Each host-only network is intended to be confined to the host machine on which it is set up. That is, no packets sent by virtual machines on this network should leak out to a physical network attached to the host. Packet leakage can occur only if a machine actively forwards packets. Note that this can be true of the host machine or any virtual machine running on the host-only network.
However, it is possible for the host machine to be configured in a way that permits packet leakage. Systems that support the TCP/IP protocols are usually capable of forwarding IP packets they receive but that are not addressed to them. By default, however, these systems come with IP packet forwarding disabled. Virtual machines may leak packets as well. For example, if you use Dial-Up Networking support in a virtual machine and packet forwarding is enabled, host-only network traffic may leak out through the dial-up connection.
If you find packets leaking out of a host-only network, check if forwarding has been enabled on the host machine and, if it is enabled, disable it.
For many Linux systems, you can disable IP forwarding by writing a 0 (zero)
to the special file /proc/sys/net/ipv4/ip_forward. As root, enter this
command:
echo 0 > /proc/sys/net/ipv4/ip_forward
For other systems there is a system configuration option that you can set. The method depends on your Linux distribution. You may use a control panel, specify a setting at the time you compile your kernel or possibly enter a specification when you boot your system. Consult your operating system documentation for details on the method to use with your particular distribution.
If the host computer has multiple physical network adapters, it may be intentionally configured to do IP forwarding. If that is the case, you do not want to disable forwarding. Instead, to avoid packet leakage you must enable a packet filtering facility and specify that packets from the host-only network should not be sent outside the host computer. Consult your operating system documentation for details on how to configure packet filtering.
Virtual machines may leak packets. For example, if you use Dial-Up Networking support in a virtual machine and packet forwarding is enabled, host-only network traffic may leak out through the dial-up connection. To prevent the leakage, be sure packet forwarding is disabled in your guest operating system.
© 2001-2002 VMware, Inc. All rights reserved.