Im running virtualbox and im trying to block all access through the network to my host. I went into the Network Security Policy and to blocked zones. I chose add a new blocked address but was not sure if I should use ipv4, ipv6 single address. Also is there anyway to test this is actually working to block anything so that my virtual operating system is really secure from transferring any virus or malware through the network?
I assume you are running Comodo ver. 5 on the virtual machine?
Comodo should have created a Network entry for the host machine LAN connection if it finds it. Name should be Local Connection #2 or something on that order. If Comodo has defined a Network, then all you need is a Global rule for Comodo on the virtual machine to Block All IP to Local Connection #2 From Local Connection #2. No need to worry about entering IP address for the host.
What kind of network are you using in Virtualbox, NAT, Bridged, host only, internal…
Virtualbox and bridged because I was told that is the most secure
Yes im running Comodo Firewall 5 on both. I just installed it on the Virtual Machine and named the network Virtualbox. Now the host Comodo sees it and I went into global rules and changed ALOW all incoming and outcoming requests for Virtual box to BLOCK. Is that all I need to do?
That’s debatable.
If you use bridged networking the client is to all intents ate purposes a separate client on your LAN and therefore should be treated as such. Do you have a router?
If you use NAT, the guest will get an IP address in the 10.x.2.x range and will send and receive all network traffic through the host, therefore, the host firewall will need to be configured to support this.
if you use Host only, the guest will get an address from the Virtualbox adapter, which ill be in the 192.168.56.x range. This configuration will not provide Internet access.
If you want to go with bridged, create a new blocked zone in the guest firewall and for the address(es) use the host computer and any other PC’s on your LAN, Do the same on the host and use the guest address.
You might want to read the User Manual particularly chapter 6 - Virtual Networking.
Yes im running Comodo Firewall 5 on both. I just installed it on the Virtual Machine and named the network Virtualbox. Now the host Comodo sees it and I went into global rules and changed ALOW all incoming and outcoming requests for Virtual box to BLOCK. Is that all I need to do?
I am a bit confused over what you are trying to accomplish. I thought you want to ensure that nothing TCP/IP wise from the virtual PC can access your host installation? If that is the case, then you have to determine if the firewall on the virtual machine can “see” the host network. Comodo does that by detecting a “new network connection.”
Open the Comodo GUI on your desktop, select Firewall, then Network Secuirty Policy, then click on the Network tab. You should have at least two entries; one for Loopback and one for Local Area Network #1. Local Area Network #1 should show the IP address assigned by DHCP or a manually assigned static address serviced by your router. Everything for this connection should relate to your virtual machine devices.
If another Local Area Connection entry exists, then that most likely is your host network. That is the network you want to block. If only your virtual machine network is shown, you don’t have to do anything since the virtual machine cannot see your host network.
Post a screen shot of what is displayed in the network tab.
Per the Virtualbox manual.
Network Address Translation (NAT)
If all you want is to browse the Web, download files and view e-mail inside the guest, then this default mode should be sufficient for you, and you can safely skip the rest of this section. Please note that there are certain limitations when using Windows file sharing (see the section called “NAT limitations” for details).
I would think this is more secure than “bridged” mode. In bridged mode, both the virtual machine and the host can see each other and directly communicate with each other. In “NAT” mode, the virtual machine is doing all TCP/IP activity soley within the virtual machine.
I would suggest you get configuration help on VB from their support forum. Make sure you clearly state your objectives such as “I want to isolate all Internet commincation to within each installation i.e. VB install cannot communicate with host and vice versa.”
When virtualbox is installed, CIS detects the Vbox adapter network, which is 192.168.56.1/255.255.255.0. This address range is only used if ‘Host only’ networking is used on the guest. If he/she is using bridged networking, the guest is using an ip address in the same range as the host, i.e. the same network.
Actually, if he/she doesn’t want Internet connectivity from the guest, the best option would be ‘internal’ networking. If the address is not manually assigned it uses APIPA.
If he/she is using bridged networking, the guest is using an ip address in the same range as the host, i.e. the same network.
Then what I origiinally stated should be true?
On host, Comodo should show Local Connection #1 e.g. 192.168.1.1 as host adapter and the VB connection should be Local Connection #2 e.g. 192.168.1.2.
On VB installation, Comodo should show Local Connection #1 e.g. 192.168.1.1 as VB adapter and the host connection should be Local Connection #2 e.g. 192.168.1.2. Assuming DHCP is assigning IP addresses and his router DHCP IP address range is 192.168.1.1 - 192.168.1.255.
So within Comodo for each installation, he just has to block the Comodo assigned Local Connection #x of the other installation.
The only additional network zone created for VBox is the 192.168.56.x, which is used for ‘host only’ networking. If bridged networking is used, it’s just the same as having an additional PC on the LAN, the address space for which, is one and the same as the host in network zones. If bridged networking is used and the user wishes to block traffic between host and guest, it’s simple to block the ip addresses of each, as appropriate.
Yes the network zone is 192.168.56.x and thats what I blocked on my host in firewall. Is that sufficient or is there a more secure way to go? Should I be doing NAT instead of Bridged? Im just looking for the most secure way to stop any potential virus, malware from leaving the virtual machine.
I assume the screen shot you posted is for the VB installation? Only one Local Connection is shown, 192.168.1.3? which I assume is your assigned IP address on the host?
Yes thats from VB and im not sure what that ip is because firewall in my host is showing Virtualbox 192.168.56.x?
Check you host local connection entries in the Comodo’s Network tab. I asuume that two are shown; the 192.168.56.x? for VB and 192.168.1.3 which is your host network? Reply back with findings.
not sure what local connection entries are. Is that Network zones under network security policies? If so it shows 192.168.56.x for VB and then my host ip
Yes. What is your shown host IP address?
192.168.1.x theres also loopback zone ip 127.0.0.x