Dedicated NIC for Hosts

Discussions related to using VirtualBox on Linux hosts.

Dedicated NIC for Hosts

Postby vb123007 » 21. Feb 2013, 15:35

Hi All,

I'm running VirtualBox 4.2.4 on Debian and i want to dedicate a second NIC to the guest VMs to run firewall simulations. I'm planning to use ipcop to control the traffic between the 2 NICs. I tried adding a second NIC on a Windows host and i was able to go to the NIC properties (on the HOST OS) and clear all the check boxes in the Network features except the "VirtualBox Bridged Networking Driver". I started a ping between 2 VM guests and run wireshark on the host, sure enough i see no ICMP traffic on the sniffer trace.

I tried the same scenario on the Debian host and i can't seem to find a way to "disable" the features on the second NIC. I add the following in the /etc/network/interfaces:

auto eth1
iface eth1 inet up
up ifconfig eth1 up

I start a ping between the 2 VM guests and i run tcpdump on the host. This time the host sees ICMP and any other traffic initiated on the guests.

What am i doing wrong? Is there another way i should configure the NIC?

TIA
vb123007
 
Posts: 6
Joined: 21. Feb 2013, 15:13

Re: Dedicated NIC for Hosts

Postby noteirak » 21. Feb 2013, 15:55

Could you give a bit more information on how things are mapped? What networknig mode are you using, how did you connect things, which NIC, etc.
Right now, nothing is clear except it doesn't work like you want it to.
HyperBox - Open-source Entreprise Virtualization Manager - http://hyperbox.altherian.org
Manage your VirtualBox infrastructure the free way!
noteirak
Site Moderator
 
Posts: 3349
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7

Re: Dedicated NIC for Hosts

Postby vb123007 » 21. Feb 2013, 16:22

Sorry for not being clear. Let me try and describe the setup.

The Debian host has 2 NICs.

---> eth0 connected to the LAN0 via switch0 (this would be the un-trusted side in the simulation). Eth0 is configure for DHCP. LAN0 is also connected to the Internet via router that provides DHCP for LAN0.

---> eth1 connected to LAN1 via switch1(the trusted network in the simulation). Eth1 is configure to come up without an IP address with the configuration:
auto eth1
iface eth1 inet up
up ifconfig eth1 up

---> VM guest ipcop1 is configured with 2 bridged NICs, one in each LAN. It's eth0 is configure via DHCP and its eth1 is configured to static and provide DHCP to LAN1.

---> test laptop connected on switch1 and receive IP from ipcop.

What i'm trying to do is allow the test laptop to connect to the internet via the ipcop VM host. So the question is, how do i configure eth1 on the Debian host to allow the frames to go through without seeing any of the IP traffic? Right now i can ping the ipcop vm from the test laptop but i can't connect to it via ssh or ssl. Also, running tcpdump on the Debian host sees the ICMP traffic from test laptop to ipcop.

Does that help?
vb123007
 
Posts: 6
Joined: 21. Feb 2013, 15:13

Re: Dedicated NIC for Hosts

Postby noteirak » 21. Feb 2013, 16:54

Yes, basically Virtualbox is working fine, since you can ping.
As for your host seeing the traffic, not sure how you prevent that on a Linux box.

Do you actually see the SSH packets going through from the laptop to the ipcop, even unreplied?
HyperBox - Open-source Entreprise Virtualization Manager - http://hyperbox.altherian.org
Manage your VirtualBox infrastructure the free way!
noteirak
Site Moderator
 
Posts: 3349
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7

Re: Dedicated NIC for Hosts

Postby vb123007 » 21. Feb 2013, 17:04

The only thing that works is ping. I can't seem to connect to the ipcop VM via ssh. Also the test laptop can't connect anywhere outside LAN1

The same exact setup works fine is i have VirtualBox running on a Windows host and disable all the protocols on the NIC. Which brings me to the question, is there a way to unbind protocols from a NIC in LINUX similar to the way it can be done in windows by clearing all the check boxes in the Network features except the "VirtualBox Bridged Networking Driver".
vb123007
 
Posts: 6
Joined: 21. Feb 2013, 15:13

Re: Dedicated NIC for Hosts

Postby noteirak » 21. Feb 2013, 17:10

Do you see the SSH packets in tcpdump arriving on the ipcop and on the host?
HyperBox - Open-source Entreprise Virtualization Manager - http://hyperbox.altherian.org
Manage your VirtualBox infrastructure the free way!
noteirak
Site Moderator
 
Posts: 3349
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7

Re: Dedicated NIC for Hosts

Postby Martin » 21. Feb 2013, 17:12

You could try to find out if there is a software firewall (iptables?) on your Debian host and if it can be disabled.
I've seen network packages on bridge adapters being blocked by the firewall on Linux.
Martin
Volunteer
 
Posts: 806
Joined: 30. May 2007, 18:05
Primary OS: Fedora 18
VBox Version: PUEL
Guest OSses: XP, Win7, Linux, OS/2

Re: Dedicated NIC for Hosts

Postby vb123007 » 21. Feb 2013, 17:20

Let me verify that i see SSH packets on both ipcop and host and i'll get back to you. I'll also check and verify that iptables is disabled on the Debian host.
vb123007
 
Posts: 6
Joined: 21. Feb 2013, 15:13

Re: Dedicated NIC for Hosts

Postby vb123007 » 23. Feb 2013, 19:13

Hi All, I verified that ipchains on the host is disabled (all chains are set to forward). Also i seed all packets arriving at the ipcop vm and ai also see replies. If i wait long enough at the test laptop (about 60 seconds) i'm able to connect (ssh and https). I can also browse the internet if i wait the same amount every time i type in a url. The odd part again is that i see all the traffic on the VirtualBox host and the ipcop guest. Does anyone know how to set the dedicated NIC on the hist in trunk mode? Or any other mode that the host OS will ignore it?
vb123007
 
Posts: 6
Joined: 21. Feb 2013, 15:13

Re: Dedicated NIC for Hosts

Postby vb123007 » 25. Feb 2013, 15:54

Hi all, after troubleshooting and researching for the last couple of days, i came across an bug report regarding the D-Link DGE-530T NIC that i was using. It appears that after the interface comes up, it works for a minute or two and then it stops. I replace the NIC with an older Intel PRO and everything is working as it should.
vb123007
 
Posts: 6
Joined: 21. Feb 2013, 15:13

Re: Dedicated NIC for Hosts

Postby noteirak » 25. Feb 2013, 17:16

Glad to hear you solved it, and thank you for posting back your findings!
HyperBox - Open-source Entreprise Virtualization Manager - http://hyperbox.altherian.org
Manage your VirtualBox infrastructure the free way!
noteirak
Site Moderator
 
Posts: 3349
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7

Re: Dedicated NIC for Hosts

Postby afgcons » 27. Feb 2013, 01:38

Until a week ago my HO server was ubuntu 8.04 using eth0 (100MB) for its own use (backups, SAMBA). VMware Server 1.0.7 used eth1 (1GB) for all guests. All real and virtual machines are talking to 192.168.2.1 Why 2 NICs? Firstly I always had 2 NICs and secondly, after dedicating eth1all timeout problems went away because eth1 is the only active 1gigabit port user on my Netgear switch. The server's eth0, the router, the printers, NAS, etc are all using 100M ports.

How do I do the exact same as vnet0 did, funneling all vbox guest traffic through eth1? Simply selecting 'Bridge' and 'eth1' works well until I power up more guests.
Host: Dell 530 Quad 2.4Ghz 8GB
SATA, eSATA RAID 1, Flash-SSD, IRAM-SSD,
eth0: 100M, eth1: 1G
VirtualBox 4.2.10
afgcons
 
Posts: 8
Joined: 27. Feb 2013, 00:30

Re: Dedicated NIC for Hosts

Postby noteirak » 27. Feb 2013, 02:05

afgcons wrote:Until a week ago my HO server was ubuntu 8.04 using eth0 (100MB) for its own use (backups, SAMBA). VMware Server 1.0.7 used eth1 (1GB) for all guests. All real and virtual machines are talking to 192.168.2.1 Why 2 NICs? Firstly I always had 2 NICs and secondly, after dedicating eth1all timeout problems went away because eth1 is the only active 1gigabit port user on my Netgear switch. The server's eth0, the router, the printers, NAS, etc are all using 100M ports.

How do I do the exact same as vnet0 did, funneling all vbox guest traffic through eth1? Simply selecting 'Bridge' and 'eth1' works well until I power up more guests.


Your question is not related to the OP. Please start a new topic for new questions and do not hijack other's people thread.
HyperBox - Open-source Entreprise Virtualization Manager - http://hyperbox.altherian.org
Manage your VirtualBox infrastructure the free way!
noteirak
Site Moderator
 
Posts: 3349
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7


Return to VirtualBox on Linux Hosts

Who is online

Users browsing this forum: No registered users and 24 guests