Linux VM as a default gateway

[hack3rcon]

Hello,
I want to use a Linux VM as a default gateway, so that two virtual machines communicate with each other through Linux VM:

Code: Select all

Windows VM-1 ---> Linux Box ---> Windows VM-2

What kind of network is suitable for these virtual machines?

Thank you.

[scottgus1]

Please see Virtualbox Networks: In Pictures: "Sandbox". Use Linux as the middle routing OS instead of pfSense.

[hack3rcon]

Please see Virtualbox Networks: In Pictures: "Sandbox". Use Linux as the middle routing OS instead of pfSense.

Hello,
Thank you so much for your reply.
I have two questions:

1- Should the network card of all three virtual machines be of Internal Network type?

2- Do the network cards of Windows VM-1 and Windows VM-2 machines have IP?

[scottgus1]

1. In your case, between Windows VM-1 and Linux Box would be one Internal network, and between Linux Box and Windows VM-2 there would be a different Internal network. Each Internal network needs a different name.

VM1 - InternalA - Linux Box - InternalB - VM2

Each uniquely-named Internal network is a separate network.

2. You could have each Windows VM with a static IP address if you wish. The Linux VM need a router service running, and each side of the router needs to be compatible with the IP address settings you choose for each VM. You could also have the Linux VM provide DHCP for either or both sides of the router, or have each or both Internal networks provide DHCP.

[hack3rcon]

1. In your case, between Windows VM-1 and Linux Box would be one Internal network, and between Linux Box and Windows VM-2 there would be a different Internal network. Each Internal network needs a different name.

VM1 - InternalA - Linux Box - InternalB - VM2

Each uniquely-named Internal network is a separate network.

2. You could have each Windows VM with a static IP address if you wish. The Linux VM need a router service running, and each side of the router needs to be compatible with the IP address settings you choose for each VM. You could also have the Linux VM provide DHCP for either or both sides of the router, or have each or both Internal networks provide DHCP.

Hello,
Thanks again.
So, my Linux VM must have three NICs. One for Windows VM-1, one for Windows VM-2 and one to manage itself. I want to assign the NIC named CLIENT to Windows VM-1, the NIC named SERVER to Windows VM-2 and the NIC named NAT to manage my Linux Box.

Code: Select all

# ifconfig
CLIENT: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::a00:27ff:fee5:267c  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:e5:26:7c  txqueuelen 1000  (Ethernet)
        RX packets 116  bytes 16859 (16.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 4768 (4.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

NAT: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:fe7b:8f51  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:7b:8f:51  txqueuelen 1000  (Ethernet)
        RX packets 531  bytes 114732 (112.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 481  bytes 120876 (118.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

SERVER: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::a00:27ff:febc:c5a7  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:bc:c5:a7  txqueuelen 1000  (Ethernet)
        RX packets 114  bytes 16175 (15.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 5452 (5.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The NICs with CLIENT and SERVER names are Internal Network type. These network cards have no IP address.
For each of the Windows virtual machines, I created a NIC of the Internal Network type and I manually assigned an IP address to each one:

NIC.PNG (16.58 KiB) Viewed 5876 times

The IP address 192.168.1.1 for Windows VM-1 and 192.168.1.2 for Windows VM-2.
Now Windows virtual machines can see each other and why should the traffic go through the Linux Box?

Thank you.

[scottgus1]

The IP address 192.168.1.1 for Windows VM-1 and 192.168.1.2 for Windows VM-2.

Each side of the Linux router VM needs a different IP range. So 192.168.1.#/24 for VM-1, and perhaps 172.16.1.#/24 for VM-2. Linux Router VM will route between 192.168.1.# and 172.16.1.#

Alsp, Please zip and post the .vbox files for all three VMs, so we can check the Internal networks' settings.

[hack3rcon]

The IP address 192.168.1.1 for Windows VM-1 and 192.168.1.2 for Windows VM-2.

Each side of the Linux router VM needs a different IP range. So 192.168.1.#/24 for VM-1, and perhaps 172.16.1.#/24 for VM-2. Linux Router VM will route between 192.168.1.# and 172.16.1.#

Alsp, Please zip and post the .vbox files for all three VMs, so we can check the Internal networks' settings.

Hello,
Thanks again.
I changed the IP addresses of Windows VM-1 and Windows VM-2 VMs. How about the IP addresses of Linux Box NICs?
Please see the attachment.

[scottgus1]

Looks like you haven't set up the Internal networks correctly:

<InternalNetwork name="intnet"/>

<InternalNetwork name="intnet"/>

<Adapter slot="1" enabled="true" MACAddress="080027BCC5A7" type="82540EM">
<InternalNetwork name="intnet"/>
<Adapter slot="2" enabled="true" MACAddress="080027E5267C" type="82540EM">
<InternalNetwork name="intnet"/>

between Windows VM-1 and Linux Box would be one Internal network, and between Linux Box and Windows VM-2 there would be a different Internal network. Each Internal network needs a different name.

VM1 - InternalA - Linux Box - InternalB - VM2

Because you have all four Internal network cards attached to the same Internal name, they are all attached to the one Internal "switch", see Virtualbox Networks: In Pictures: Internal Network, note the different Internal names and what happens.

All your VMs are peers of each other on this one "intnet" Internal "switch" and none of the VMs must go through a particular VM to reach the other VM.

See what you can make of this.

[hack3rcon]

Looks like you haven't set up the Internal networks correctly:

<InternalNetwork name="intnet"/>

<InternalNetwork name="intnet"/>

<Adapter slot="1" enabled="true" MACAddress="080027BCC5A7" type="82540EM">
<InternalNetwork name="intnet"/>
<Adapter slot="2" enabled="true" MACAddress="080027E5267C" type="82540EM">
<InternalNetwork name="intnet"/>

between Windows VM-1 and Linux Box would be one Internal network, and between Linux Box and Windows VM-2 there would be a different Internal network. Each Internal network needs a different name.

VM1 - InternalA - Linux Box - InternalB - VM2

Because you have all four Internal network cards attached to the same Internal name, they are all attached to the one Internal "switch", see Virtualbox Networks: In Pictures: Internal Network, note the different Internal names and what happens.

All your VMs are peers of each other on this one "intnet" Internal "switch" and none of the VMs must go through a particular VM to reach the other VM.

See what you can make of this.

Hello,
Thanks again.
So, my Linux Box must have two different internal networks:

Code: Select all

NIC1: intnet-1
NIC2: intnet-2

After it, In Windows VM-1 network settings I have to select the internal network named intnet-1 and in Windows VM-2 network settings I have to select the internal network named intnet-2. Am I right?

[scottgus1]

Yes, that sounds correct.

Then you have to make VM-2's side of the network a different IP range than VM-1's side:

The IP address 192.168.1.1 for Windows VM-1 and 192.168.1.2 for Windows VM-2.

Each side of the Linux router VM needs a different IP range. So 192.168.1.#/24 for VM-1, and perhaps 172.16.1.#/24 for VM-2. Linux Router VM will route between 192.168.1.# and 172.16.1.#

Note that how you'd route the 192.168 side to the 172.16 side and back is a Linux question, suitable for a Linux forum or help channel.

[hack3rcon]

Yes, that sounds correct.

Then you have to make VM-2's side of the network a different IP range than VM-1's side:

The IP address 192.168.1.1 for Windows VM-1 and 192.168.1.2 for Windows VM-2.

Each side of the Linux router VM needs a different IP range. So 192.168.1.#/24 for VM-1, and perhaps 172.16.1.#/24 for VM-2. Linux Router VM will route between 192.168.1.# and 172.16.1.#

Note that how you'd route the 192.168 side to the 172.16 side and back is a Linux question, suitable for a Linux forum or help channel.

Hello,
Thank you so much for your reply.
Why should I use two different internal networks when the IP address ranges are different?

[scottgus1]

I'm thinking from how house routers on the internet work. The private LAN side has private IP addresses for the LAN computers, and the internet on the public side of the router can have every other IP address except for private IP addresses. So the private side has a different IP address range than the public side, and the router passes traffic between the two.

Also, the computers on the private LAN side are not connected directly to the internet's public network connection. The private computers connect to the router with their own physical cables, and the public side connects to the router with its own separate cables. There is no connection between the private cables and the public cables except through the router.

So, to duplicate this, two separate Internal networks are needed, one to connect VM-1 to the router VM, and the other to connect VM-2 to the router VM.

It is apparently possible to have different IP ranges transceiving on the same cable, but that's beyond my knowledge to handle.

[hack3rcon]

I'm thinking from how house routers on the internet work. The private LAN side has private IP addresses for the LAN computers, and the internet on the public side of the router can have every other IP address except for private IP addresses. So the private side has a different IP address range than the public side, and the router passes traffic between the two.

Also, the computers on the private LAN side are not connected directly to the internet's public network connection. The private computers connect to the router with their own physical cables, and the public side connects to the router with its own separate cables. There is no connection between the private cables and the public cables except through the router.

So, to duplicate this, two separate Internal networks are needed, one to connect VM-1 to the router VM, and the other to connect VM-2 to the router VM.

It is apparently possible to have different IP ranges transceiving on the same cable, but that's beyond my knowledge to handle.

Hello,
Thank you so much.
I configured the Linux Box as the below:

Code: Select all

# ifconfig
CLIENT: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.2  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:fee5:267c  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:e5:26:7c  txqueuelen 1000  (Ethernet)
        RX packets 4549  bytes 315605 (308.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4083  bytes 275077 (268.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

NAT: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:fe7b:8f51  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:7b:8f:51  txqueuelen 1000  (Ethernet)
        RX packets 2309  bytes 168802 (164.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2025  bytes 1026930 (1002.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

SERVER: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.1.2  netmask 255.255.255.0  broadcast 172.16.1.255
        inet6 fe80::a00:27ff:febc:c5a7  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:bc:c5:a7  txqueuelen 1000  (Ethernet)
        RX packets 3092  bytes 221144 (215.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3314  bytes 220620 (215.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

And I wrote a routing command in each virtual machine as below:

Code: Select all

Client (192.168.1.1):
C:\> route ADD 172.16.1.0 MASK 255.255.255.0 192.168.1.2

Server (172.16.1.1):
C:\> route ADD 192.168.1.0 MASK 255.255.255.0 172.16.1.2

Now, both VMs can see each other through the Linux Box.

I have two questions:
1- You described how house routers on the internet work. Can you draw a diagram of what you said?

2- Wasn't this scenario possible through an internal network?

[scottgus1]

1: Web-searching "house router diagram" got some good pictures: https://stevessmarthomeguide.com/build-home-network/

2. I have seen networks where two different incompatible IP ranges are running on the same network switches and cables. There are also VLANs, which also run on the same switches and cables. But I don't know how to do those setups. Nor do I know if or how to get the two networks to cross-communicate.

You certainly could try. Put VM1, VM2, and Linux VM on the same internal network. Each VM has one network adapter, set to the same Internal network name. VM1 is 192.168.#.#, VM2 is 172.16.#.#. Linux VM? Got no clue. I think I've heard that one network adapter can have two IP addresses? maybe you could make the Linux VM have both 192.168 and 172.16 IPs.