bridges, NAT, virtual machines, brain hurt :-).
Craig White
craigwhite at azapple.com
Wed Dec 28 02:56:50 UTC 2011
On Tue, 2011-12-27 at 21:30 -0500, Tom Horsley wrote:
> I'd like to make a Windows virtual machine that has access to
> the outside world but is completely blocked from access to my
> local area network (other than whatever forwarding and routing
> has to happen on my LAN).
>
> The idea is to make a virtual windows box which can suffer
> any ill effects of unsafe browsing practices, while preventing
> any of those effects from escaping into my LAN. (Then if I
> use a qcow2 image with a backing file, I can reset the machine
> to its original undamaged state by simply regenerating a
> new qcow2 image).
>
> I keep thinking along the lines of setting up a new bridge
> on a separate subnet and doing some sort of NAT routing,
> but details escape me. I can write those words, but have no
> idea how to actually accomplish what I want (especially how
> to restrict the NAT to the outside world and prevent any
> access to local LAN).
>
> I keep thinking this should have been dome by someone already
> and there should be examples out there, anyone know of any?
----
decent routers have the option for a 'DMZ' host that will achieve what
you want without any effort.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users
mailing list