I have a Ubuntu box setup and am running vmserver 2.0 on it with a guest running pfsense, it is also a dual wan setup fyi. I have all the machines in my house on a lan hooked to my linux box. I use for my box for many other tasks and it just made sense to set it up this way.

Here is my question though, it all is working fine and dandy but the host machine running the vm of pfsense is fully opened to the outside via the bridged connection for the vm. I have 3 nics. two of them are my wan (both cable connections) and one is for my lan. Is there a way for me to tell ubuntu only to get internet access from the bridged lan connection and not from either bridged wans? I would like the host to be covered by pfsense is the purpose.

Any and all help is GREATLY appreciated.

no one has any ideas how I might go about this?

Hi, I'm not too sure how to do this with pfsense firewall, you may read the manual to clarify,

but with iptables firewall you can name the external interface (EXT_IF=device name) and any internal interfaces (INT_IF=device name).

This may be what you need to find within the pfsense manual.

Regards, Glenn

So what I am trying to do is isolate the host machine (my ubuntu box) from the internet totally except for the ethernet connection that my VM (pfsense) uses for the internal lan here at my house. This way the Host will be protected by the firewall as all the other machines hooked to my lan here are.

Currently I know it isnt behind the firewall because it has a working internet connection before the VM (pfsense) has fully booted.

So I didnt know if there was some easy wat to tell ubuntu to ONLY use a certain eth for any and all network access while still allowing the VM (pfsense) to have control over them all via the brideged connections it requires to run it in a VM.

It's also a dual wan setup on my VM of pfsense. if that makes any difference.

3 nics and they are all bridged so that the VM of pfsense has accesss to them. 2 are my wans and 1 is my lan. I want to isolate Ubuntu from both wans and have it only use the lan so that it will be protected by pfsense.

What is the easiest way to make this happen?

OK, I don't have any bridges between connections, I have an internal eth0 and external ppp0, on this (gateway) pc.

Anything directed to the internet from the other box(192.168.0.3), comes in at eth0(192.168.0.2), and is redirected to the proxy cache (squid) before accessing ppp0.

Connections from my system are also routed to the squid proxy cache, via 192.168.0.2 before finding it's way to ppp0.
I do that via the browser connection preferences, both konqueror and mozilla firefox.

I'm using iptables and squid to do this with forwarding in /etc/sysctl.conf

The rest of the configs, /etc/host /etc/host.allow, /etc/host.deny, and /etc/resolv.conf (dns addresses),

/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
The others are iptables and squid.conf, I can post them too if need be.


So all out-going connections are directed to the eth0(int), hits the cache and goes out via ppp0.

That's all I have to share, Except two pages I have found to be helpful to me...

http://www.linuxhomenetworking.com/

http://www.opensourcehowto.org/home/

Regards, Glenn. I hope this helps.