virtualbox.org

[Craig26]

Hello everyone,
I would like make some chain: hostVBvm-->VM0(with 2 adapters: NAT, INTERNAL)-->VM1(with 2 INTERNAL adapters, one look on VM0(internal adapter of), second look on VMguest0(internal adapter of))-->VMguest0
So, it's look something like Qubes, but without XEN, so have idea realize high-level of security benefits but without excessive complexity(and bags) as well as in Qubes.
It's works okay if chain looks like: hostVBvm-->VM(with 2 adapters: NAT, INTERNAL)-->VMguest1
But, when I tried to use one more layer - I can't forward traffic, and my VMguest0 hadn't connection to internet.
I tried iptables, bridge, ip route, and finally all of his actions were unsuccessful.
P.S. On each layer (VM0, VM1) traffic encapsulate in some protocol(vpn, ssh etc)

Maybe someone encountered with this problem and could give me advise, or someone can explain me why it's not working. Spent already 2 days on google without any result.

[scottgus1]

Virtualbox's Internal networks are essentially basic Ethernet cables with an unmanaged Ethernet switch between. There is no special configuration. See Virtualbox Networks: In Pictures: Internal Network. Each Internal network layer between VMs needs its own unique name.

Confirm that you can ping over the Internal network between the VMs. Once each VM can ping the other VM on the Internal network, then all the setup in Virtualbox is complete. Then whatever else is necessary to set up is done in the VM's OS.

FWIW to pass network from one Internal network to another through a computer, the computer must have some form of router software on it. See your OS's help channels for how to route network traffic from one network adapter to another. Apply the solution to the VMs in the middle.

[fth0]

FWIW, when chaining or nesting VMs, you probably have to enable promiscuous mode in the network settings of your first VM.

[Craig26]

I would like to get more concrete answers, (not just "learning more") thanks

[fth0]

I thought that my statement was concrete already (you can ignore the word "probably" in it to make it even more concrete).

Seriously, your post sounded like you already know what you're doing, and since even networking professionals (me included ) tend to miss the promiscuous mode that is key in such setups, I mentioned it. What information do you need?

BTW, do you know Whonix?

[scottgus1]

Concrete answers will require concrete data. As fth0 asks, what further information do you seek?

Have you confirmed that you can ping between each pair of VMs over the network?