Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
virtualbox host networking with own guest-if [ SOLVED ]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Tue Nov 04, 2008 6:28 pm    Post subject: virtualbox host networking with own guest-if [ SOLVED ] Reply with quote

i'm having problems setting up virtualbox host networking.

i want to set up a guest that can be reached under its own ipaddress from the network (offer services etc.), eg the host has 1.1.1.1 (eth0) and the guest answers to 1.1.1.2 while the host can still use its original ip.

Quote:
http://www.gentoo-wiki.info/VirtualBox
did not help me much.
before i change all the configs i need to know what this does and how it works manually, because i'm testing right now and i'm not certain i'll keep it on that box permanently.

is it possible to use eth0:0 as the bridged interface for the guest?

so far i've tried the following (all commands worked):

Code:
tunctl -u ice -g vboxusers -t vbox0
brctl addbr br0
brctl addif br0 vbox0
brctl addif br0 eth0:0
ifconfig br0 <address>

(do i have to add more routes? does br0 not get an adress right now but is assigned one from the virtual machine???)

on the local host i could ping br0, but not from the network. after i used eth0 as part of the bridge the host was disconnected from the network. the virtual machine could not be started with the if vbox0.

what am i doing wrong or missing here?
(i've searched the web and everybody seems to have a different solution/idea about this)

THX FOR YOUR HELP!
_________________
DUMM KLICKT GUT.


Last edited by DawgG on Wed Nov 12, 2008 3:12 pm; edited 1 time in total
Back to top
View user's profile Send private message
nurachi
Tux's lil' helper
Tux's lil' helper


Joined: 16 May 2008
Posts: 92
Location: Paris

PostPosted: Wed Nov 05, 2008 5:58 am    Post subject: Re: (manual) virtualbox host networking - can't figure it ou Reply with quote

DawgG wrote:
is it possible to use eth0:0 as the bridged interface for the guest?
If eth0:0 is an alias, you'd better to assign it a macaddress or some protocols (and probably bridge) won't work as thernet bridges are macaddress level routing protocols.
DawgG wrote:
(do i have to add more routes? does br0 not get an adress right now but is assigned one from the virtual machine???)

Bridge interfaces are virtual interfaces that'll route your traffic from one interface to all of the others, so no route to add. Bridges are slow to start (around a minute). They start faster when they get some traffic inside as this helps to know how to route packets.
DawgG wrote:
Code:
ifconfig br0 <address>

You should add all the correct stuff to you br0 (netmask, ...) and replace <address> by an IP... This'll assign an address to your interface. It won't get one by itself. See man ifconfig.
DawgG wrote:

on the local host i could ping br0, but not from the network. after i used eth0 as part of the bridge the host was disconnected from the network. the virtual machine could not be started with the if vbox0.

what am i doing wrong or missing here?

And what is a the result of hping or nmap scan on a br0 open services? If your config is correct, it should work. A bridge in essence has no macaddress. ICMP (OSI level 3 protocol) seems strongly sensitive with macaddress assignement.
Each interface is reseted when added to the bridge.

Why not simply use eth0:0 as Virtual box interface ?

The user manual might help you (http://download.virtualbox.org/virtualbox/2.0.4/UserManual.pdf).
Back to top
View user's profile Send private message
MM Trigger
n00b
n00b


Joined: 18 Oct 2006
Posts: 54
Location: Florida

PostPosted: Wed Nov 05, 2008 7:15 am    Post subject: Reply with quote

I've been using bridged networking for some time now. First I have the following kernel options set:
Code:
CONFIG_BRIDGE=y
CONFIG_TUN=y
Then I configure the /etc/conf.d/net as follows:
Code:
config_eth0="null"
tuntap_vbox0="tap"
config_vbox0="null"
tunctl_vbox0="-u username"

config_br0="dhcp"
dhcp_br0="nontp nonis"
brctl_br0="stp on"

bridge_br0="eth0 vbox0"

depend_br0()
{
        need net.eth0
        need net.vbox0
}

brctl_br0="setfd 0"

Where username is to be filled in with the user to access the associated vbox0 TAP.

Make symlinks for net.vbox0 and net.br0 that point to net.lo in /etc/init.d/ (and add them to the default runlevel). Then after restarting, tell the VM to be attached to a host interface. You can use the MAC that is provided for you or via the Generate button. For the host interface settings, just put in the TAP name from the config (in my case, vbox0). You can even add more TAPs if you need more host-based interfaces.

I do however have trouble pulling an address from the DHCP router on my network, so I have to set the IP manually in the virtualized OS. Your results may vary.
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Thu Nov 06, 2008 3:20 pm    Post subject: br and tun work - vbox doesn't Reply with quote

i do it exactly the way described in the manual (and some other places), but it still does not work.
virtualbox always refuses to start with the error "hostif init failed"

i put in an extra nic for virtualbox to use (eth1); all the commands (in various sequences) execute without errors.


Code:
brctl addbr br0
ifconfig eth1 0.0.0.0 up
brctl addif br0 eth0
ifconfig br0 150.160.59.152  (i don't use dhcp)

VBoxTunctl -u ice -t vbox0 -g vboxusers
OR
tunctl -u ice -g vboxusers -t tap0

brctl addif br0 vbox0 OR tap0

ifconfig vbox0 OR tap0 up


after br0 gets its ip i can ping it from the same net; if i manually assign one to vbox0 or tap0 it answers to ping-reqs, too, so i think the bridge-stuff on the host basically works.

is the adress for the virtual if (vbox0 or tap0) assigned by the host system or by the guest system? eg if br0 gets 150.160.59.152 does the guest have to use the same one (not very likely) or does the guest system assign an adress to the virtual if (in my case eg 150.160.59.154)? the virtual if clearly works even if br0 does not have an ipaddress.

what's wrong here?
pls help
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
nurachi
Tux's lil' helper
Tux's lil' helper


Joined: 16 May 2008
Posts: 92
Location: Paris

PostPosted: Thu Nov 06, 2008 4:34 pm    Post subject: Reply with quote

I'll suggest you to:

- choose one of the two method, the Gentoo'one (from the manual), teh Virtual box one (fuly manual).
- you need to understand a few things about bridges (you duidn't set spanning tree protocol oprtions for example).
- provide a map of your networks and explain what works (ping, etc) from where to where, with the current settings you applied.
DawgG wrote:
i put in an extra nic for virtualbox to use (eth1); all the commands (in various sequences) execute without errors.
(...)
Code:
(...)
ifconfig eth1 0.0.0.0 up
(...)

eth1 is not used in your bridge.
DawgG wrote:
is the adress for the virtual if (vbox0 or tap0) assigned by the host system or by the guest system?

By the guest if you give it control over it (a.k.a. let it down).
Code:
eg if br0 gets 150.160.59.152 does the guest have to use the same one (not very likely) or does the guest system assign an adress to the virtual if (in my case eg 150.160.59.154)?
Your interfaces have to be on the same network to reach each other, nothing more.
Code:
the virtual if clearly works even if br0 does not have an ipaddress.
Yes, in that case, it is a transparent bridge.

Do you need a bridge if you want your box to be accessible from the Inernet? I don't think so.
Back to top
View user's profile Send private message
MM Trigger
n00b
n00b


Joined: 18 Oct 2006
Posts: 54
Location: Florida

PostPosted: Thu Nov 06, 2008 6:10 pm    Post subject: Reply with quote

IMHO, I would stay away from the method described in the VirtualBox manual. It was easier to use the Gentoo method, plus you don't have to enter commands on the terminal. From the guide:
Quote:
Set "Interface name" to "vbox0" (Don't forget this or you'll get a VERR_HOSTIF_INIT_FAILED)

I think you're setting the name incorrectly in the GUI. In my own setup, I have 3 interfaces. The bridge (br0) recieves an IP using DHCP from the router. The real interface (eth0) and the TAP (vbox0) are the two interfaces bridges together in the bridge (br0). You need the VM to point to the new TAP interface (in my case vbox0) you created.

Your setup appears okay, though I don't know why you're initializing eth1 (it isn't being used at all here). Do not assign tap0/vbox0 an IP from the host side. Do that in the virtual machine, and use a different IP from that which the host uses.

I seriously recommend ditching the method that uses VBoxTunctl or tunctl from the terminal. Let the init scripts from the Gentoo method handle the bridge and TAP creation, and point the VM using the Virtualbox GUI to the correct TAP that you configure in the init script (/etc/init.d/net.lo).
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Fri Nov 07, 2008 2:42 pm    Post subject: Reply with quote

i've spent some time on all this and tried a lot of different things in different order - too bad it still doesn't work.

Quote:
eth1 is not used in your bridge.

sorry- typo. i tried it with eth0 and eth1 - no go.

Quote:
By the guest if you give it control over it (a.k.a. let it down).

ok first i did
Code:
chmod 0660 /dev/net/tun
chown ice:vboxusers /dev/net/tun

and i tried with and without setting vbox0/tap0 to up with ifconfig before starting the vm -
no go. (yes, i did put the right ifname into the vbox-gui :wink: )

Quote:
you didn't set spanning tree protocol oprtions

i set stp on and off - no go. also, afaik stp is only used between routers/switches like some kind of ospf on ethernet and it shouldn't make the if completely inaccessible for the vm.

Quote:
provide a map of your networks and explain what works (ping, etc) from where to where, with the current settings you applied

i want the box (guest & host) to be part of network 150.160.59.0/24; when i stated that "ping works" i was referring to icmp-echo-reqs from a different box in the same net and segment.
the host has 150.160.59.158 on eth0; and i'd like the guest to be accessible under 150.160.59.152 on eth1 to offer some services.

very basic setup - isn't it?

i don't think it makes a difference if i execute the commands "by hand" or put them in some kind of script - both should work.

thx for your help!
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
gimpel
Advocate
Advocate


Joined: 15 Oct 2004
Posts: 2720
Location: Munich, Bavaria

PostPosted: Fri Nov 07, 2008 3:16 pm    Post subject: Reply with quote

I also use "the Gentoo method" as described by MM Trigger, and it works just fine. Couldn't be easier.
_________________
http://proaudio.tuxfamily.org/wiki - pro-audio software overlay
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Mon Nov 10, 2008 3:40 pm    Post subject: Reply with quote

Quote:
I also use "the Gentoo method" as described by MM Trigger,

i have already done this with the results posted above. (and i still don't see why commands should work differently when exectued from a script :wink: )

pls, all that have this configuration (hostif networking) working, could you post the output of:
Code:
ifconfig -a
ls -al /dev/net/tun
route
brctl show


before virtualbox is started and when it's started and the vm is connected to the host's interface.
THX A LOT!
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
gimpel
Advocate
Advocate


Joined: 15 Oct 2004
Posts: 2720
Location: Munich, Bavaria

PostPosted: Mon Nov 10, 2008 5:26 pm    Post subject: Reply with quote

The manual commands look not completely correct, as your physical interface should go into promisc mode, so
Code:
tunctl -t vbox0 -u tkuther
brctl addbr br0
ifconfig eth0 0.0.0.0 promisc
brctl addif br0 eth0
dhclient br0 &
brctl addif br0 vbox0
ifconfig vbox0 up

.. is what I use at work (no Gentoo-easyness there)

On the Gentoo maschine:
Code:
br0       Protokoll:Ethernet  Hardware Adresse 00:1a:4d:83:07:f0         
          inet Adresse:192.168.1.2  Bcast:192.168.1.255  Maske:255.255.255.0
          inet6 Adresse: 2001:a60:f05c:0:21a:4dff:fe83:7f0/64 Gültigkeitsbereich:Global
          inet6 Adresse: fe80::21a:4dff:fe83:7f0/64 Gültigkeitsbereich:Verbindung     
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                           
...       

eth0      Protokoll:Ethernet  Hardware Adresse 00:1a:4d:83:07:f0 
          inet6 Adresse: 2001:a60:f05c:0:21a:4dff:fe83:7f0/64 Gültigkeitsbereich:Global
          inet6 Adresse: fe80::21a:4dff:fe83:7f0/64 Gültigkeitsbereich:Verbindung     
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1                   
...

vbox0     Protokoll:Ethernet  Hardware Adresse 00:ff:2e:7f:e5:71
          inet6 Adresse: fe80::2ff:2eff:fe7f:e571/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
...


/etc/conf.d/net
Code:
config_eth0=( "null" )
tuntap_vbox0="tap"
config_vbox0=( "null")
tunctl_vbox0="-u tom"
config_br0=( "192.168.1.2 netmask 255.255.255" )
routes_br0=( "default via 192.168.1.1" )
bridge_br0="eth0 vbox0"
depend_br0()
{
        need net.eth0
        need net.vbox0
}

brctl_br0=( "setfd 0")


/etc/vbox/interfaces
Code:
vbox0 tom

_________________
http://proaudio.tuxfamily.org/wiki - pro-audio software overlay
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Tue Nov 11, 2008 6:16 pm    Post subject: Reply with quote

do the manual commands actually work? dmesg always told me about br0 going promisc, but i'll try this tomorrow (box just shut down :( )
Quote:
is what I use at work (no Gentoo-easyness there)

i'm not out for easyness - i'm out for working systems :wink:

do you set tap0 (or vbox0) up with ifconfig before starting vbox?
if i don't create tap0/vbox0 with VBoxTunctl vbox refuses to start with the notorious HOSTIF_ERROR.

thx in advance for your help!
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Wed Nov 12, 2008 3:10 pm    Post subject: solved Reply with quote

THANK YOU SO MUCH, GIMPEL! _YOU_ MADE IT WORK!!! :D

it was setting all ifs in the bridge and the brigde itself to 0.0.0.0 promisc which finally made things work; both with eth0 (host&guest) and eth1 (guest-only if)
i'll summarize what i have done in case somebody else runs into these problems, too.

give right perms to tap-device; either per udev or manually (i've done both just to make sure)
Code:

chmod 0666 /dev/net/tun
chown <your user>:vboxusers /dev/net/tun


create tap0 (or vbox0, ...); i HAD to use VBoxTunctl because with "normal" tunctl (from usermode-utilities-20070815) vbox would refuse to start the vm with the notorious HOSTIF_ERR:
Code:
VBoxTunctl -u ice -t tap0


prepare ifs; if you use your host's if you will get temporarily disconnected until br0 comes up and routing is reconfigured (i use eth1 so the guest has "its own" if):
Code:
ifconfig eth0 0.0.0.0 promisc
ifconfig tap0 0.0.0.0 promisc


create bridge with ifs:
Code:
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap0
brctl setfd br0 0
brctl stp br0 on

ifconfig br0 <adress of former eth0> promisc


it's important that the interface that is assigned in the virtualbox-gui has NOT the same mac as on of the real or virtual ifs on the host (press "generate" in the vbox-gui).

this is what works for me - i'd still like to know why "normal" tunctl cannot be used.

if anyone has success or failures with these commands please let me know.
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
widremann
Veteran
Veteran


Joined: 14 Mar 2005
Posts: 1314

PostPosted: Mon Nov 17, 2008 4:17 am    Post subject: Reply with quote

None of this worked for me. Windows (the guest) always fails to get an IP address.
Back to top
View user's profile Send private message
widremann
Veteran
Veteran


Joined: 14 Mar 2005
Posts: 1314

PostPosted: Mon Nov 17, 2008 4:03 pm    Post subject: Reply with quote

widremann wrote:
None of this worked for me. Windows (the guest) always fails to get an IP address.

Sort of nevermind. It works with eth0 (wired), just not eth1 (wireless). I dont have MAC filtering enabled, but nevertheless, it still fails to work. Guess I'll just have to stick with wired.
Back to top
View user's profile Send private message
DawgG
l33t
l33t


Joined: 17 Sep 2003
Posts: 866

PostPosted: Tue Nov 18, 2008 2:47 pm    Post subject: Reply with quote

sorry for not answering - i'm on vacation right now.

are you certain vbox supports wireless networking? some versions don't.
right now i can't look into the wirelss stuff. (insecure and slow anyway :wink: )
GOOD LUCK!
_________________
DUMM KLICKT GUT.
Back to top
View user's profile Send private message
MasterC
Apprentice
Apprentice


Joined: 25 May 2003
Posts: 150
Location: Woods Cross, UT

PostPosted: Tue Dec 09, 2008 10:26 pm    Post subject: Reply with quote

So I got this far and my virtualbox is working correctly, woohoo! However, now I can't ssh into my Gentoo box anymore, any suggestions? It seems that the bridge "device" clones the MAC of my eth0 and gets the IP from the DHCP server. So now how to do actually access my Gentoo box?

Thanks!

-Chad
Back to top
View user's profile Send private message
deno
Guru
Guru


Joined: 13 Sep 2006
Posts: 411

PostPosted: Wed Dec 10, 2008 1:29 am    Post subject: Reply with quote

Configure iptables. I have used this :
Code:
#!/bin/sh -e
##################
#iptables conf####
#################
# flush all chains
iptables -F
# set the default policy for each of the pre-defined chains
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# allow all outgoing traffic
iptables -A OUTPUT -j ACCEPT

# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# accept everything on local network
iptables -A INPUT -s 192.168.2.0/24 -i eth0 -p udp -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -i eth0 -p tcp -m tcp --syn -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -i br0 -p udp -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -i br0 -p tcp -m tcp --syn -j ACCEPT
######################bilo komentarisano
#iptables -A INPUT -s 192.168.2.0/24 -i vbox0 -p udp -j ACCEPT
#iptables -A INPUT -s 192.168.2.0/24 -i vbox0 -p tcp -m tcp --syn -j ACCEPT

#Allow incoming web traffic on port 80 - apache
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# accept anything on localhost
iptables -A INPUT -i lo -j ACCEPT

#allow ping
iptables -A INPUT -s 192.168.2.0/24 -p icmp -j ACCEPT

#ntp
#iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 123

# accept forwards to my virtual machine
iptables -A FORWARD -i br0 -j ACCEPT

#Azureus
#iptables -I INPUT 1 -i br0 -p tcp --tcp-flags SYN,RST,ACK SYN --dport 65001 -m state --state NEW -j ACCEPT
#iptables -I INPUT 1 -i br0 -p udp --dport 65001 -m state --state NEW -j ACCEPT


exit 0


script. found it somewhere in ubuntu forums. It worked for me, but as you see I used it on my desktop mashine and on local network. For server one would probably want something different.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum