Hi Rich, I believe the best solution for you would be creating a tap device on the host (with VBoxTunctl, please look at the manual). Then simply configure host's firewall on this interface to disable all ports except the one you need.
This setup nearly resembles the setup recommended for host interface networking in the manual except that you do NOT add the tap device to host's bridge (in fact you do not need the bridge at all). Cheers, Aleksey On Jan 14, 2009, at 4:09 PM, Rich Morin wrote: > At 07:36 -0500 1/14/09, Brett Serkez wrote: >> I would think would be provided with firewall running in the VM. > > If I understand you correctly, you're suggesting that I rely on a > firewall running in the the guest OS (eg, Shorewall) to police the > app. This isn't likely to be compromised, in practice, so it's a > practical solution which I may adopt. > > However, I'd much prefer a situation in which the policing is done > by external software. That would completely eliminate any chance > of the app compromising the firewall... > > FWIW, the guest OS is Debian Linux and the host OS is likely to be > either Mac OS X or Debian Linux. > > > At 13:50 +0100 1/14/09, Frank Mehnert wrote: >> Try NAT port forwarding ... > > I'm not sure I understand. Section 6.4.1 of the User Manual talks > about forwarding selected ports TO the guest OS, but that isn't the > issue here. What I want to do is make selected ports in the host > OS (and ONLY them) available to the guest OS. Can I do this? How? > > -r > -- > http://www.cfcl.com/rdm Rich Morin > http://www.cfcl.com/rdm/resume [email protected] > http://www.cfcl.com/rdm/weblog +1 650-873-7841 > > Technical editing and writing, programming, and web development > > _______________________________________________ > vbox-users mailing list > [email protected] > http://vbox.innotek.de/mailman/listinfo/vbox-users _______________________________________________ vbox-users mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-users
