Allowing only the guest/host on a network with no access to host's resources?

Hi,

I am a computer professional. This means, to me, that I have intermediate
knowledge in several areas, expert knowledge in a few areas, and that I am a
freaking idiot in all other areas. Figuring out how to set up Virtual PC and
networking seems to be the latter category for me. I read and read the help
file, and the info just doesn't seem to take root in my damn aging brain!

I need to configure things so that the host machine and guest VM(s) are on a
virtual network, and the guest(s) have no access to the host's intranet or
internet resources. From reading the Virtual PC help, it seems I need to
install the loopback adapter on the host, set its IP address to 192.168.x.y, set
the guests' network adapter to use the primary NIC, and set its IP to
192.168.x.z. And make sure the subnet mask for both is the same (255.255.255.0
has been suggested), and that the gateway IP is blank for both.

Is this all? When I set this up, on the guest VM under Network Connections, the
Local Area Connection status says "Connected, Firewalled". The host's OS is
Windows XP SP2. I have Virtual PC 2004 SP1 installed. Is there something I
need to configure with the XP SP2 firewall? Or the guest's firewall, it's XP
SP2 also.

I appreciate any replies and direction.
Thanks,
Chuck

 

If you want the guest machine to be able to see the host but not the
host's intranet, you set the guest NIC to use the loopback adapter option,
not the physical NIC on the host. The loopback adapter on the host and the
virtual NIC in the guest are in the same IP subnet.

With this setup, the guest can only see the intranet if you configure IP
routing on the host.

If you set the guest to use the physical NIC, it looks like just another
machine on the intranet. It shares the physical NIC on the host. Virtual
Machine Network Services intercepts the packets addressed to the guest.

 

Bill,

How do I set the guest NIC to use the loopback adapter? The only options I see
for setting the network adapter in the Virtual PC Settings page are None, Local
only, the physical NIC, and Shared (NAT). Do I install the loopback adapter on
the guest OS also?

Thanks,
Chuck

 

How do I set the guest NIC to use the loopback adapter? The only options I
see

Hello Chuck
I had the same problems but is seems I resolved them.
First, configure the Loopback in the Host and don't forget to check "Virtual
Machine Network Service" in the general tab.
After that you will see in the guest virtual machine Edit>settings>Network a
new network adapter option: "Microsoft Loopback adapter". Choose this option.
Now you can use Ping to test the connections between the host and guest.
Remember to configure the firewalls to accept ICMP messages (echo is the one
for Ping-Pong).

Best regards and sorry for my poor English.

 

This is what I cannot figure out. I have the loopback adapter installed on the
host, when I did that, a "Local Area Connection 2" appeared and I set the IP and
subnet values for that connection. I didn't see any where to set those values
on the properties for the network adapter itself. And "Virtual Machine Network
Service" is set. But I still only see four option values for networking adapter
for the guest VM: None, Local only, the physical NIC, and Shared (NAT). I
rebooted the host, I shut down the guest, still no change.

I have Virtual PC 2004 SP1 with VM Additions installed, is there any newer
version? Why do people see a "loopback option" for that item and I don't?

Thanks,
Chuck

 

Maybe I am missing something, but if you don't want the guest(s) to
have access to the host, why not just use the Local ony networking
option?



--
Cheers,
Steve Jain, Virtual Machine MVP
Website: http://www.essjae.com
"This posting is provided "AS IS" with
no warranties, and confers no rights.
You assume all risk for your use.
I am not am employee of Microsoft."

 

Steve, I do want the guest to have access to the host, just not to the
host's intranet or internet resources. So, if the host was running an
instance of SQL Server, then I would want the guest to be able to
connect to that server, but not to the outside world directly. Thanks
for trying to help me figure this out.

Chuck

 

Something is screwed up if VMNS is present and checked on the loopback
adapter on the host, but you don't get the option to use it in the virtual
machine.

I would shut down the guest, then reinstall VPC while the loopback
adapter is enabled on the host.

 

Bill, I did this, and then the loopback option DID appear in the network setting
options in Virtual PC! As soon as I selected that option and restarted the
guest VM, I was able to connect from the guest to the host, ping it, but was not
able to access any resources on the host's intranet or internet, which is
exactly what I wanted. Thanks!

Chuck

 

I figured out why this situation occurred in the first place, where I had
installed Virtual PC 2004 SP1 and after installing the MS Loopback adapter, it
didn't show up as an option for the networking adapter. I had the original
version of Virtual PC 2004 installed, and had installed SP1 when it came out.
When I took a clean machine and installed VPC w/SP1 using the combo ISO that's
at MSDN Subscriber Downloads, and then subsequently installed the Loopback
adapter, it showed up in the networking options correctly.

I also determined that taking the original copies of VPC 2004 and SP1 that I had
used on my primary PC and installing them on a clean machine resulted in getting
the error message:

The Virtual Machine Monitor driver required by Virtual PC is missing. Please
reinstall Virtual PC and try again.

But reinstalling didn't work, every time I'd install VPC 2004 and then the
separate SP1 patch (the install of which showed a dialog that said "Removing
applications..." at one point), running VPC would always give me that error.

I'm posting this detail because I did a search of this group on that error
message and saw several people asking about it but no replies.

Thanks again to Bill and Fede for helping me get this figured out!

Chuck