We’re getting close!
What I am asking is the host IP address, the 192.168.1.x, the same as that shown in VB? In other words, if VB has a 192.168.1.3 address and the host has a 192.168.1.3 address, then the IP address shown in VB is indeed the host IP address.
No all it shows in VB Network zones is the VB ip not the host.
The Virtualbox host-only network adapter is preconfigured to use the 192.168.56.1/255.255.255.0 address space. Addresses from this range will only be used if you have chosen to use host-only networking in your Virtualbox guest. If, as you say, you’re using bridged networking, the ip address assigned to the guest will be form the same range as the ip address used by the host.
Can you please do the following: Open a command prompt on the host and the guest and type:
ipconfig /all
Please post the results for both here.
The Network zone you’re showing in the image you’ve uploaded, seems to suggest that your host and guest are using different networks.
Yes I have a router and no I have not manually assigned an ip to Vbox.
I’m assuming the ipconfig is from the host (do you have one from the guest too) as it’s showing the Vbox host-only adapter. The IP address in use by your host is:
192.168.1.150/255.255.255.0
and the network zone shows an IP address of:
192.168.1.3/255.255.255.0
Basically, any IP address between:
192.168.1.0 and 192.168.1.254 with a subnet mask of 255.255.255.0 is on the same subnet. However, the ipconfig also shows DHCP as being disabled, so I’m curious as to how your PC is acquiring an IP address.
Please post the ipconfig /all from the guest. by the way, you don’t need to use mediafire, just use Additional Options at the botton of the reply box to attach your image here.
here it is
[attachment deleted by admin]
It appears you’re using DHCP for the guest but as i said not for the host, do you have a reason for doing things this way?
Regardless, both the host and the guest are on the same subnet, or as I said earlier, the host and the guest appear as two different PCs on the same network.
Returning to your original post, you want to prevent all communication between the guest and the host. As your host appears to have a static IP address (192.168.1.150) you can achieve this with a couple of rules:
On the host you can configure your firewall by creating two Global rules:
Action - Block
Protocol - IP
Direction - Out
Source Address - ANY or the MAC/IP address of the host
Destination Address - The MAC/IP address of the guest (currently 192.168.1.3)
IP Details - ANY
Action - Block
Protocol - IP
Direction - In
Source Address - The MAC/IP address of the guest
Destination Address - ANY or the MAC/IP address of the host (currently 192.168.1.150)
IP Details - ANY
Place these at the top of the list in Global rules. You will also want to create a similar pair of Global rules in the firewall on the guest, just change the details as appropriate.
His router IP address is 192.168.1.1.
His VB IP address is 192.168.1.3.
Unless his router is set up to start assigning DHCP addresses at 192.168.1.3, we are missing 192.168.1.2. I am curious as to what happened to that IP address?
It may have been allocated at one point in the past and is now flagged with the MAC address of whichever PC it was allocated to.
You can test these rules by issuing from the command prompt a ping 192.168.1.150 from the guest and a ping 192.168.1.3 from the host. Both pings should time out.
On the host you can configure your firewall by creating two Global rules:
Action - Block
Protocol - IP
Direction - Out
Source Address - ANY or the MAC/IP address of the host
Destination Address - The MAC/IP address of the guest (currently 192.168.1.3)
IP Details - ANY
Action - Block
Protocol - IP
Direction - In
Source Address - The MAC/IP address of the guest
Destination Address - ANY or the MAC/IP address of the host (currently 192.168.1.150)
IP Details - ANY
Sorry it took so long for me to try this. I was able to get it working fine on both sides, but how do I deal with the ip address of the guest changing? Instead of entering the IP of the host like you said what if I made a global rule for inbound and then for source use Type: Network Zone, VirtualBox would that work?
The Network zone created for VB is for use with the Virtual host adapter, as you’re using bridged networking it doesn’t apply.
The easiest solution to prevent the IP address of the guest changing is to, either allocate the guest a static IP address, or check your router documentation and see if it allows using reserved addresses. Basically, a reserved address is simple an IP address associated with a MAC address, so that the PC will always get the same address.
Ok i set my guest ip to static and it successfully times out when I ping both ways. Is this pretty much as secure as virtualbox can get as far as protecting my host from anything getting out? Thanks so much for all the time and help with this. Its very much appreciated.
As you’ve decided to go static, you could have put the guest on a completely different network, but if you decided you wanted easy communication between guest and host at some later date, doing so would have made things a little more difficult.
What you’ve done by blocking communication between guest and host will keep the two environments separate but will still allow the guest easy Internet access, if required. It will also make it easy to allow communication between the two, should you need it, simply by changing the block rules to allow.