Firewall Failing to Block Loopback/Localhost Communications Between VM and Host

Hello all,

I had typed up a large post explaining my issue in detail, but lost it. I will be concise.

I am not trusting Local Area Network #1. D+ is in Paranoid mode, Firewall is set on Very High alert frequency level with Enable alerts for loopback requests checked. Despite this, I can ping and telnet into the host machine from a guest VM inside a Virtualbox NAT. I can telnet into port 139, be connected and this connection does not show up on the connections list, nor am I prompted for it. I can ping the host machine ( as well, from inside the guest VM. This issue does not occur on my Mac OS X machine, also running virtualbox. IPFW blocks a connection attempt from localhost to (that machine’s ip on the network) when I attempt to ping the host from inside the guest. On my Windows 7 x64 machine running CIS (proactive security mode, if that is important), the connection is silently allowed. Very alarming.

Any suggestions?

I am running the latest version of CIS, which another user in a different thread claimed to have fixed his problem. This leads me to believe that a reinstall may fix my problem, however, the lack of an apparent cause concerns me, even if a reinstall would fix this.

Thanks in advance for your help.

Clarification: Even with the firewall set to Block All mode, these connections between guest and host are still allowed.

Can you show us a screenshot of your Global Rules?

Of course.

I’m also attaching screenshots of my Defense + log, showing it successfully blocking or allowing Firefox localhost to localhost traffic. It prompted me for this after I deleted the existing Outgoing Only rule and opened it. It prompts me correctly upon attempting to initiate a connection to http://localhost as well. The issues with ping, telnet and the VM still persist though. So CIS is correctly identifying some localhost traffic!

However, if I check Block and Remember, no entry shows up in Firefox’s network security policy section for localhost traffic, but does for normal traffic.

EDIT: On another try, it does appear to remember and store localhost traffic for Firefox. I must have simply forgotten to check the remember box. So, the issue now is why is it failing to alert on specific programs? I double checked and I have no rule set up for Virtualbox, nor ping.exe.

Thanks for your quick reply.

[attachment deleted by admin]

I reinstalled CIS. All my issues persist, even before importing my previous saved configuration.

Block all mode did not block the loopback traffic.

Can you please post the which virtualisation software you use? i see VM and VirtualBox mixed here…
And also which version of the product?

And provide host and guest OS versions?
Are you using briding or NAT on the guest OS?

Sun Virtualbox 3.1.2. Sorry for any confusion, when I say VM I mean the virtual machine, not any VMware application. Host OS is Windows 7 x64 Home Premium, guest OS is Ubuntu 9.10 x64. I’m using NAT. For some reason the bridged adapter option is not allowing me to select an adapter, I will do a clean install of Virtualbox 3.1.4 today and let you know if there is any change.

As I expected, bridged networking does not have the same problem. CIS sees a connection from another computer on the network and prompts for it. The downside is that CIS cannot be used to monitor the network connections made by the VM. I double-checked NAT again with the new version of Virtualbox and CIS still silently allows connections made from guest to host.

I also installed a fedora VM and the same issues are present.

I don’t have this with VMWare if i use NAT and try to telnet to my 445 port i receive a firewall alert for vmnat.exe trying to connect to on port 445…

The ping walks straight trough, even global rule block doesn’t work for this… but if i have a look at the IP’s used by VMware there is no logic, there must be some software level in between

The Guest and Host are absolutely not in the same subnets and as seen above CIS alerts for Loopback traffic coming from the Guest OS. So VMWare must be acting like a software router in between…

Are you running CIS v4 latest beta or the stable 3.14.x ?

I’m running the latest stable version, 3.14.130099.587.

I can telnet to any listening port and a connection will be established. I get an alert for using telnet to connect to at 445 in Windows, but not from a guest VM. I will try VMWare soon.

I tried both VMWare and Virtualbox on a clean install of Windows 7 x64 on the same PC. Same issue. I will submit this as a bug.

In the meantime I can use bridged networking.