Network Configuration

To be able to run a firewall as virtual machine, the NetworkManager application offers insufficient flexibility. We need to bring up one of the interfaces (eth0) with a static IP address, and the other interface (eth1) without IP address to connect the WAN to it and isolate the “outside world” through the firewall. eth1 is passed through (bridged) to the firewall's red interface.

Remove NetworkManager

apt-get remove network-manager network-manager-gnome

Static IP address

/etc/network/interfaces

# main server interface
auto eth0
iface eth0 inet static
        address 192.168.1.11
        netmask 255.255.255.0
        network 192.168.1.0
        gateway 192.168.1.1
# define pass through interface for web server vm
iface eth1 inet manual

To keep eth1 invisible to the main server, but offer it to the vm, you need to manually bring the interface up. Add the following line to the definition of the eth0 interface:

post-up ifconfig eth1 up

Name Server (DNS)

vim /etc/resolv.conf

Remove all entries and add one line:

nameserver 192.168.1.3 # IP address of domain name resolver running on the firewall vm (dnsmasq)

Restart Network

Restart network:

sudo /etc/init.d/networking restart