How to make my linux VM just accessible on LAN on virtualbox
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to make my linux VM just accessible on LAN on virtualbox
Hey guys this is my first question on this forum,
How can i block just internet access for my linux-vm?
The problem is, that im using a WLAN-device as interface on my host.
I already switched between different configs in virtualbox and searched for the possibility to block access through my fritzbox router with the mac adress.
What for other possibilites do i have, an how to do that?
(e.g. block through windows host, settings on linux(iptables)?)
Thanks in advance.
Last edited by GrownUps; 02-06-2019 at 03:07 PM.
Reason: misleading writings (long workday, sorry)
How to make my linux VM just accessible on LAN on virtualbox
I dont want to make my linux VM not accessible from WAN,just in LAN.
As stated your question is confusing because the title and what you posted is the opposite. I assume your not a native English speaker so please restate your question or maybe use google translate.
WAN = Wide Area Network = outside the LAN aka. internet
LAN = Local Area Network
"just accessible on LAN" = Not accessible from WAN
"I dont want to make my linux VM not accessible from WAN,
just in LAN." = not accessbile from WAN, just (accessible) in LAN
Using a NAT network interface the LAN can not access the VM unless you add access.
Using a Bridged network interface the VM is connected to the LAN just like the host.
The VM using DHCP will be configured with the same DNS from your Fritzbox router just like any device so that it will be able to access the internet regardless of which network is configured. Using a bridged adapter if you do not want the VM to access the internet then you can set a static IP address and use a fake DNS and gateway. You will be still be able to access the LAN using IP addresses.
Using a bridged adapter if you do not want the VM to access the internet then you can set a static IP address and use a fake DNS and gateway. You will be still be able to access the LAN using IP addresses.
I use kali and this didnt worked properly, i have now access in kali (outgoing) in LAN but cant reach the linux ip through other devices in network.
The link isnt much helpful, my issue isnt kali specific and i dont need step-to-step instruction of how to do that.
I just want to isolate linux to my lan and a working approach of how it could be done.
A vm can connect to host in a few ways. One is local VM only. You don't want that. Another is NAT. That basically uses your lan/wan nic as it is. Unless you have a separate nic for the host and VM you can't fully isolate it. You can isolate it by subnet mask if you want. Otherwise in either bridged or nat your VM nic is like your host nic.
As usual, everyone is making this more complicated than it needs to be.
Simply DO NOT ENTER a default gateway.
If the computer (the VM) doesn't know what IP address through which to send packets that are not directly connected (on the LAN), then it will not be able to send packets to the WAN or any other segment.
OK, this does answer your initial question about not having access to the WAN.
Now to getting basic connectivity; Start at layer-1 and work your way up. With your setup, layer-1 is virtual. I've done this successfully using the bridged option. Make sure you bridge to the wireless adapter on the host. Layer-2: I have used the AMD PCNET virtual adapter for all VMs without issue. Layer-3: I would start with a static IP assignment for the VM. That eliminates one source of problem. Make sure you assign an IP address that is outside of your DHCP servers address pool.
OK, this does answer your initial question about not having access to the WAN.
Now to getting basic connectivity; Start at layer-1 and work your way up. With your setup, layer-1 is virtual. I've done this successfully using the bridged option. Make sure you bridge to the wireless adapter on the host. Layer-2: I have used the AMD PCNET virtual adapter for all VMs without issue. Layer-3: I would start with a static IP assignment for the VM. That eliminates one source of problem. Make sure you assign an IP address that is outside of your DHCP servers address pool.
Already signed a static ip, as well as in bridged configuration but also in nat environment, made no difference.
If i could know how to drop all packets that has an external origin through iptables, it would be ok.
But how can i identify external packets on my linux?
Or how can i just accept packets from specific local ip´s and drop all others?
What are the IP address ranges you are using....inside your external access router. You have stated "VM-Ip is on a different subnet of course". If it's different while using Bridged mode, then you won't be able to talk to the LAN. I'd like to know the actual IP address ranges so I can give you specific configuration info so there is less chance of mistakes during conversion.
What are the IP address ranges you are using....inside your external access router. You have stated "VM-Ip is on a different subnet of course". If it's different while using Bridged mode, then you won't be able to talk to the LAN. I'd like to know the actual IP address ranges so I can give you specific configuration info so there is less chance of mistakes during conversion.
Sorry for my misleading writings , i just want to block internet access for my vm.
I´ve noticed it after reading three times through my posts .
The Vm-ip was on a different subnet with NAT-enabled, but this is a normal behavior.
I´ve already switched multiple times between bridged and nat on every test.
LAN = 192.168.178. /24
Gateway (+DNS) = 192.168.178.1
DHCP-Range = 192.168.178.20 - 200
VM:
With NAT = 10.0.2.15 /24 -> could reach wan/lan (but no connection after leaving gateway empty)
Bridged = 192.168.178.36 /24 -> could reach wan/lan (also no connection after leaving gateway)
i´ve set both ip´s also to static.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.