What's new

How to block some home networked pc's from only internet access?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

cooa99

New Around Here
Hi all,

I have a couple of virtual machines running on a headless windows 10 & Apple Mac mini pc in bridge mode, so access to the physical Home network. I can access them using vnc,Remote Desktop connection and the browser for some that have http related services.

The vm's themselves don't need internet access since I connect to them from within my home network which is using n Asus DSL AC68U router. I am worried the internet access posses a security treat considering some of those vm's are almost 10yrs old.

My question is How do I stop them from accessing the internet yet be fully functional within the home network?.
Is this to be down from within the router settings or/and the vm's themselves?

Thanks
 
If your VM NICs are bridged, remove their default gateway to prevent them from being able to connect outside of your LAN.
 
@RMerlin , This worked but the only way I could do it was to change the vm from DHCP to static IP address and omit the default gateway.
I take it doing the same on a DHCP vm is not so straight forward?

While on subject of security, Am I better off converting the NIC of the VM's from bridged to NAT?
 
@RMerlin , This worked but the only way I could do it was to change the vm from DHCP to static IP address and omit the default gateway.
I take it doing the same on a DHCP vm is not so straight forward?
You would need to have a configurable DHCP server where you can chose the gateway to provide to specific clients.

While on subject of security, Am I better off converting the NIC of the VM's from bridged to NAT?
If you worry about inbound connections coming from your LAN, this will provide a layer of security. But otherwise, I see no real point in doing so, unless you intend to have a host-local network between the VMs.
 
As RMerlin mentioned: removing the DGW (default gateway) is a quick way to go. But I have some ideas which might help too:

- what about firewall (directly on the OS level or via router or a main-firewall)?
- DNS restrictions (may be DNS Filter)?
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top