[plug] Firewalling virtual machines

Brad Campbell brad at fnarfbargle.com
Tue Nov 29 16:05:04 AWST 2016

G'day All,

For years now I've been running Windows in various VM's. These generally 
have access to the local network but are prevented from interacting with 
the world by blocking them at the firewall.

This has the unfortunate side effect of apps trying to phone home, being 
able to resolve names but then eventually having connections time out. 
This is something I've not looked into but been progressively annoyed by 
as time passed.

This afternoon I was sufficiently motivated to have a look at the 
problem and found that 99.9% of these are http or https requests that 
sit and time out. Having an apache server on the network already for 
mrtg and cacti, I did a transparent redirect on the VM traffic so 
anything http or https got redirected to the local apache server which 
quickly answered with a 404.

This made _all_ the delays go away instantly and my applications are now 
much more responsive because they get an instant reply. As an added 
bonus for information, the apache logs give me the url's they are trying 
to contact.

Of course I might have been able to do the same thing by rigging 
iptables to reject the connection rather than have it drop the packets, 
but this was quick, easy and worked.


More information about the plug mailing list