[plug] Firewalling virtual machines
Brad Campbell
brad at fnarfbargle.com
Tue Nov 29 16:05:04 AWST 2016
G'day All,
For years now I've been running Windows in various VM's. These generally
have access to the local network but are prevented from interacting with
the world by blocking them at the firewall.
This has the unfortunate side effect of apps trying to phone home, being
able to resolve names but then eventually having connections time out.
This is something I've not looked into but been progressively annoyed by
as time passed.
This afternoon I was sufficiently motivated to have a look at the
problem and found that 99.9% of these are http or https requests that
sit and time out. Having an apache server on the network already for
mrtg and cacti, I did a transparent redirect on the VM traffic so
anything http or https got redirected to the local apache server which
quickly answered with a 404.
This made _all_ the delays go away instantly and my applications are now
much more responsive because they get an instant reply. As an added
bonus for information, the apache logs give me the url's they are trying
to contact.
Of course I might have been able to do the same thing by rigging
iptables to reject the connection rather than have it drop the packets,
but this was quick, easy and worked.
Regards,
Brad
More information about the plug
mailing list