How can I stop a VM guest from being able to access the host's LAN (and the host itself)?

jo flag

I'm running an Ubuntu 22.04 host with a 22.04 guest (using Multipass). Currently, the guest can access the LAN and the host. How can I prevent the guest from accessing the LAN, while still allowing it to connect to the internet?

I only have access to the host by SSH.

pt flag
You can add rules to the `FORWARD` chain that prohibit traffic originating from your virtual machine and destined for the local network. You can add rules to the `INPUT` chain to prevent access to the host itself.
djdomi avatar
za flag
well a more common sense would in my mind to use vlan
jo flag

I've added a rule to the FORWARD chain to block access to the LAN:

sudo iptables -I FORWARD -s <VM-subnet> -d <LAN-subnet> -j DROP

and rules to the INPUT chain to block access to the host:

sudo iptables -A INPUT -d <VM-subnet> -j ACCEPT
sudo iptables -A INPUT -s <VM-subnet> -j DROP

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.