Preventing Host OS from using a specific NIC

[urilabob]

This will initially sound like a virtualbox problem, but please bear with me, the underlying question is about network configuration. I have a virtualbox installation, and I need fairly high security separation between host and guest traffic. The university network the box hangs off uses statically-allocated ip addresses, allocated to fixed MAC addresses (i.e. it eats any traffic with mismatched ip and MAC addresses).

VBox: 3.0.4
Guest OS: Fedora 11 64bit
Hardware: dual NIC, Intel server
Bridged networking, with separate NICs for host and guest

I'm aiming for high-security separation between host and guest traffic. To do this, I would like to to run all host traffic through one NIC, H, and all guest traffic through the other, G. The host and guest have separate, statically allocated, IP addresses, IPH and IPG. The network forces these to be mapped to specific MAC addresses, MACH (the address of NIC H) and MACG (the address of NIC G). So it's not too hard to write host firewall rules to enforce this policy. The rules just have to state that traffic coming into H must have a destination compatible with IPH, and traffic going out must have IPH as source - and vv for G and IPG. There also don't seem to be any trouble telling the guest to only use NIC G. As a result, turning off NIC G (or equivalently, firewalling it off from host traffic) crashes the network, I have to reboot it to get networking working.

But I can't figure how to tell the host to _only_ use NIC H for anything else except the guest. Even though we don't see any IPH traffic coming into NIC G from outside, I don't seem to be able to stop the host from starting connections on NIC G. Does anyone know any way to do this - to tell the host that it can only use IPH as its IP address unless traffic is coming from a guest process, and that it can only use address MACH and NIC H? I've been reading route and arp manuals all day, but I can't seem to figure anything on this - mainly because arp and route don't know about host/guest processes, and I guess weren't designed with this in mind...

TIA for any help

Bob

[urilabob]

Now solved (but the solution is probably very specific to the environment). I have told the host that eth1 is a dhcp-allocated address (lying to your OS is fun!). So it tries (but always fails, since there is no dhcp server) to get a dhcp address for eth1. Thus it can only use eth0 for its comms. Meanwhile, the guest is perfectly happy to use eth1 with the fixed ip address it knows about. I assume this works because virtualbox accesses the host networking capabilities at a low level, presumably directly calling the network card drivers, and isn't going through the host's arp and route setup.

[stevea]

It sound like the correct solution is a routing table entry.

You may want to play with the
ip route show
or oldschool style
route
commands.

[urilabob]

That's what I'd been trying. But I'm not sure it's possible. To do what I want, the host routing system would have to know something like "if a connection is being established from or to IPG, it must go through NIC G and use MACG (all that, of course is OK), _and_ the local process it is communicating with must be associated with the guest virtual machine". I'm reasonably convinced, by now, that the second half is simply not expressible in route (ip route) language (and I don't think arp can do it either).

[urilabob]

The solution I mentioned earlier ended up failing, because someone started up a dhcp server on the subnet. Not quite sure why - it's hard to figure any way it would be useful to them. So anyway, the host was able to get a dhcp address for the NIC and started using it. So I changed the configuration to tell the host that NIC G had a fixed 169.x.x.x address. That seems to work - it recognises that no valid routing can be done over that NIC, and doesn't attempt to use it.