<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">This does look cool - if you ever get a chance to test graphics passthru let me know. I have been wanting to concurrently run my gaming rig and linux workstation for a few years now but the technology just hasn't been there (or at least in a non-complicated way)</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre><br>Regards,<br><br>Thomas Cuthbert</pre></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Nov 29, 2016 at 8:23 PM, Dean Bergin <span dir="ltr"><<a href="mailto:dean.bergin@gmail.com" target="_blank">dean.bergin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello Brad,<div><br></div><div>Thanks for sharing that.</div><div><br></div><div>I have renewed faith in being able to safely run the newer generations of microsoft operating systems if needed with some more assurance towards blocking things like telemetry etc.</div><div><br></div><div>Out of curiosity, do you allow any of the windows VM's to auto-update? I would be interested in a targeted solution to block telemetry, and other "phone-home" mechanisms at a firewall level, while only allowing local or specific subnets as well as automatic updates somehow.</div><div> </div></div><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 29, 2016 at 4:05 PM Brad Campbell <<a href="mailto:brad@fnarfbargle.com" target="_blank">brad@fnarfbargle.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">G'day All,<br class="m_-7884039164518853085gmail_msg">
<br class="m_-7884039164518853085gmail_msg">
For years now I've been running Windows in various VM's. These generally<br class="m_-7884039164518853085gmail_msg">
have access to the local network but are prevented from interacting with<br class="m_-7884039164518853085gmail_msg">
the world by blocking them at the firewall.<br class="m_-7884039164518853085gmail_msg">
<br class="m_-7884039164518853085gmail_msg">
This has the unfortunate side effect of apps trying to phone home, being<br class="m_-7884039164518853085gmail_msg">
able to resolve names but then eventually having connections time out.<br class="m_-7884039164518853085gmail_msg">
This is something I've not looked into but been progressively annoyed by<br class="m_-7884039164518853085gmail_msg">
as time passed.<br class="m_-7884039164518853085gmail_msg">
<br class="m_-7884039164518853085gmail_msg">
This afternoon I was sufficiently motivated to have a look at the<br class="m_-7884039164518853085gmail_msg">
problem and found that 99.9% of these are http or https requests that<br class="m_-7884039164518853085gmail_msg">
sit and time out. Having an apache server on the network already for<br class="m_-7884039164518853085gmail_msg">
mrtg and cacti, I did a transparent redirect on the VM traffic so<br class="m_-7884039164518853085gmail_msg">
anything http or https got redirected to the local apache server which<br class="m_-7884039164518853085gmail_msg">
quickly answered with a 404.<br class="m_-7884039164518853085gmail_msg">
<br class="m_-7884039164518853085gmail_msg">
This made _all_ the delays go away instantly and my applications are now<br class="m_-7884039164518853085gmail_msg">
much more responsive because they get an instant reply. As an added<br class="m_-7884039164518853085gmail_msg">
bonus for information, the apache logs give me the url's they are trying<br class="m_-7884039164518853085gmail_msg">
to contact.<br class="m_-7884039164518853085gmail_msg">
<br class="m_-7884039164518853085gmail_msg">
Of course I might have been able to do the same thing by rigging<br class="m_-7884039164518853085gmail_msg">
iptables to reject the connection rather than have it drop the packets,<br class="m_-7884039164518853085gmail_msg">
but this was quick, easy and worked.<br class="m_-7884039164518853085gmail_msg">
<br class="m_-7884039164518853085gmail_msg">
Regards,<br class="m_-7884039164518853085gmail_msg">
Brad<br class="m_-7884039164518853085gmail_msg">
______________________________<wbr>_________________<br class="m_-7884039164518853085gmail_msg">
PLUG discussion list: <a href="mailto:plug@plug.org.au" class="m_-7884039164518853085gmail_msg" target="_blank">plug@plug.org.au</a><br class="m_-7884039164518853085gmail_msg">
<a href="http://lists.plug.org.au/mailman/listinfo/plug" rel="noreferrer" class="m_-7884039164518853085gmail_msg" target="_blank">http://lists.plug.org.au/<wbr>mailman/listinfo/plug</a><br class="m_-7884039164518853085gmail_msg">
Committee e-mail: <a href="mailto:committee@plug.org.au" class="m_-7884039164518853085gmail_msg" target="_blank">committee@plug.org.au</a><br class="m_-7884039164518853085gmail_msg">
PLUG Membership: <a href="http://www.plug.org.au/membership" rel="noreferrer" class="m_-7884039164518853085gmail_msg" target="_blank">http://www.plug.org.au/<wbr>membership</a><br class="m_-7884039164518853085gmail_msg">
</blockquote></div></div></div><span class="HOEnZb"><font color="#888888"><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><div><br></div><div>Kind Regards,</div><div><br></div><div><i>Dean Bergin</i>.</div><div><br></div></div></div>
</font></span><br>______________________________<wbr>_________________<br>
PLUG discussion list: <a href="mailto:plug@plug.org.au">plug@plug.org.au</a><br>
<a href="http://lists.plug.org.au/mailman/listinfo/plug" rel="noreferrer" target="_blank">http://lists.plug.org.au/<wbr>mailman/listinfo/plug</a><br>
Committee e-mail: <a href="mailto:committee@plug.org.au">committee@plug.org.au</a><br>
PLUG Membership: <a href="http://www.plug.org.au/membership" rel="noreferrer" target="_blank">http://www.plug.org.au/<wbr>membership</a><br></blockquote></div><br></div>