2

I have a computer on my network that serves as a Host PC for a VirtualBox Guest VM. Both the Host PC and Guest VM run Windows 7.

I would like to block the Guest VM from accessing the Host PC as well as the rest of the LAN. The Guest VM should have access to the Internet only. The purpose of this is so I can test questionable programs in the VM without anything escaping. I will need Internet access from inside the VM, but I do not want to have any access to the rest of the LAN or the Host PC, from inside the VM.

My router runs Tomato firmware, in case that is relevant.

Does anyone know how I can accomplish this?

Improve this question

1 Answer 1

Reset to default
0

The problem with doing this in this piecemeal way is that there is no fool-proof solution. I would suggest you search Google for VirtualBox sandbox, which will show you can implement a number of well-designed solutions to increase your security.

If however you insist on doing this in a naif way, then there are two solutions:

1) set up a VLAN on your router, to which you will assign only the VM; this way you will separate the VM from the rest of your LAN. Of course, this requires hardening the router on the LAN side as well, but you would have to do this also in case you adopt solution 2.

2) use a Bridge connection, configure your router to assign always the same IP number to the VM (it is called Address Reservation), and block this address via firewwall on all pcs. This still leaves exposed printers, NAS, TVs, whatever does not have a configurable firewall.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .