How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Discussions related to using VirtualBox on Linux hosts.
Post Reply
Del-on-virtbox
Posts: 3
Joined: 6. Sep 2021, 23:32

How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by Del-on-virtbox »

I want to be able to build a network with two routers. There should be an edge router, with access to the internet, and a second internal router that is connected to the edge router, but then also can connect to a number of other virtual machines. All of connections to the internal router should be done using internal networks. Ideally, all of the VMs on the internal network should be able to access the broader internet through the edge router. What I've built is this:

Edge Router (OpenWRT):
Adapter 1, Host-only
Adapter 2, Bridged
Adapter 3, Internal Network named routerNet0

Internal Router (OpenWRT):
Adapter 1, Internal Network named routerNet0
Adapter 2, Internal Network named routerNet1
Adapter 3, Internal Network named routerNet2

PC1 (Ubuntu Server 20.04):
Adapter 1, Internal Network named routerNet1

PC2 (Ubuntu Server 20.04):
Adapter 1, Internal Network named routerNet2

No VM is able to ping any other VM in this set up, and after reading the documentation from VirtualBox I can't discern why that might be. I know that I can make this work if I enable a host-only adapter for every VM, but I do not want to do that, because when I do use a host only adapter all communication between PC1 and PC2 skips over the internal router and instead uses the edge router. I'm trying to force PC1 and PC2 to communicate exclusively through the internal router.

Is what I'm trying to achieve even possible with VirtualBox?
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by scottgus1 »

Take a look at Virtualbox Networks: In Pictures, especially "Sandbox"

At the bottom of 'Sandbox' is described a double-NAT-Router setup using two router OS's, shown using two pfSenses.

In your case, the Edge Router can be Bridged on the WAN side, Internal routerNet0 on the LAN side. Internal routerNet0 goes to Internal Router's WAN. Internal Router's LAN holds Internal routerNet1 and 2 to each 'PC' VM. You'll have to 'bridge' (*) the Internal Router's two LAN ports inside the OpenWRT OS so Internal routerNet1 and 2 are on the same LAN, then PC 1 and 2 can ping each other. (* this 'bridge' is not Virtualbox's Bridged, it's something inside the OpenWRT to make the two LAN ports act like they're a network switch.) Alternatively, if it is not important to your project to make the Internal routerNet1 and 2 networks behave as 'bridge'-connected networks, only use Internal routerNet1 for both PCs and Internal Router's LAN port. Virtualbox Internal networks have a built-in unmanaged switch for more than two connected VMs.
fth0
Volunteer
Posts: 5661
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by fth0 »

Del-on-virtbox wrote:Is what I'm trying to achieve even possible with VirtualBox?
In theory, this should work.

I'd start with checking routerNet1 and the connection between PC1 and the Internal Router (IP address assignments and routing tables). Have you configured DHCP servers for routerNet[0|1|2] or do you use static IP addresses?
Del-on-virtbox
Posts: 3
Joined: 6. Sep 2021, 23:32

Re: How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by Del-on-virtbox »

Right. Sit-rep.

I've spent the last day fiddling, and I've managed to get two routers set up. Both routers are now pfSense machines. Edge router is running a Bridged adapter and an internal network to intnet0 with a static ip on both interfaces, and the Internal router currently only has the single interface attached to intNet0, also with a static IP.

The internal router is able to ping 8.8.8.8 and the IP for the edge router.

The edge router is able to ping 8.8.8.8, but not able to ping the IP for the internal router. Why?

@scottgus1, thank you for recommending VB in pictures; that is a dummy-proof depiction of the different networking modes. I admit I don't really understand your recommendation to Bridge the LAN side of the internal router. In my naivete, it seems to me that this would effectively provide two WAN gateways (but I'm a networking novice, so I'm completely willing to admit that my intuition about that is wrong).

@fth0, I'm embarassed to admit this, but a huge part of my troubles stemmed from my misconception that VB would handle addressing completely internally.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by scottgus1 »

Glad the Pictures tutorial worked for you! :D
Del-on-virtbox wrote:Bridge the LAN side of the internal router.
Actually, that's
scottgus1 wrote:'bridge' (*) the Internal Router's two LAN ports ... (* this 'bridge' is not Virtualbox's Bridged
:lol: This 'bridge' on those LAN ports would be something done inside the VM's router OS so those separate Virtualbox Internal networks could communicate with each other. Different Virtualbox Internal networks can never connect together unless they are connected inside a VM by using the VM's OS 'bridging' function to connect the two network cards that the Internal networks are connected to. This 'bridging' done in the VM's OS is not done through any Virtualbox function, it's commands nd configuration done in the VM's OS. The final effect of this 'bridge' is to make the two network cards for the Internal networks act as if they were a network switch, same as on the back of a real router with multiple LAN ports. You'd have to web-search how to do this in the VM's OS.

Or just use one Internal network between the Internal Router and the two PC VMs. No 'bridging' needed; the one Virtualbox Internal network will provide the network switch.
Del-on-virtbox wrote:not able to ping the IP for the internal router. Why?
If "IP for the internal router" is referring to the LAN side of the internal router where the two Virtualbox Internals and last VMs are connected, this is normal for a router. Routers try to keep the LAN side private so unsolicited traffic on the WAN side (like ping) cannot get through. Same thing is done in your house's router. You can get out, but the internet cannot get in. The only way for WAN-side traffic to get in is for you to either request it using a browser or a remote client or some such service, or to open a port in the router, so traffic on that port can get into the LAN. However, there is no port that can be opened for ping. So a ping starting on the WAN side to the LAN side can never succeed.

If your LAN-side PC VMs can ping the edge router's LAN port IP addresses, that will show if the network to the edge router is complete. If the VMs can ping 8.8.8.8 then the whole network chain is working.
Del-on-virtbox
Posts: 3
Joined: 6. Sep 2021, 23:32

Re: How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by Del-on-virtbox »

This 'bridging' done in the VM's OS is not done through any Virtualbox function
This jibes with what my limited experience has shown me. I originally figured -incorrectly- that VirtualBox took care of way more configuration than happens to be the case.

In hindsight I don't really know why I thought this; the VM is a fully functional machine that still needs care and feeding to work properly. It's not like I would drop a working laptop that has an unconfigured NIC within range of a wireless router and then ask why Google won't load. :roll:

Unrelated to VB, but for the sake of any unfortunate soul who has wandered so far down the rabbit hole as to find this lowly thread:
The edge router is able to ping 8.8.8.8, but not able to ping the IP for the internal router. Why?
The answer to this question is that pfSense's firewall is highly restrictive by default. Outbound traffic is generally permitted, but inbound traffic is blocked. I found this out because the webconfigurator stopped working after first login, and discovered that I needed to add a pass rule to allow later access. You could use easyrule in the console but pfSense is intended to be managed through the webGUI, so you should set up the pass rule on first login. As it turns out, if I didn't immediately bridge the LAN interfaces between the edge router and the internal router, then I at least needed to add rules to both firewalls to permit traffic.
Last edited by Del-on-virtbox on 8. Sep 2021, 14:53, edited 1 time in total.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How do you get internal networks working on virtualbox without using NAT or host-only adapters?

Post by scottgus1 »

Del-on-virtbox wrote:It's not like I would drop a working laptop that has an unconfigured NIC within range of a wireless router and then ask why Google won't load.
Preach it, brother! :lol:
Post Reply