On 3/6/07, Mikael Kermorgant <[EMAIL PROTECTED]> wrote: > Thank you very much for all these aswers. I'll try to protect these > virtual hosts in another way.
The best way to do it is to setup the VM interface in 'host-only' mode. This basically forwards all traffic from the VM onto one of the vmnetX interfaces. After that it's a simple matter of writing the shorewall zone for the vmnet interfaces and appropriate rules. If you try to do NAT, the vmnet-natd daemon does the port-forwarding and natting - it runs as root in the host. All outgoing traffic appears to be from that daemon - so there's pretty much nothing you can do to control the outgoing traffic. I've done both the natted and 'host-only' setup, and while the 'host-only' is a little more painful to setup, the level of control provided is incomparable. Hope that helps. Prasanna. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
