0

I am running a Vagrant VM and am trying to have a network isolated mode. Since disabling or changing anything with the default NAT interface breaks Vagrant I decided to block ALL traffic inside the CentOS 7 VM except the host IP.

Let's make 1.1.1.1 the host's IP

This is the command I am trying inside the Guest CentOS 7 VM:

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 1.1.1.1 -j ACCEPT && \
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 1.1.1.1 -j ACCEPT && \
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -j DROP && \
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP && \
sudo firewall-cmd --reload

With this I am able to ping from the Guest to the Host but am unable to ping the Guest from the Host.

What am I doing wrong? Basically, I just need to have SSH, TCP, and UDP access to the VM and host.

Fyrie
  • 11
  • 2
  • remove the default gateway and its mostly isolated. you cab also run a vlan to separate it also – djdomi Apr 15 '22 at 17:11
  • I removed the default gateway and it is working! But then I realized nmap isn't able to scan the target. ```Offending packet: TCP 192.168.1.1:44126 > 192.168.1.225:111 S ttl=57 id=39288 iplen=44 seq=1857285822 win=1024 sendto in send_ip_packet_sd: sendto(6, packet, 44, 0, 192.168.1.225, 16) => Operation not permitted ``` – Fyrie Apr 15 '22 at 18:35
  • i cant read a comment that needs to ve added to the question. please remind to edit the question instead of a comment – djdomi Apr 17 '22 at 17:01

1 Answers1

1

It looks like @djdomi's answer is working for me.

I deleted the gateway with the following command in the VM

sudo ip route del 0/0

Network was disconnected. However, I was able to SSH using vagrant ssh

Initially I was stuck trying to use nmap to scan the VM but I was using the private_network's static IP which did not work. Using the Vagrant's NAT IP I was able to ping from host to VM as well as nmap scans.

Fyrie
  • 11
  • 2
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 16 '22 at 14:37