virtualbox.org

I need to put the LAN of my pfsense vm and all vm backend servers on a different subnet from the hosts (and pfsenses WAN) subnet, but am unsure how to do this with virtualbox's network settings.

This is what I need my network layout to be:


mac os x (host 192.168.1.1) --- (192.168.1.2 WAN) pfsense (LAN 192.168.2.0) --- reverse proxy (192.168.2.1) --- backend-servers (192.168.2.0/24)


The current vm network, without pfsense in it, works - backend servers are locally and externally resolvable by public IP/domain and over ssh - but I'm having issues integrating pfsense in a host/vm environment.
All vms were in the 192.168.1.0/24 subnet, but I want to use NAT port forward rules with pfsense to vm servers behind it, so must change the LAN and backend servers subnet.

I tried creating host-only adapters in Preferences > Network, assigning these to each vm, and changing all IPs of the relevant servers to 192.168.2.0/24 addresses.
But this causes the vms to stall during boot.

I've read the virtualbox docs and googled this forum/web but can't find a good guide to putting guests on a different subnet, which network settings to use/create to do so, and how to ssh to guests when on a different subnet.
If anyone can explain how to do this for a noob, I'd appreciate.

Thanks

The easiest and for most the best way to use and test Windows domains in VirtualBox
Setup Windows Domain in VirtualBox
Same thing applies to Linux where you want to isolate the guests and still be able to reach the Internet. The trick is to use the Internal network.

Thanks I'm aware of the internal network adapter - and was hoping to put the pfsense LAN and backend servers on them for security...

but nothing I find, including the link you've posted explains how internal networks resolve to IPs, which I must use for my servers.

That linked page says...

The actual setup is of course outside the scope of this forum

but surely someone somewhere actually explains how these internal networks resolve to IP addresses and if it's possible to assign them within a particular subnet?

Without IP addresses, how do I ssh to each server from the host via pfsense, or even write a rule using IP addresses in my reverse proxy so port forwards to it are directed to the right backend server???

If assigning IP addresses for the internal network adapter beyond just naming them, isn't possible, does anyone know of a guide to putting vm guests on a different subnet to the host by explicity assigning them IP addresses in some settings somewhere in virtualbox?

An internal network is simply an emulation of a network switch.

How do machines connected to a physical network get their network config? From a DHCP server on one machine in the network. Virtual networks and virtual machines work just the same way. Ditto for how does the internal network communicate with the physical network? Just like a physical one, through PFSense. It has nothing to do with VirtualBox.

If you have a network config which works on a physical network it will work on a virtual network or a mixed physical/virtual network. The network protocols still work the same way. If you want more than one internal network, simply use a different network name. If you want to route between them install a router in a vm.

Sorry I wasn't clear in my original posts title, but I thought I made it clear in my network diagram -

I want to use static IP addresses on the different subnet - not DHCP assigned IP addresses from pfsense/reverse proxy/anywhere on my network.

I have no use for DHCP assigned IP addresses as I use rules in pfsense, the reverse proxy, and on the backend servers (in pf) based on static IP addresses assigned to vmnics on each vm.

Is DHCP a limitation of the internal network adapter type?

Or is it possible to assign static IP addresses to internal network adapters, just as it is possible to do so to host-only adapters by disabling their DHCP server?

If not, is there any other way to solve my original question - give guest vms static IP addresses on a different subnet than the host?

My preference is using the internal network adapter for added security, but I'll settle for host-only adapters if this is not possible.

Thanks

I would be inclined to have one of your images on the internal network run as a DHCP/DNS server (if not a full domain controller) and on there assign the static IPs.
Or if you really don't want you images to use DHCP for whatever reason, go into each VM and configure the network settings just like you would on a physical PC.

As BillG says, just because you are hosting this network via VMs doesn't really change how the actual network needs to be configured.

All the vm freebsd backend servers already have static IP addresses via their rc.conf, hosts, sshd_config, etc files.
These static IPs are the same as those in the network layout I presented in my original post.
pfsense will handle local DNS for the reverse proxy and all servers behind it.
I DO NOT WANT NOR DO I NEED DHCP FOR ANY PURPOSE.
And I do not want to have any server do the equivalent - assign IPs to any other server - whether they are listed or within a range.

I simply want to network these servers as they currently are set up using static IPs and as close as I can to how they would be in the real world.

All I ask is how to set a vm in a host to use a different subnet with static IPs, either using host adapter or preferably using an internal network adapter.


Do I simply change the host-only adapter static IPs of each vm to be in the new subnet and add to each the same named internal network adapter?
This way... would they share the same private internal network within the subnet their respective host-only adapter static IPs share?

I am only guessing... because no one here is giving any specific howto.


If you cannot give a specific example and explanation of how to answer my original question, please try to answer my previous posts questions:

- Is DHCP a limitation of the internal network adapter type?
- Or is it possible to assign static IP addresses to internal network adapters, just as it is possible to do so to host-only adapters by disabling their DHCP server?
- If not, is there any other way to solve my original question - give guest vms static IP addresses on a different subnet than the host?

Thank you

- Is DHCP a limitation of the internal network adapter type?

No

- Or is it possible to assign static IP addresses to internal network adapters, just as it is possible to do so to host-only adapters by disabling their DHCP server?

Yes

By default the Internal network does not even have DHCP available to it. So unless you have edited to have it enabled it is off by default. pFsense also has the ability to provide DHCP and provide leases but you don't have to use it.

If you want static addresses you simply use them. Then you create your rules to route the data however you need.

HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?
HOW?

This is ALL I ask.

To repeat myself again:

Do I simply change the host-only adapter static IPs of each vm to be in the new subnet and add to each the same named internal network adapter?

If NOT... HOW???

PS I'm well aware pfsense can have a dhcp server per interface - but as should be obvious from my posts - I have disabled this as I don't need/want it.
PPS As I have already stated earlier... I already have rules in pfsense, the reverse proxy, and per backend server (pf) that use the static IPs.

How about, while each vm is shut down, you simply change the NIC setting from Host Only to Internal? Remember to also change the "private" NIC of the PFSense machine to internal.