I am not sure if this is the proper forum but I'd appreciate any help/assistance/ideas...

We have two networks totally isolated from each other (physically and with different subnets), one internal network only and one that connects to the internet only (with firewall of course). Usually those that are authorized to access the internet have two machines for each network, internal domain and internet.

Now, with virtualization technology, we're thinking of reducing costs by setting up only one computer with two NICs. One for the internal network and one for a virtual machine that connects to the internet.

How can I make the second NIC (the one for the quest OS) invisible/inaccessible to the host OS?

With firewall rules.
Also prevent routing from subnet a to subnet b...
Mrk

Thanks Mrkvonic for the reply. Exactly how do I prevent routing from subnet to subnet with the host? so, that there's no traffic between the host OS and NIC #2. Host OS will be Windows XP (for network).

What firewall will you be using?

I was thinking more along the line of something linux-like, but you can manage with fine with a solid Windows firewall too. Preferably something you can control per-rule and not per-application.

Mrk

-{ Quote: "Thanks Mrkvonic for the reply. Exactly how do I prevent routing from subnet to subnet with the host? so, that there's no traffic between the host OS and NIC #2. Host OS will be Windows XP (for network)." }-
You do not need a firewall to achieve this. Simple disable the components at that NIC on the host. [Internet Protocol (TCP/IP), Client for Microsoft Windows, file and printer sharing For Microsoft Networks]

Panagiotis

Thanks! What I actually did was set it to static IP address, different subnet and DNS to itself in the host.
Like if NIC 2 is physically connected to 192.168.10.0/255.255.255.128 network, I set it to IP 10.10.10.10/255.255.255.0/GW:10.10.10.10/DNS:10.10.10.10. With this setup, no network traffic whatsoever between host and NIC#2 network.

-{ Quote: "Thanks! What I actually did was set it to static IP address, different subnet and DNS to itself in the host.
Like if NIC 2 is physically connected to 192.168.10.0/255.255.255.128 network, I set it to IP 10.10.10.10/255.255.255.0/GW:10.10.10.10/DNS:10.10.10.10. With this setup, no network traffic whatsoever between host and NIC#2 network." }-
Yes, this is another method to do it.
But, disabling the components is safer, since it "disconnects" that nic from the network. And it is easier to do it. ;)

Panagiotis

You are right! I just tried your method, simply untick the boxes in LAN properties. Yes, will use your suggestion. Big thanks!