Firewall On Host Affecting Virtual Machine

SoildSnake · 5 Sep 2010 at 16:52

How do i configure amour Online to allow my VM virtual machine to access the internet?

I found a way around it by using NAT instead of bridged but am not sure if that is best; since NAT shares the internet does that mean if i get a virus/spyware in the VM that i would get it on my host? I do all my "dangerous" stuff in the VM and want it as protected from my actul PC as possible; thanks

tntcoder · 5 Sep 2010 at 17:02

For all practical purposes you are just as safe using NAT as you are using the host interface directly (bridged) in a VM.

Using NAT will isolate the VM further than bridged and protect it from other machines on your network, and is probably the best option unless you specifically need the VM placed 'on the LAN'.

I'm assuming that you want access to the internet in the VM of course, if this is the case and you don't have special requirments stick with NAT.

I would actually suspect it's a problem other than the firewall when you're using bridged networking. Have you doubled checked DNS settings in the guest? Check that first anyway.

EDIT: another nice tip for doing your 'dangerous' activities in a VM is to take a snapshot of the VM in a clean state, for example after installation & configuration. Then whenever you've done your work, restore the VM to the snapshot state. Then you know whenever you power it up it's clean and trusted, and anything bad is confined to the single session.

SoildSnake · 6 Sep 2010 at 14:54

Thanks for the detailed reply. Still need some more help though

1) Should i use the share-IP option or the host-only; what is the difference?

2) Not sure if this is just coincidence but i seem to be getting "certificate" errors in my VM when browsing saying "statistics.net.info uses an invalid security certificate". Any thoughts on this?

3) Finally hopefully you can help with this; not related but... When using Zone Alarm i got a "new network found" window pop up saying IP address 169.254... "private network detected". I could not access my router via my PC and had to restart it from the power switch; was this a hack or something to do with a security hole? Thanks again

tntcoder · 6 Sep 2010 at 15:33

1) Host-only creates a network isolated to within the host computer (i.e no external connectivity), unless you specifically need to do this then go with share-IP (NAT) mode. I'm assuming share-IP is NAT mode, but I haven't use VMWare for a while so double check. If you want internet access in the VM and don't have special requirements, just select NAT though.

2) Not really able to tell with the info you've given. If you get certificate errors on numerous SSL sites, then it's a problem and look into it further.

3. I'm fairly sure 169.254.x.x will be for the vmware bridge adaptors. If this is the case (check in network adaptors on the host), ok it with the firewall and make sure that range isn't subject to inbound/outbound filtering with zone alarm. It's most likely from a virtual Ethernet adaptor titled "VMware Accelerated AMD PCNet Adapter" or similar, hence not security hole related.

SoildSnake · 6 Sep 2010 at 15:49

1) Both are NAT based; ill leave it on shared; so this does not mean that if i get a virus or attack via web browsing that it will invest my main pc / host?

2) It only happens on one site; but i only asked since it started when using the above settings with Amour Online firewall

3) No, this occurs on my main PC when using zone alarm; i got XXXX scared and switched firewall to be save; would this issue be security/hack related; it finding a new network and not being able to connect to my router from my main PC? Thanks mate

tntcoder · 6 Sep 2010 at 16:16

1) No with NAT you will have a level of isolation between your host and guest OS, so you're effectively safe from a virus/worm spreading to the host via the network. The guest will be on a different private subnet to the host, so they wont be communicating. This would be a much bigger risk using bridged networking. So don't worry about a guest infecting the host, virtualization is designed to give you very strong confinement.

2) Wouldn't be too worried about it if it's just a one off and without more details. Maybe the certificate had expired or something.

3) When you say your main PC, you mean the one running VMWare? 169.254.x.x is a private network, and it will just be from the VMWare drivers. The network it's finding will be the local-link to the virtual machine. Nothing to worry about to be honest.