LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   iptables: send all incoming traffic to virtual machine (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-send-all-incoming-traffic-to-virtual-machine-734360/)

jonaskellens 06-20-2009 05:23 AM
iptables: send all incoming traffic to virtual machine
 
I have a firewall (Endian) running in a VirtualBox VM.
How can I send all incoming traffic on my WAN-interface of my host-system (CentOS 5.2) to my Virtual Machine ?

My Firewall-VM uses the physical interface.
I do not want access from the internet to my host system. All traffic needs to be filtered by my firewall (guest system).

Could I block everything on my host-system ?

I choose not to have a dedicated firewall, but I am bugged with the security-aspects of my setup.

bsdunix 06-20-2009 10:24 PM
I think you have it backwards. When you turn on your computer, which OS comes up first? The host or the guest? Ideally, which ever is the first you want that as the firewall.

jonaskellens 06-22-2009 05:25 AM
Quote:
Originally Posted by bsdunix (Post 3580978)
I think you have it backwards. When you turn on your computer, which OS comes up first? The host or the guest? Ideally, which ever is the first you want that as the firewall.
It is clear that the host-system is up first.

So how then do I reject all traffic on my host (Centos 5.3) ?

bsdunix 06-23-2009 02:22 PM
This explains how to setup the firewall in CentOS:

http://wiki.centos.org/HowTos/Network/IPTables

The documentation includes this basic example. This will block any external incoming connections unless they were initiated by your computer.

Code:
#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
 iptables -F
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
 iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


All times are GMT -5. The time now is 12:29 AM.