You could use the NAT virtual network for the VMs (it's VMnet8 in VMware server, if that's what you're using). With this set up, the VMs can see each other, and the VMware server host acts as the default gateway. Apply the ip tables rules to the host interface that is on the NAT network ("VMware Network Adapter VMnet8"). Of course, this doesn't work if hosts on other networks need access to the VMs (e.g. via ssh).
>>
>>
>>That's a problem as some of the VM's are windows boxes and we don't want to
>>trust
>>them to protect themselves.
>>
>>
>>Thus spake Jim Popovitch (yahoo at jimpop.com):
>>
>>> On Mon, 2007-06-04 at 15:01 -0400, Robert L. Harris wrote:
>>> >
>>> > It is bridged. I'm running the firewall on the host OS. So I would
>>need
>>> > to apply it to "vmnet1" or "vmnet8" ? running tcpdump on these
>>interfaces
>>> > doesn't show any traffic.
>>>
>>> You need to add iptables rules inside each virtual machine. The host
>>> can not protect the bridged interface.
>>>
>>> -Jim P.
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://www.ale.org/mailman/listinfo/ale
>>
>>:wq!
>>---------------------------------------------------------------------------
>>Robert L. Harris | GPG Key ID: E344DA3B
>> @ x-hkp://pgp.mit.edu
>>DISCLAIMER:
>> These are MY OPINIONS With Dreams To Be A King,
>> ALONE. I speak for First One Should Be A Man
>> no-one else. - Manowar
>>
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale