I've got a VirtualBox machine set up and it runs fine. But I want to limit it's network access to only computers on my LAN (192.168.2.x). I do not want it to have any type of incoming or outgoing access to the internet at all.
Just remove the Default Gateway in it's IP settings. Or modify the operating systems hosts file.
If your really serious about blocking it though you should block it via a firewall.
Related
I'll make this quick.
I have created a virtual network by setting several VMs to use HostOnly VMnet1 as their network adapter.
I then added a pfsense virtual machine firewall into that same network and configured it to allow traffic to the internet but block to/from my real home network.
That way - my virtual network can connect to the internet even though it is in host only mode.
The thing is, I need to manually set the DNS and Gateway of each machine in VMNet1 to the VM firewall to allow them to communicate since all communications must flow through it.
I was trying to figure out if I can do this automatically. When I go into Virtual Network settings in VMWare Workstation 16, the only options I can set are the subnet and available IP Scope. There is no option for default gateway or DNS here. Can this be done?
Do you have the ability to run a DHCP server on the PFSense firewall which is connected to the VMNetwork? If so, either Windows and Linux VMs that have their NICs set to DHCP, would get the IP, DNS and GW from the DHCP.
Several days ago, AWS suddenly started blocking my ability to SSH to ANY of the EC2 servers I've setup across multiple accounts.
When I try to connect I get a message about "client_loop" disconnect and Broken Pipe.
But I can't figure out why. It's not the servers themselves. It has to be Amazon somehow. It's not my SSH keys. It's not my IP address alone. It can't be my mac address alone.
I can VPN to another country and SSH in like I normally would do. This made me think IP Address.
I can connect to my phone's hotspot and then I can SSH as usual. Again, made me think IP Address.
I then decided to try my son's PC (I'm on a mac) and just using the home network like my computer uses, his computer can SSH in. This tells me it's NOT the IP Address alone. So the only thing I can figure is that it must be a combo of IP and Mac address. I can't think of anything else that could be blocking it.
But I have several clients with servers in different AWS data centers and none are configured to block the IP address. But all of them are inaccessible.
I'm very confused as to what to try next. Looking for ideas.
Thanks!
Depending on the OS, check against the audit log of the server itself.
AWS will not be blocking based on Mac Address but its possible that the host OS might have. Outside of that give your home machine a reboot and try again.
I have a virtual machine instance running on Google Cloud Compute Engine — a preemptible free-tier CPU running Ubuntu 17.04. The end goal is to connect it to a MongoDB running on my local machine, a 2015 Macbook Pro (OS 10.12.6). But first, I've been trying to ensure the VM can reach my Mac via ping.
Running ping <VM's external IP> from my Mac works.
pinging my Mac from another Mac on the same wifi network works.
Running ping <Mac's IP> from the VM via the browser terminal does not work.
I've disabled my Mac's firewall. I've also configured my VM's firewall rules to allow all inbound and outbound traffic, to no avail:
ingress firewall rules, egress firewall rules
How might I get this instance to ping my Mac successfully?
Does your Mac's IP address begin with 10., 192.168., or between 172.16. and 172.32.? These are private addresses only reachable within your Mac's local network, which is (part of) why GCE cannot reach your VM.
This is part of a very common configuration. An ISP only allocates one (or a small number) of IP addresses to your home or business. A router on the network performs NAT to share that IP addess between computers on the local network, which instead use private IP addresses for themselves. As the router doesn't know what to do with the inbound MongoDB traffic, it blocks it.
There are two common ways around this that are usually found in your router settings:
"port forwarding" where you tell the traffic to forward all traffic on port 1234 to your Mac. This can get MongoDB working, but not ping.
If you have whole extra IP addresses, "DMZ" where your router directly forwards an entire extra IP to your instance. If you have only one IP address this is not an option as that IP is needed to be shared for other devices on the Wifi.
You likely also have a firewall on the router. If you use a DMZ or port-forwarding you must make sure that firewall allows traffic through too.
That said, I'm not sure that this is a sensible thing to do. Opening up your local network to the internet can create major security issues, plus it is likely unreliable more expensive (free tier only provides 1GB egress/month, your db traffic could exceed this).
Actually running MongoDB on instances within GCE is almost certainly a better option in every regard for you.
First off, the base question: how to reliably achieve IP/DNS resolution on a mixed network (Linux, Windows, Mac OS), on a common private physical network using IPV4/6, to hosted VM'S that may or may not have VPN's active and DHCP - without an internal DNS.
My Setup:
I run a Windows 10 Host machine with a static IPV4 address, which powers multiple Windows 10, and Linux VM's. Some of the VM's access VPN's, which run IPV4/6 VPN networks. Presently I use a Mac OS computer to RDP to the host system, and I use the Virtual Box GUI to access the systems from there.
I have tried using RDP (Microsoft), to access the VMs independently from my Mac OS system, however this only works through the Local IPV4 address when the VPN is not active - or the IPV6 address with the limitations noted below.
I have also tried using the IPV6 address; and while this works some of the time, I have have mixed to unpredictable results with this on reboots/IP refreshes. The IPV6 Address changes periodically, and I have to log into the router to determine the new address and update RDP entries accordingly.
What I am trying to achieve:
Mac OS system Source system, and RDP to multiple Physical/Virtual machines on the network, while maintaining connectivity through VPN connections on the VMs - Without having to manually type in/keep up with IPV6 addresses.
My hardware is all consumer grade, with a Netgear router (R6400).
While currently I use a single NIC in the VM host, I do have multiple NIC's if that will correct the connectivity issues.
MS-Windows implements RFC-4941 and RFC-7721, for security considerations, that lead to IPv6 address changes (this should not be a problem if you had DNS updates, but this is not your situation).
To avoid IPv6 changes, just use the following 4 lines on your Windows hosts:
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
You should now get predictable results.
I've installed pfsense 2.3 x64 in virtualbox with 2 adapters; One is bridged to my wifi adapter (adsl modem) (WAN) and the other one set as'Internal network' ('intnet') (Lan);
The problem is that although pfsense can automatically detect dhcp over first adapter and get an IP but my system (the host) can not ping the pfsense server (pfsense can ping both adsl modem gateway and the host).
Note1: Disabling the antivirus and firewall (kaspersky internet security 2016) has no effect.
Note2: I know that this setup works because I use the exact same network configurations for a Kerio Control server (v9.0.2, installed in virtualbox)
Note3: If I constantly ping pfsense server in my host (ping 192.168.1.102 -t) and at the same time restart pfsense server, during the booting phase of pfsense I can get two pings!
After contacting the pfsense official forum, it turned out that the WAN interface blocks everything by default. Therefore, either a rule should be defined to allow WAN to accept traffic or access server from LAN side.
I figured this out without having to go through the WAN interface, answer is on the pfsense forum
Configure host-only network "vboxnet1" (or any of the other host-only networks if you're already using vboxnet1 for other VMs) with the following:
192.168.1.77 (or whatever IP you want your host to appear as on the network)
255.255.255.0
DHCP Disabled
The make sure that the LAN adapter on your pfSense VM is a "Host-only Adapter" and that it's using "vboxnet1" (or whatever network you configured above)
Reboot/re-install and http://192.168.1.1 should work now