trying to figure out how to bridge two virtual networks together and in turn bridge that to the internet for a virtual inline IDS/IPS system

Posted by Tony robinson on Server Fault See other posts from Server Fault or by Tony robinson
Published on 2011-01-31T23:21:33Z Indexed on 2011/01/31 23:27 UTC
Read the original article Hit count: 322

Filed under:
|
|
|
|

I'm trying to figure out how to bridge two vmware (server or workstation, workstation) or virtualbox networks together with a linux IDS/IPS system transparently inline between both the virtual networks. How do I accomplish this? I understand how to bridge to virtual networks together, but how to I make the linux virtual machine sit between them and force traffic to go across the transparent bridge?

I would like to have something along the lines of:

vmnet a
various vms
host-only network

---->

inline linux box
vmnet a boxes forced to go through here to get to the internet

--->

vmnet b
network with internet access
configured as either NAT or bridged

-->

internet

I know that basically the linux box needs two virtual nics, one on vmnet a and vmnet b, but other than that, I don't know how to force all the traffic to go across the "transparent" bridging linux box on its way to the internet. Do vmnet a and b have to be the same ip network with the same default route? does vmnet a not have a default route and vmnet b have a default route? I've read in vmware forums that on the linux host you need to change permissions on the vmnet files for promiscuous mode? is this true? how do you configure this scenario on a windows box?

© Server Fault or respective owner

Related posts about linux

Related posts about vmware