Controling virtualbox internet access?

Posted by HandyGandy on Super User See other posts from Super User or by HandyGandy
Published on 2010-05-11T08:01:26Z Indexed on 2010/05/11 8:04 UTC
Read the original article Hit count: 383

Filed under:

Host: Linux/Debian/Ubuntu/Mint ( Helena/karmic koala )
Guest: XP SP2 and SP3
Problem: Relatively new copy of XP migrated to vbox-virus free. To detect biral infection it is desired that internet access is limited. Network access to the host is desired, but access to the internet should be limited to a select few sites.

The added overhead of network access should be small when the guest vbox is running, 0 when it is not.

Controling virtualbox internet access?

Posted by HandyGandy on Stack Overflow See other posts from Stack Overflow or by HandyGandy
Published on 2010-05-11T01:59:27Z Indexed on 2010/05/11 2:04 UTC
Read the original article Hit count: 383

Filed under:

virtualbox

|

network

|

access

I am finally going through the process of moving my XP into a vbox (host linux). The thing is that I am migrating a virtually clean install. So aside from the occasional antivirus scan, I want to make sure that my XP is not sending malware data (keystoke.logs, spam etc. ) out silently ( and thus having picked up some virus ). To that end I want to limit XP to contacting my LAN and a few internet sites. ( mainly sites that require proprietary windows only software to access, AV sites and Windows update ).

I want XP to only access preapproved addresses. If it is trying to contact a nonapproved address, I want it somehow logged and access restricted until I allow access. I also don't want to have to decide whether to allow access to a site at my leisure.

To keeps things clear let me give an example: I start my vbox/XP ( which I call MYXP) running on my linux box ( called MYLINUX connecting to the net through a linksys wrt54g ) and connects via samba to my LAN ( since my LAN seems to be possessed of every evil thing, it's address is 192.168.666. ). At the moment my configuration is set so that I allow MYXP to access 192.168.666 and www.MYANTIVIRUS_UPDATES.com and www.MS_UPDATES.com.

Then on the VM I start a program which tries to make a connection to www.playmygame.com . www.playmygame.com is on my preapproved list so the connection goes through. Later I check attempted accesses and discover that it also tried to connect to www.mygame_high_scores.com I figure this is OK so I add www.mygame_high_scores.com to my approved list. Later, I again check address and discover that my VM/XP tried to access www.mygame_steals_your_identity.com. I do some checking and discover the address is registered to someone in Kiev, Nigeria. Since this doesn't sound kosher to me, I replace the MYXP VM with one that was backed up before I installed mygame. I remove www.playmygame.com and www.mygame_high_scores.com from my access list for MYXP.

It should acomplish this with little overheard. When I am not running the VM ideally it should not have any overhead. Suggestions?

Developer IT