Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello.
I use VirtualBox in my Linux Debian amd64 and use some iptables rules also. My VM networking is set to "NAT" but in VM I can't connect to Tor network? my VM in Windows 7.
If Linux is the host, then iptables(or any other such command ...) will necessarily affect all of your VMs.
Why? Because, from the host's point-of-view, the virtual-machine monitor is (so to speak ...) "just another application."
No matter what "the various VMs think they see," the actual physical environment is controlled by the host alone. Every request of any sort that is made by any virtual machine is ultimately translated to a request that is made by the virtual-machine monitor application to the host upon which it runs.
Of course, the virtual machines never directly perceive the host environment. For them, "the magic-trick is never revealed."
Last edited by sundialsvcs; 01-17-2017 at 06:44 PM.
No it does not. Bridging means that the virtual adapter created by the virtualization system to be used inside the VM is bridged with the physical adapter of your choice. It is still under the host OS' control as far as network packets are concerned.
Now, you only asked that "Can iptables affect my VMs", the answer is yes, they can. But if you have no rules that are specific to your VMs network devices they will not be affected.
Actually PCI passthrough does what you said ("see NIC directly"). If you use PCI passthrough (or USB if the NIC is USB), the kernel will actually replace the NIC driver with a "stub" driver that makes possible passing all control to the VM. This way the VM manages the NIC directly with it's native drivers.
Of course this means that the NIC will be withdrawn from the host OS' networking altogether (thus no host iptables can affect it) and probably this is not what you typically want.
Last edited by gradinaruvasile; 02-06-2017 at 03:25 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.