![]() ![]() I get similar connection patterns with firefox. Once ie is open, I don't get prompts for every connection that the browser makes. ![]() If I approve that, I get a request to connect to 173.194.115:80, which is at Google (my home page). ![]() If I approve that, I get a second request to connect to 255.255.255.255:137 (nbname), and I'm not sure what that is for. When I open ie in my VM, my host firewall gives me a prompt that vbox wants to connect to 8.26.56.26:53, which is my DNS (Comodo). Since I have not white listed vbox, I am getting allot of prompts in my host firewall that appear to be related to the VM traffic. I am just learning how vbox works, so it is set up with the defaults for more or less everything. Thanks for the information, that is helpful. If you want to control what traffic can leave the vm you will need to run firewall software in the vm itself (or at your gateway router). However how it interprets it is not reliable because it is not really aware of how the virtual networking software works, or even that the virtual network exists. In actual fact firewall software gets down into the network layer (using promiscuous mode) and can see the traffic going from the virtual to the physical networks. The filter driver should separate traffic addressed to ((or coming from) the guest. In theory the firewall in the OS will not see the traffic from the vm at all, because it has its own MAC address and its own IP address. If you are using bridged networking (I assume you are and that 192.168.10 is the IP subnet used on your physical LAN) the operation of the firewall will be unpredictable. If you are not using the host only network (ie do not have a host only NIC in the guest), you can disable this interface (from network connections on the host). The guest will also have a 192.168.56.x address if you have a NIC set to host only. Is there any reading I can do on how folks handle this kind of thing?ฤก92.168.56.1 is the interface on the host computer which is used for host-only communication ie for communication between the host and guest. For some of these VMs, I will just disable the network adapter once I have things set up since I will not need net access from the VM. I guess the alternative is to run Comodo ISP in the VM as well, but I was hoping to avoid that. I either have to white list vbox, or approve each connection separately. Is there a write up somewhere for how vbox handles network traffic? Looking at these logs, there is no way to tell what application running in the VM is requesting access, so I have no effective way to monitor and limit traffic as I normally would. Such rules are pretty specific and I really only allow access to a few programs. On my host system, applications are white listed, meaning that applications have to ask for internet access unless I have made a rule for that application. Some of the traffic originates from the IP of my host machine (192.168.10.168), some of the traffic originates from a different IP on my local net(192.168.56.1). I see a variety of traffic from vbox and I can't seem to make sense of it. I am currently running Comodo ISP as the firewall on my host system (XP sp3). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |