Possible to secure Windows client machine with Linux IDS virtual machine as gateway?

This question is kind of vague, but I have work experience with Hyper-V, Proxmox, Xen, VirtualMachine, VirtualBox, etc... But I have never thought about this scenario until I thought about my own home computer.

I am thinking about ways that I can harden my home computer's security, and I started to think about whether it would be possible to set up a virtual machine on my physical desktop. The guest vm would be the gateway that my main desktop computer would use to route internet traffic through, and then that guest VM would route traffic out to my Mikrotik network firewall.

A. Has anybody tried this? If so, which security distro would you recommend? I've previously used M0n0wall and pfsense in times past.

B. Is there even a benefit since my physical guest is still plugged physically into the network switch of my internet network firewall (Mikrotik)?

C. Concerned about network performance, which specific hypervisor would you recommend? I know that VirtualBox guests need to be started manually, so my immediate thought is to avoid VB since I can't have a guest background start at boot up. I thought about installing the Hyper-V feature in Windows 10, but if there is a better choice to use for a Linux security vm I'd rather use it instead.

Thanks for any input!


EDIT: I am aware that this could effectively double NAT my home computer, and I am ok with that.

I've done this with a fully virtual environment for security testing in one of my college courses. I had several virtual clients routed through a virtual firewall/ids, and it all worked fine in terms of getting access to the internet and configuring everything properly.

One thing you'd have to do is set up your VM with a bridged connection so it grabs its own IP address from your physical router. Once you've done that, it's separate from your host Windows machine and you should be able to change your Windows network settings to route through the VM.

It may end up being a bit screwy, and I can't validate if it will work correctly or not, but I don't see why it shouldn't work. I can test this for you in a few minutes to see how crazy I am since I still have my firewall/ids VM.

EDIT: After giving it some effort, I've come to the conclusion that at least with VMware Fusion on Mac, routing your bare-metal OS through a virtual OS will not work.

I set one of my virtual NICs to "Bridged" and had it grab an IP address from my physical router. I then setup the virtual network on a separate NIC under a different subnet than my physical network. Following this, I manually set my Mac to be on the virtual subnet and attempted to ping the virtual firewall. This gave me "Destination Host unreachable" errors and nothing more.

To verify that everything was working properly in terms of the virtual firewall/IDS being able to route traffic, I sent some test pings through each step of my virtual network into my physical network, and finally to the Internet. All of these went through without issue. I then brought up a virtual client, set my address settings to be on the virtual network and default gateway as the internal virtual NIC, and proceeded to browse the internet without issue.

TL;DR - Doesn't work on a Mac with VMware Fusion using a single physical NIC. Might be best to find an old computer and set that up as a physical IDS.

1 Like

Thanks! Just because it seems I'm alot like you, I'm going to try the same with Hyper-V since it works well with bridged NIC's on Windows. I would think that my physical computer's IP could be different than the physical network as long as the virtual machine's NIC is on an IP from that same bridged NIC that is on my physical network. I would then have to configure NAT on that vm guest and route my PC through it.

I'll let you know how my testing goes as well.

I was able to change my Mac to the virtual network, it just couldn't communicate with anything. Gateway and subnet mask were all set correctly as well. Even while my Mac was "on" the virtual network, my VMs had no problem communicating with my physical network.

I suspect it has something to do with VMware locking my wireless NIC to my physical network in order for it to correctly communicate with my physical router, but my IPv4 settings were all set to my virtual network and continued to show that throughout my testing.

It might work with 2 physical NICs where one is used for connecting the VM to the physical network but is set to some arbitrary IP, while the other is set to route through your VM. I'd test that but probably won't have time for the next couple of days.