Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 7261 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home as a laptop firewall

MrMuishond

Considering how hostile a lot of 'open wifi' services are (fishing, fake certs, etc), I've been thinking about using XG Home under Hyper-V on my laptop, purely as a personal firewall for the laptop itself. So the XG VM would have exclusive access to the network card, and a virtual network interface would connect my Windows instance to the XG instance.

 

Physical network adapter <--> XG VM <--virtual adapter--> Windows

 

Anyone tried this? Hyper-V (and KVM) are basically type 1 hypervisors, so it shouldn't be possible for Windows to talk to the hardware directly..



This thread was automatically locked due to age.
  • 0

    In theory your setup will work but keep in mind that XG will need around 4GB ram to work. You could probably make it work with around 2GB since you are the only client but since your laptop would be offline/hybernating/turned off when you are not using it, the virus and other definitions maybe out of date on XG. Also, don't know how XG would react if you wake up hyper-v from sleep in a laptop. XG works fine in hyper-v but you are asking too much from your laptop that is designed for best speed/heat/battery compromise and will probably make it slow and a battery hog.

    I would personally just setup vpn to my home firewall and connect that way instead of trying to install a full featured UTM on a laptop. Same safety, no wifi compromise and your laptop will function like it always does. If you are only concerned about ports, windows firewall does block incoming and outgoing connections believe it or not[8-|]

  • 0 in reply to Billybob

    Thanks Billybob, I tried it and it did work. But the performance was poor.

    I dislike the built-in Windows firewall for 2 reasons. First everyone runs it, so it's likely to be attacked.

    Secondly, you just can't control it! At this moment I have 23 active inbound 'allow' rules (most on 'all' network types). I don't want any of them! Last year I tried changing the rules to 'deny'. They changed back. I disabled the services, they reactivated. I even set GPO's to block firewall modifications, but that made no difference.

    I can't understand why the Microsoft Store, for example, needs to allow incoming connections on public networks, with any protocol, any source port and any dest port. Everything uses 80/443 now anyway.

    It's not that I'm anti-Windows, but I'd really like a functional firewall, which for a laptop probably means putting windows in a VM.

    Anyway, thanks for the help!

     

    Edit: thats the same reason I don't want a VPN. Who's to say Windows will exclusively use it.

  • 0 in reply to MrMuishond

    I thought you would have problems with performance. In any case, don't worry about traffic leaking through vpn. You can look at your routing table if concerned but if you set your vpn to route all traffic, there should be no leakage.

    I understand your concerns and you have to be vigilant but if you are protecting your traffic via vpn and sing smart browsing techniques, you are probably already ahead of 95% of the population out there.