[Question] forwarding traffic within internal adapters

Discussions about using Linux guests in VirtualBox.
Post Reply
Craig26
Posts: 2
Joined: 30. Jun 2022, 17:05

[Question] forwarding traffic within internal adapters

Post by Craig26 »

Hello everyone,
I would like make some chain: hostVBvm-->VM0(with 2 adapters: NAT, INTERNAL)-->VM1(with 2 INTERNAL adapters, one look on VM0(internal adapter of), second look on VMguest0(internal adapter of))-->VMguest0
So, it's look something like Qubes, but without XEN, so have idea realize high-level of security benefits but without excessive complexity(and bags) as well as in Qubes.
It's works okay if chain looks like: hostVBvm-->VM(with 2 adapters: NAT, INTERNAL)-->VMguest1
But, when I tried to use one more layer - I can't forward traffic, and my VMguest0 hadn't connection to internet.
I tried iptables, bridge, ip route, and finally all of his actions were unsuccessful.
P.S. On each layer (VM0, VM1) traffic encapsulate in some protocol(vpn, ssh etc)

Maybe someone encountered with this problem and could give me advise, or someone can explain me why it's not working. Spent already 2 days on google without any result.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: [Question] forwarding traffic within internal adapters

Post by scottgus1 »

Virtualbox's Internal networks are essentially basic Ethernet cables with an unmanaged Ethernet switch between. There is no special configuration. See Virtualbox Networks: In Pictures: Internal Network. Each Internal network layer between VMs needs its own unique name.

Confirm that you can ping over the Internal network between the VMs. Once each VM can ping the other VM on the Internal network, then all the setup in Virtualbox is complete. Then whatever else is necessary to set up is done in the VM's OS.

FWIW to pass network from one Internal network to another through a computer, the computer must have some form of router software on it. See your OS's help channels for how to route network traffic from one network adapter to another. Apply the solution to the VMs in the middle.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: [Question] forwarding traffic within internal adapters

Post by fth0 »

FWIW, when chaining or nesting VMs, you probably have to enable promiscuous mode in the network settings of your first VM.
Craig26
Posts: 2
Joined: 30. Jun 2022, 17:05

Re: [Question] forwarding traffic within internal adapters

Post by Craig26 »

I would like to get more concrete answers, (not just "learning more") thanks
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: [Question] forwarding traffic within internal adapters

Post by fth0 »

I thought that my statement was concrete already (you can ignore the word "probably" in it to make it even more concrete). ;)

Seriously, your post sounded like you already know what you're doing, and since even networking professionals (me included ;)) tend to miss the promiscuous mode that is key in such setups, I mentioned it. What information do you need?

BTW, do you know Whonix?
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: [Question] forwarding traffic within internal adapters

Post by scottgus1 »

Concrete answers will require concrete data. As fth0 asks, what further information do you seek?

Have you confirmed that you can ping between each pair of VMs over the network?
Post Reply