Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Isolate computer from network
New Posts  All Forums:Forum Nav:

Isolate computer from network

post #1 of 13
Thread Starter 
Hi everyone, I'm kind of a noobie at networking in general (though I do have an understanding of the basics), and I am interested in isolating a computer from the rest of my LAN (I have the Verizon branded Actiontec MI424-WR router). Well, more specifically, I want to isolate a Virtual Machine from the rest of my networking, but if this is going to be difficult, I will be perfectly happy to isolate the physical machine instead.

So, to give a picture of what I really want, I want:

External network connection ----> Router ----> 2 different LANs, one for the rest of the network and one for the specific virtual machine (or physical machine). I want both networks to be behind the router's firewall, but I do not want the two networks to be able to communicate with each other, at least not without going through the router's firewall first.

I've heard a couple of different suggestions, including setting up a VLAN and using a different subnet for the isolated computer. Will either of these do what I want and isolate the VM/machine from the rest of my network?

Also, is my VM already isolated? I use VirtualBox, and when I use the "ipconfig" utility, it reports the following settings for my "Ethernet adapter Local Area Connection:"

IPv4 Address - 192.168.1.4
Subnet Mask - 255.255.255.0
Default Gateway - 192.168.1.1

And reports the following settings for my "Ethernet adapter VirtualBox Host-Only Network:"

IpV4 Address - 192.168.56.1
Subnet Mask - 255.255.255.0
Default Gateway - Blank

I'm a noob at this, but it seems that my physical machine may be on a separate subnet from my virtual machine.

Thanks very much for your help, I appreciate it
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
post #2 of 13
Do you want both of them to reach the internet?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #3 of 13
Thread Starter 
Quote:
Originally Posted by scottsee View Post
Do you want both of them to reach the internet?
Yes, I want both of them to have access to the internet, preferably through my router's firewall. I just don't want them to be able to communicate with each other.
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
post #4 of 13
That's not a simple process to explain. You need a multilayer switch, a managed switch and router that supports 802.1q, or a router that has three ethernet wan ports
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #5 of 13
Thread Starter 
So there's ^no way to logically configure it without much trouble? I guess I could configure all my other computer's firewalls to deny all requests from the ip of the isolated machine, right?
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
post #6 of 13
That's patching a leak with a band aid but I suppose it would work, I'm not sure if it would make each machine totally inaccessible from the other. The best way to isolate your machines is to put each in their own segment (broadcast domain).
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #7 of 13
Sounds like "router on a stick" to me. One router, working with different VLANs, and an access list so the two vlans van't talk to eachother. You'd also need a switch that supports VLAN's (802.1Q standard like Scottsee said).
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6600 SLACR @ 3.6 GHz Asus P5E Deluxe MSI 6950 2 GB + 9800GT (PhysX) 4 GB White Lake DDR2-800 
Hard DriveOptical DriveOSMonitor
Hitachi 500 GB Sata iHas 120 Windows 7 Pro x64 u2711 (27", 2560x1440, H-IPS) 
KeyboardPowerCaseMouse
Generic Dell Combat Power 750W Aerotech PGS Bx-500 Logitech Rx300 
Mouse Pad
Desk 
  hide details  
Reply
post #8 of 13
I believe VLAN is the way to go here.

http://www.dslreports.com/forum/r206...MI424WR-router
    
CPUMotherboardGraphicsRAM
i7 950 @ 4.2 EVGA SLI3 EVGA GTX 480 SC 6GB Kingston Hyperx 2250 
Hard DriveOptical DriveOSMonitor
120gb/80gb Intel g2 asus win7 64 dell 24 s2409w 
KeyboardPowerCaseMouse
some logitech backit slim thing corsair 750 Antec 300 mx5500 
Mouse Pad
ratpad 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 950 @ 4.2 EVGA SLI3 EVGA GTX 480 SC 6GB Kingston Hyperx 2250 
Hard DriveOptical DriveOSMonitor
120gb/80gb Intel g2 asus win7 64 dell 24 s2409w 
KeyboardPowerCaseMouse
some logitech backit slim thing corsair 750 Antec 300 mx5500 
Mouse Pad
ratpad 
  hide details  
Reply
post #9 of 13
Quote:
Originally Posted by Rayzer76 View Post
I believe VLAN is the way to go here.

http://www.dslreports.com/forum/r206...MI424WR-router
He needs a multilayer switch that can handle VLANs and perform intervlan routing if he's going to use his current router. Same goes for Routing on a stick, he'll need a router that can support 802.1q packets and sub-interfaces configurations for routing on a stick.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
post #10 of 13
Thread Starter 
Sounds like this is mroe complicated than its worth, thanks for everyone's help and advice though. I probably should have stated this earlier, but what I intend to do is test out different anti malware scanners and system analyzers with live samples, and I don't want the malware to infect other computers on my network. I guess I'll just unplug the rest of my network while I'm testing
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Isolate computer from network