables rules:

    sudo iptables -t filter -I FORWARD --in-interface vboxnet0 --out-interface eth0 --source 192.168.56.0/24 --destination 192.168.0.101 -j ACCEPT
sudo iptables -t filter -I FORWARD --in-interface eth0 --out-interface vboxnet0 --source 192.168.0.0/24 --destination 192.168.56.0/24 -j ACCEPT
sudo iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

With these steps applied, I'm able to reach the machines A and C from the guest B but no other address and especially no internet. I don't know exactly why this works and maybe someone who knows more about this topic knows an explanation.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .