virtualbox.org

g'day...

I have a feeling that VirtualBox will not do this but I want to be sure.

I have three nic cards installed in the desktop. The host OS is Debian Lenny. I want to run three VM's (2 windows 2003 servers as domain controllers, 1 debian firewall/router).

I want to connect the two windows servers to two different nic cards, assign them their own IP's in the 10.0.11.x/24 network. The debian system will connect on the green side to one of these same to nic cards, but the red side has to be on the third network card.

Reason for this strange setup is to force students to actually do some cable plugging and unplugging in a switch and patch panel, while also giving them the best feel of working on three different machings...

Can this be done??

Thanks in advance...

Mark

I can't think of any way to do that with the vm servers in the same network and the same IP subnet. If they are connected to different physical NICs in the host, they are in different networks.

You could probably do it by putting the servers in different IP subnets. Can the firewall/router software handle two private (green) networks? You could bridge the red interface to one physical NIC and one green interface to each of NIC 2 or 3.

Even though the servers are in different subnets they could see each other through the firewall/router, as they are both on the green side.
They would both use the firewall as default gateway.

hmm...so let me try to get my head around this...

servers
DC1 10.0.11.1/24 (pri domain controller)
DC1 10.0.11.2/24 (sec domain controller)
Debian 10.0.11.3/24 (green) 172.104.xxx.xxx (red)

Nics on Debian host

eth0 192.168.1.150/24
eth1 192.168.1.151/24
eth2 192.168.1.152/24

Now, if I were to set the VM adapters (in the virtualbox settings screen) to bridged connections, I would have thought that the nics would pass the info to any switches on the real network. Meaning, if i used eth0 on DC1 and eth1 on DC2, while they can't talk to each other in the VM world, they should be able to talk via a real world switch connected to the real NIC cards.....

i would use eth2 as the green on the VM debian firewall, and connect the red to eth0, thus, in my mind, isolating everything pretty much, so that physical connections would have to be made to get everything talking...

So, i am wrong in this assumption????.....

Thanks

No, you can't do that. If you create a bridged network, the vms connected to that network look just like additional machines on the physical network (from a networking point of view). So a vm connected to the physical LAN would have to be in the same IP subnet as the IP address of that NIC on the host.

So if you bridge one NIC to a virtual network you would connect the red side of your firewall to that. This is the only connection to your LAN, and it would have a 192.168.1.x/24 IP address and the same gateway as your LAN machines.

If you are running a firewall/router, the machines on the green side must be in a different network and a different IP subnet from the red side.

Here is how I would set up the demo. I would create a bridge to all three NICs of the host. I would configure the firewall to regard NIC3 as the public (red) side and NICs 1 & 2 as private. I would put one DC in each private network and configure DHCP on both.

A physical machine connected to NIC 1 will get its network config from DHCP on the DC in that network and be in greenzone 1, connecting to the Internet through the firewall. A machine connected to physical NIC2 of the host will get its config from the other DC in greenzone 2.

AFAIK, If you set VM DC1 to use a VirtualBox network card Bridged to eth0, and set the a static IP (10.0.11.1/24) in the VM, then eth0 on the host will be listening on 192.168.1.150/24 (for the host) AND on 10.0.11.1/24 (for the guest DC1).
Whether another real PC on the actual network can connect to 10.0.11.1/24 listening on eth0 is another matter, subnets and all that.

Likewise VM DC2 can use a VirtualBox bridged connection to eth1 which will have IPs 192.168.1.151/24 (host) and 10.0.11.2/24 (DC2) on the host's eth1.
Debian VM3 could have have 192.168.1.152/24 (host), 10.0.11.3/24 (VM eth0?) and 172.104.xxx.xxx (VM eth1?) all on host eth2.

You might also investigate : VDE (Virtual Distributed Ethernet) networking.
(One paragraph in the manual: http://www.virtualbox.org/manual/ch06.html ... refers you to the VDE website.)
That might simplify things a lot (or not).

To put it simple: what you want to do is possible. DC1 will be hooked to eth0, DC2 will be hooked to eth1 and the firewall will have two virtual interfaces, one hooked to eth0 and the other to eth2. DC1 and the firewall will then be able to connect to each other if they have the same IP range. DC2 will not be able to connect to either machine, unless you physically connect the two together, either through a switch or by adding another virtual interface set to Internal.
Having two or more IP subnets will not be a problem at all in this whole set up.

Keep in mind that the clients of these VMs need to use static addresses when they want to connect to the firewall. The Domain Controllers probably want to run a DHCP server, but you can disable that.