can't filter traffic of vmware guest os
Hi
I'm using iptables to filter my network traffic. Host OS is Suse 9.3, guest (vmware) is Windows XP Prof.. The problem is: I can't create any rules that match the Windows XP network packages. I already blocked the whole network traffic but XP was still able to conect to the internet. When I tried to use ebtables it was the same problem (also no matching of guest OS-packages). Is there no way to filter the guest OS netwrok traffic with the host OS's firewall? thx xadian |
You should have a virtual interface that is designed soley for the use of the guest OS.
Your iptables rules must target this interface. |
You'll need to insert the rules in the "forward" chain of iptables. As an example, here's a line that blocks new connections from outside (eth0) to my protected network (connected to eth1) (it will allow the protected machines to reach out, though, not what you wanted)
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -i eth0 -o eth1 -j DROP Why don't you post your ifconfig -a output -- there is some vmnet1 device for your vmware -- and your current iptables ruleset. If you want to block everything to and from your vmware machine, you could also just stop forwarding completely, echo 0 > /proc/sys/net/ipv4/ip_forward or in /etc/sysctl.conf to make it permanent. Hope it helps, mlp |
All times are GMT -5. The time now is 11:06 AM. |