How can I stop a VM guest from being able to access the host's LAN (and the host itself)?

TheGooseLord

5/16/24, 9:45 PM

I'm running an Ubuntu 22.04 host with a 22.04 guest (using Multipass). Currently, the guest can access the LAN and the host. How can I prevent the guest from accessing the LAN, while still allowing it to connect to the internet?

I only have access to the host by SSH.

1 + 2

networking

virtualization

larsks

5/17/24, 12:22 AM

You can add rules to the `FORWARD` chain that prohibit traffic originating from your virtual machine and destined for the local network. You can add rules to the `INPUT` chain to prevent access to the host itself.

djdomi

5/17/24, 10:15 AM

well a more common sense would in my mind to use vlan

Score:0

Server

TheGooseLord

5/17/24, 1:00 PM

I've added a rule to the FORWARD chain to block access to the LAN:

sudo iptables -I FORWARD -s <VM-subnet> -d <LAN-subnet> -j DROP

and rules to the INPUT chain to block access to the host:

sudo iptables -A INPUT -d <VM-subnet> -j ACCEPT
sudo iptables -A INPUT -s <VM-subnet> -j DROP

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I stop a VM guest from being able to access the host's LAN (and the host itself)?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.