Re: NATing with VirtaulBox and NetworkManager

From: Bob Ziuchkovski <jazzsax006 gmail com>
To: networkmanager-list gnome org
Subject: Re: NATing with VirtaulBox and NetworkManager
Date: Thu, 8 Nov 2007 14:36:40 -0700

I do something similar, only using bridging.  I know you said this doesn't 
work for you, though I'm not sure why that is the case.  On boot I bring up a 
tap interface without an address, bridge it as the sole interface to br0, and 
assign br0 an ip address on a subnet unique to my laptop.  I then have two 
vbox tap interfaces that are configured as per VirtualBox's manual using the 
software's internal tap handling.  These interfaces belong to a WinXP VM and 
a Win2k3 demo VM, and I've set VirtualBox to bridge them to br0.  Since 
VirtualBox struggles with Solaris and FreeBSD guests, I've installed VMWare 
player and configured it to bridge to br0 as well.  This allows me to run 
Solaris 10 VMs and a FreeBSD VMs through VMWare Player.  The result is that 
all of my virtual machines can communicate with each other and my laptop, 
regardless of which VM software is used.  I use a dispatcher script similar 
to what you posted to select the proper interface for masquerading and to 
bring up an iptables firewall to protect my virtual network.  However, I also 
run DHCP and BIND9 services on br0 to allow easy network configuration and 
name resolution for the VMs on the virtual network.  I'm not sure if this is 
at all helpfull, but you asked for suggestions for improvement.  :)

Bob Z.

On Thursday 08 November 2007 2:08:21 pm Brian Millett wrote:
> For what it's worth,
>
> I use VirtualBox on my fedora laptop.  Now, I need to access the guest OS
> from the host as well as access the host from the guest.  Using the normal
> "NAT" that is built into VirtualBox doesn't allow that.  I also can not use
> the Bridging method explained in the manual, so I've done the following
> that works with NetworkManager.
>
> I need to have the guest access the net wither I'm using wireless or switch
> to wired.  I setup a 'tap0' device that I assign an address, then I make
> sure that the iptables firewall will let me NAT and setup MMASQUERADE for
> what ever device is active.  You just need to assign a static ipaddr to the
> guest and make sure that the gateway on the guest is the ipaddr of the tap0
> device.
>
> Any suggestions for improvement are greatly encouraged.
>
>
> I've setup a dispatcher to do all of the work for me.
>
> #!/bin/bash
>
> PATH=/sbin:/usr/bin:/usr/local/bin:/bin:/usr/bin:/usr/sbin
>
> if [ -x /usr/bin/logger ]; then
> 	LOGGER="/usr/bin/logger -s -p user.notice -t NetworkManagerDispatcher"
> else
> 	LOGGER=echo
> fi
>
> getinterface() {
>   NAME=$1
>   ip link show | grep ": $NAME" | while read L; do
>     OIFS=$IFS
>     IFS=" :"
>     set $L
>     IFS=$OIFS
>     echo $2
>   done
> }
>
> NIC=$1
> OPERAND=$2
>
> ## chown the device for virtualbox
> chown root.vboxusers /dev/net/tun
> chmod g+rw /dev/net/tun
>
> # check if tap0 is already defined
> interface=$(getinterface tap0)
>
> ## if not defined, then create it using openvpn
> ## and give it an address
> if [ -z "$interface" ]; then
>     openvpn --mktun --dev tap0
>     #VBoxTunctl -t tap0 -u bpm
>     ip link set up dev tap0
>
>     ip addr add 192.168.89.1/24 dev tap0
>     ip route add 192.168.89.0/24 dev tap0
> fi
>
> ## make sure the active NIC is the one routing.
> case "$OPERAND" in
>     up)
>         echo 1 > /proc/sys/net/ipv4/ip_forward
>         iptables -t nat -F
>         iptables -t nat -A POSTROUTING -o $NIC -j MASQUERADE
>         ;;
>     down)
>         echo 0 > /proc/sys/net/ipv4/ip_forward
>         iptables -t nat -F
>         ;;
> esac

References:
- NATing with VirtaulBox and NetworkManager
  - From: Brian Millett

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]