My application would be very similar to this. I think with proper
iptable rules setup on the host, and proper configuration of vmware
server, it could be secure. I intend to setup a test lab situation,
give the setup a bit of a work-out and see how it looks.
Thanks for all the feed-back,
Paul.
Quoting Chris Hellyar <[EMAIL PROTECTED]>:
Hurro,
Are we talking about having a vmware client filtering traffic for the
host? That's an interesting way doing things...
The one I look after filters and routes/nats traffic for some other
vmware clients on the same machine, using a virtual network on the
vmware host, and passes some traffic off on a seperate NIC to the lan.
Tt's basically a 'DMZ in a box'.
Cheers, Me.
On Fri, 2007-12-07 at 23:32 +1300, Jim Cheetham wrote:
Number one issue - if the firewall VM guest is halted, should the host
system have any networking capability at all?
i.e. do you want fail-safe/default deny, or fail-open/default accept?
When VM player first came out there was a competition for interesting
images - IIRC the winner was a firewall under Windows, which unbound
IP from the windows driver, and re-bound it to a virtual interface
into the VM guest. All traffic was copied into the VM, and only
"clean" IP made it out back out of the (IPCop?) into the Windows
environment.
-jim
