I am running a Vagrant VM and am trying to have a network isolated mode. Since disabling or changing anything with the default NAT interface breaks Vagrant I decided to block ALL traffic inside the CentOS 7 VM except the host IP.
Let's make 1.1.1.1 the host's IP
This is the command I am trying inside the Guest CentOS 7 VM:
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 1.1.1.1 -j ACCEPT && \
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 1.1.1.1 -j ACCEPT && \
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -j DROP && \
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP && \
sudo firewall-cmd --reload
With this I am able to ping from the Guest to the Host but am unable to ping the Guest from the Host.
What am I doing wrong? Basically, I just need to have SSH, TCP, and UDP access to the VM and host.
решение1
It looks like @djdomi's answer is working for me.
I deleted the gateway with the following command in the VM
sudo ip route del 0/0
Network was disconnected. However, I was able to SSH using vagrant ssh
Сначала я застрял, пытаясь использовать nmap для сканирования VM, но я использовал статический IP private_network, который не работал. Используя NAT IP Vagrant, я смог пинговать с хоста на VM, а также сканировать nmap.