Isolated hostonly networks on the same host - Virtualbox provider
140 views
Skip to first unread message
Erik Zilinsky
Sep 23, 2020, 2:40:20 AM9/23/20
to Vagrant
Hello guys, I have the following 3 private networks on the same host:
VM1 - config.vm.network "private_network", ip: 192.168.0.2
VM2 - config.vm.network "private_network", ip: 192.168.1.2
VM3 - config.vm.network "private_network", ip: 192.168.2.2
How can achieve isolated networks? Currently I can ping VM2 from VM1.
I would like to achieve the following:
- host can reach VMs
- guests have internet connection
- guests cannot reach each other
Thanks in advance!
Erik Zilinsky
Jeff Bonhag
Sep 23, 2020, 11:46:38 AM9/23/20
to vagra...@googlegroups.com
Hi there,
If you're using VirtualBox, you can further isolate your VMs by using Internal Networking. For example:
Vagrant.configure("2") do |config|
config.vm.box = "hashicorp/bionic64"
config.vm.define "vm1" do |vm1|
vm1.vm.network "private_network", ip: "192.168.0.2",
virtualbox__intnet: true
end
config.vm.define "vm2" do |vm2|
vm2.vm.network "private_network", ip: "192.168.1.2",
virtualbox__intnet: true
end
config.vm.define "vm3" do |vm3|
vm3.vm.network "private_network", ip: "192.168.2.2",
virtualbox__intnet: true
end
end
config.vm.box = "hashicorp/bionic64"
config.vm.define "vm1" do |vm1|
vm1.vm.network "private_network", ip: "192.168.0.2",
virtualbox__intnet: true
end
config.vm.define "vm2" do |vm2|
vm2.vm.network "private_network", ip: "192.168.1.2",
virtualbox__intnet: true
end
config.vm.define "vm3" do |vm3|
vm3.vm.network "private_network", ip: "192.168.2.2",
virtualbox__intnet: true
end
end
With this setup, you should be able to ssh into vm1/vm2/vm3, but the VMs can't ping each other.
More information about the Internal Networking configuration for Vagrant can be found here: https://www.vagrantup.com/docs/providers/virtualbox/networking#virtualbox-internal-network
Cheers,
Jeff
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vagrant/issues
Discuss: https://discuss.hashicorp.com/c/vagrant/24
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/771180ae-9033-4be0-84c6-f4487dc92d71n%40googlegroups.com.
Erik Zilinsky
Sep 24, 2020, 2:51:21 AM9/24/20
to Vagrant
Thanks for your message! I forgot to mention that I have services running on that hosts, 192.168.0.2:80, 192.168.1.2:8080, 192.168.3.80, I'm routing them with HAProxy. With internal network set up, HAProxy doesn't see that services anymore. So my setup is that i have one host, 3 guests, and HAProxy installed on that host.
Jeff Bonhag
Oct 2, 2020, 9:54:37 AM10/2/20
to vagra...@googlegroups.com
Hey Erik,
Ah, I see, thanks for the additional details. I'm not super familiar with HAProxy, but here are a couple of ideas:
1.) Add port forwards for each service, and configure HAProxy point to the forwarded port. For example, you could add:
vm2.vm.network "forwarded_port", guest: 8080, host: 28080
Then, change HAProxy to point to localhost:28080 instead of 192.168.0.2:8080
2.) You might also consider creating firewall rules to isolate the guests (i.e. running iptables or ufw with a shell provisioner).
Cheers,
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/64656932-273f-4c0f-aa84-9eef198b1963n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages