No announcement yet.

Firewall function between VM and host local LAN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall function between VM and host local LAN

    Windows 7 host on local network /24. Default gateway on
    Three PCs and a NAS on the local network all plugged into a gigabit switch. Uplink from switch to router at 100Mbps.
    Traffic to/from /24 is unrestricted by host firewalls.
    VMWare Workstation 7
    Variety of Windows / Linux guests

    I'm running malware research on this rig so cannot trust the state of the VM at all. Want to ensure that the VM cannot access the local LAN (PCs / NAS) but still get out to the Internet via the default gateway.

    NAT isn't an option as the firewall on the host only sees the post-NAT traffic which translates to the host IP.

    Bridging won't work, as this would place the VM on the local network, and as not all of the LAN devices have firewalls I cannot rewrite firewall rules to protect them.

    What I'm after is a firewall function that works pre-NAT but runs external to the VMs.

    Does such a beast exist, without running ESX?