I'm trying to figure out how to bridge two vmware (server or workstation, workstation) or virtualbox networks together with a linux IDS/IPS system transparently inline between both the virtual networks. How do I accomplish this? I understand how to bridge to virtual networks together, but how to I make the linux virtual machine sit between them and force traffic to go across the transparent bridge?
I would like to have something along the lines of:
vmnet a
various vms
host-only network
---->
inline linux box
vmnet a boxes forced to go through here to get to the internet
--->
vmnet b
network with internet access
configured as either NAT or bridged
-->
internet
I know that basically the linux box needs two virtual nics, one on vmnet a and vmnet b, but other than that, I don't know how to force all the traffic to go across the "transparent" bridging linux box on its way to the internet. Do vmnet a and b have to be the same ip network with the same default route? does vmnet a not have a default route and vmnet b have a default route? I've read in vmware forums that on the linux host you need to change permissions on the vmnet files for promiscuous mode? is this true? how do you configure this scenario on a windows box?
I guess there are many ways to accomplish this. Keeping in mind what you want to do, I would:
hostB
would have a default gateway which as it should already be set (a router on your ISP provider), and you should add a route tonetA
throughIDS host
(onhostB
):IDS Host
should forward all traffic (or just the one you want):This will enable forwarding in the kernel, and allow all traffic to go throuth this box. Last, hosts on netA should have as default gateway
IDS host on netA
(on any host on netA):So, all you need to do is, on your IDS, have a network interface on vmnetA and another one on vmnetB.