I am making a virtual network setup for my high school cybersecurity team to practice. I am connecting all the VMs together through a VPN and then people who are practicing will VPN in and ssh/remote desktop into the different VMs. The problem is that for practicing, they will need root access into the VMs and because the VMs are connecting to my personal network, the VMs pose a security risk to my personal network. Is there any way in either VMWare or VirtualBox or even making an unchangeable iptable (I can make all the windows VMs go thru a linux VM) to prevent people from connecting to my local network via the VM?
Asked
Active
Viewed 197 times
2 Answers
1
Have you thought about this:
- VMacc will be the linux access VM, this one has a public IP I guess? It also has is your VPN access point.
- Create a virtual switch in vmware and put all your vulnerable VM's in the same subnet. You can use the let them be on the same subnet your vulnerable VM's will be on.
Now just firewall so that only the openvpn port is open on your Linux machine. People will be able to VPN into your network and access the vulnerable VM's and there is no connection to your normal LAN since they are on their own virtual network.
Lucas Kauffman
- 54,169
- 17
- 112
- 196
1
You can also:
Put the host of the VMs into a separate VLAN, considering possible risks already described on StackExchange.
Create a NAT for the VMs on the host(or the linux box you wrote about) and block access to your personal network via IPTables like this:
iptables -I FORWARD 1 -d 192.168.0.1 -j ACCEPT
iptables -I FORWARD 2 -d 192.168.0.0/24 -j DROP
Assuming your network address and default gateway.
