Vagrantfile - How to enable no network access

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Vagrantfile - How to enable no network access

Eric
I'm looking to setup Vagrantfile's configuration for virtualbox to only be accessible through a private-network from the host to the guest, and the guest it not allowed network or internet access

I'm trying to disable all guest network access from the host side, rather than using iptables from inside the guest

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/09a5f1a4-af05-4227-abda-3af985e51216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Vagrantfile - How to enable no network access

Alvaro Miranda Aguilera
for the host network only, add a private_network

for the 2nd part use an script with ,run: "always" that drop the default gateway

like: you may need to update eth0 to the first interface

  config.vm.provision "shell",
    run: "always",
    inline: "eval `route -n | awk '{ if ($8 ==\"eth0\" && $2 != \"0.0.0.0\") print \"route del default gw \" $2; }'`"
end

On Sat, Oct 21, 2017 at 10:13 AM, Eric <[hidden email]> wrote:
I'm looking to setup Vagrantfile's configuration for virtualbox to only be accessible through a private-network from the host to the guest, and the guest it not allowed network or internet access

I'm trying to disable all guest network access from the host side, rather than using iptables from inside the guest

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/09a5f1a4-af05-4227-abda-3af985e51216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Alvaro

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0exw_bgvFd-AAKpFRSU6QFg0vHgSaHhNksPbNxU27bRWnA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Vagrantfile - How to enable no network access

Eric

Thanks Alvaro!

But that would be a configuration change. I'm looking for a hardware change, so if the software running elevates to root it can try to change the routes all it wants, but it would be contained, because there isn't a network device for it to configure. And it also shouldn't be able to connect from guest to host. The only connection from host to guest should be the `vagrant ssh` connection



On 10/23/2017 10:58 AM, Alvaro Miranda Aguilera wrote:
for the host network only, add a private_network

for the 2nd part use an script with ,run: "always" that drop the default gateway

like: you may need to update eth0 to the first interface

  config.vm.provision "shell",
    run: "always",
    inline: "eval `route -n | awk '{ if ($8 ==\"eth0\" && $2 != \"0.0.0.0\") print \"route del default gw \" $2; }'`"
end

On Sat, Oct 21, 2017 at 10:13 AM, Eric <[hidden email]> wrote:
I'm looking to setup Vagrantfile's configuration for virtualbox to only be accessible through a private-network from the host to the guest, and the guest it not allowed network or internet access

I'm trying to disable all guest network access from the host side, rather than using iptables from inside the guest

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/09a5f1a4-af05-4227-abda-3af985e51216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Alvaro

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to a topic in the Google Groups "Vagrant" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/vagrant-up/XNusz1A6G1o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0exw_bgvFd-AAKpFRSU6QFg0vHgSaHhNksPbNxU27bRWnA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/1bc2afba-ab55-5d8d-d2f2-e0c8c0ef7136%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc (836 bytes) Download Attachment