Is there a way that I can segment my virtual machine from my LAN, yet still make it available to outside users? What I'm trying to achieve is a VPS type of thing, but I'm not sure how hosting companies do it.
Background: I'm currently trying to expand my knowledge of UNIX security, and I thought, what better way to do so than give out SSH accounts and see what people can break? The home directories of these users will also have a public_html folder which they can access from the web (http://site/~username). The tricky thing is segmenting this from my LAN. If I use host-only networking, nobody can reach it. If I set it to bridged networking things are fine and dandy, except for the fact that this box can:
- See my router's admin page
- See other machines on the network
- And of course, see the associated Windows shares.
Is there a way to put it in it's own "virtualized VLAN"? I mean, I could make it use one of my physical network adapters, and run that cord into a switch, but I dont feel like spending money on a switch with VLAN capabilities for something temporary. The same idea goes for a firewall to put it in a DMZ, unless of course there is a software way to do this. My current DSL modem has a DMZ function to put one machine in a DMZ, but my web server is already occupying that (and does the modem's DMZ feature really segment the machine, or just make it public facing?)
I will be closely monitoring the system for abuse. cURL and wget have been removed, and I'm using trickle to throttle the bandwidth for the box to 20kb/s.
I'm probably missing the obvious answer here, someone please enlighten me.
No comments:
Post a Comment