I'll try to describe this the best I can within my limited tech-speak. I think what I need is to create a network like the one described in the manual here: "6.4. Network Address Translation Service". I am going to do this on a Windows 7 Pro host running the latest version of Virtualbox. My goal is to have a minimal linux guest running a VPN proxy client connected through the internet to a VPN server "out there". I only want this client to serve that purpose. Then I will use a second guest client running linux with its networking routed over to the first client running the proxy, so that the second VM client gets connected to the proxy and "off it goes". Because it would not be possible to put the proxy directly into the second client, I have to double-step it like this.
So, if I understand the instruction in the manual right, I would end up with a gateway as "192.168.15.1", which gets assigned automatically when I create the master network from the command line in the Windows host, like this: "VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on".
Therefore, I have to "tell" the first linux client VM to point my proxy at that gateway's IP address. That much I should be able to handle. Then, for sake of discussion, assuming that the DHCP server assigned the first client an IP address of, say, "192.168.15.2", can I then just tell the second client to use that same address, "192.168.15.2", as its gateway? Hopefully, this would make the second client VM connect to the first one, which would then allow it to make use of its proxy? Am I missing something? Thanks.
NAT Network
-
noteirak
- Site Moderator
- Posts: 5231
- Joined: 13. Jan 2012, 11:14
- Primary OS: Debian other
- VBox Version: OSE Debian
- Guest OSses: Debian, Win 2k8, Win 7
- Contact:
Re: NAT Network
You are not missing anything. It's all correct so far.
Hyperbox - Virtual Infrastructure Manager - https://apps.kamax.lu/hyperbox/
Manage your VirtualBox infrastructure the free way!
Manage your VirtualBox infrastructure the free way!
Re: NAT Network
Thanks, noteirak, for that first reply. Incidentally, since my previous email, I have upgraded the Windows host to Windows 10 Pro and updated to the latest version of Virtualbox. My first linux client was installed, and for now I have its networking functioning properly on a regular NAT setting in the VM. Currently, in this client's "/etc/resolv.conf" I have two nameservers listed, which actually got assigned by the Windows' host default values from the home lan. When I run ifconfig, I can see that Virtualbox's NAT setting resulted in this configuration:
inet 10.0.2.15
netmask 255.255.255.0
broacast 10.0.2.255
In this client's "/etc/conf.d/net", I have only the following setting: config_eth0="dhcp". I have installed dhcpcd as its dhcp client. It runs automatically while booting. Now, if possible, I would like to leave these data alone so that I can use them, but only whenever I want to connect this client for updating its system without being connected to the VPN proxy. When I am not updating the client's system, I would have it running normally through the proxy.
So, for additionally configuring this client to be used with NAT Networking mode on most occassions while connected through the proxy, it would seem as though I have a couple of options, but I only want to consider one of them at this point. Specifically, it seems like to me that I should be able to use the existing interface and settings, which I can easily enough switch on or off in the event of needing to update the system and turning off the proxy while doing so.
If I want to use these settings with the NAT Networking, while my proxy is enabled, just as I mentioned before, I could issue the following command in my Windows host to set up its network if I am not mistaken:
"VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on". If I used this setting, I could manually change the network type in the Virtualbox GUI for this client from NAT to NAT Network before starting the client. Then, when it boots, it should have this same interface now automatically configured with the following values:
inet 192.168.15.x
netmask 255.255.255.0
broacast 192.168.15.255
Likewise, as before, I will have configured the proxy to use this IP as its gateway: 192.168.15.1. Consequently, I should use this same IP as the gateway in the second client, to which I assume it should have access because I also started it with NAT Networking as the only option. Also, I can easily remove this network in the Windows host and recreate it each time with one command. I intend to start the proxy manually each time I need it, which is a simple matter of issuing only one command to run it.
by doing it like this, I would not have to set up two different interfaces on the client where the proxy will run most of the time. The values getting assigned to its single network interface would change automatically depending on whether I had the NAT Networking enabled, and I would change the network type in Virtualbox GUI. What am I missing if anything? Thanks.
inet 10.0.2.15
netmask 255.255.255.0
broacast 10.0.2.255
In this client's "/etc/conf.d/net", I have only the following setting: config_eth0="dhcp". I have installed dhcpcd as its dhcp client. It runs automatically while booting. Now, if possible, I would like to leave these data alone so that I can use them, but only whenever I want to connect this client for updating its system without being connected to the VPN proxy. When I am not updating the client's system, I would have it running normally through the proxy.
So, for additionally configuring this client to be used with NAT Networking mode on most occassions while connected through the proxy, it would seem as though I have a couple of options, but I only want to consider one of them at this point. Specifically, it seems like to me that I should be able to use the existing interface and settings, which I can easily enough switch on or off in the event of needing to update the system and turning off the proxy while doing so.
If I want to use these settings with the NAT Networking, while my proxy is enabled, just as I mentioned before, I could issue the following command in my Windows host to set up its network if I am not mistaken:
"VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on". If I used this setting, I could manually change the network type in the Virtualbox GUI for this client from NAT to NAT Network before starting the client. Then, when it boots, it should have this same interface now automatically configured with the following values:
inet 192.168.15.x
netmask 255.255.255.0
broacast 192.168.15.255
Likewise, as before, I will have configured the proxy to use this IP as its gateway: 192.168.15.1. Consequently, I should use this same IP as the gateway in the second client, to which I assume it should have access because I also started it with NAT Networking as the only option. Also, I can easily remove this network in the Windows host and recreate it each time with one command. I intend to start the proxy manually each time I need it, which is a simple matter of issuing only one command to run it.
by doing it like this, I would not have to set up two different interfaces on the client where the proxy will run most of the time. The values getting assigned to its single network interface would change automatically depending on whether I had the NAT Networking enabled, and I would change the network type in Virtualbox GUI. What am I missing if anything? Thanks.
-
noteirak
- Site Moderator
- Posts: 5231
- Joined: 13. Jan 2012, 11:14
- Primary OS: Debian other
- VBox Version: OSE Debian
- Guest OSses: Debian, Win 2k8, Win 7
- Contact:
Re: NAT Network
Seems like you got it all good again.
Hyperbox - Virtual Infrastructure Manager - https://apps.kamax.lu/hyperbox/
Manage your VirtualBox infrastructure the free way!
Manage your VirtualBox infrastructure the free way!
Re: NAT Network
But essentially, right, I don't know how the VPN proxy works. But just saying that your 1st guest is a VPN client. It uses e.g. OpenVPN's "redirect-gateway" directive, which means there is going to be a new interface (usually called tun0) that will get to be the new default route. Usually you get the IP address from the VPN server but it could also be fixed I believe.
So now you have a VPN connection with a tun0 device on an IP like 10.8.0.6.
Then it is a matter of setting it up for routing, right? That means using the FORWARD chain of iptables with the required source and destination interfaces and then you're set? I'm generally not sure how that works, I have never used routing without NAT/masquerading.
So you have two devices in your system: eth0 and tun0 (if you turn off SystemD's hideous naming scheme). And you use that for routing one to the other.
If this is correct, and it is set up correctly, then your question "can I just point the second guest to the first guest as the gateway" is essentially correct, that is to say: yes, that should work. That's really simple and easy, tha't s the way the system is constructed.
I'm not sure how much more difficult it could be. Seems like a good plan. You perhaps wouldn't need more than a minimal linux distribution for that.
So now you have a VPN connection with a tun0 device on an IP like 10.8.0.6.
Then it is a matter of setting it up for routing, right? That means using the FORWARD chain of iptables with the required source and destination interfaces and then you're set? I'm generally not sure how that works, I have never used routing without NAT/masquerading.
So you have two devices in your system: eth0 and tun0 (if you turn off SystemD's hideous naming scheme). And you use that for routing one to the other.
If this is correct, and it is set up correctly, then your question "can I just point the second guest to the first guest as the gateway" is essentially correct, that is to say: yes, that should work. That's really simple and easy, tha't s the way the system is constructed.
I'm not sure how much more difficult it could be. Seems like a good plan. You perhaps wouldn't need more than a minimal linux distribution for that.
Re: NAT Network
In the Virtualbox online instructions here: https://www.virtualbox.org/manual/ch06.htmlnoteirak wrote:Seems like you got it all good again.
I see the following lines:
"To delete the NAT network service use:
VBoxManage natnetwork remove --netname natnet1
This command does not remove the DHCP server if one is enabled on the internal network."
It is probably just my lack of technical savvy causing my concern, but, assuming that this is referring to the same DHCP server as I would have initially created when I started this NAT service and configured the internal network like so, using the same example from this online guide:
"To attach a DHCP server to the internal network, we modify the example as follows:
VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on"
How then would I go about removing the DHCP server? I mean, assuming I wanted to delete the entire internal network, I should also delete the now irrelevant DHCP server on it too. Should I not? Seems like a bad idea to have a lone-wolf server hanging around with no clients to serve anymore. Thanks.
Re: NAT Network
This statement is not clear to me, and it sounds more technical than I have learned at this point. I do not want to take several days trying to figure it out either, but I do appreciate your input, nonetheless.xen82 wrote:Then it is a matter of setting it up for routing, right? That means using the FORWARD chain of iptables with the required source and destination interfaces and then you're set? I'm generally not sure how that works, I have never used routing without NAT/masquerading.
Unfortunately, the previous scenario I was talking about will not work as I envisoned or explained it either. When I connect two linux VMs on the "NAT Networking," as I had hoped, both of them access the same gateway directly. Consequently, the second VM does not establish a network connection with the first one, the one running OpenVPN client, in order to pick up its proxy connection to the internet. The second one simply goes straight to the gateway. That will not work for me.
Perhaps, based on my limited technical skills, what I need, I think, is some sort of virtual switch. If the first linux VM had a connection to this switch, as well as having a second adapter for the internet connection with its OpenVPN proxy; then I could connect the second linux VM to the same switch. However, if I am not mistaken, unless I knew how to do a lot of networking configuration magic in the first VM, this second VM would have to use the same subnet as the first one so that the switch could transfer the data to and from it into the first VM's network.
I don't know that it would matter much in my situation, but I could configure the OpenVPN client in the first VM to use one of the phsical network adapters on the Windows host by adding this setting to its config: "local 123.123.123.123" for example. The physical machine has more than one NIC available to it.
The problem I see is that there appears to be no virtual switch application for Windows hosts supporting Virtualbox. On the other hand, I do see that Hyper-V supports it; and I may have to go this route although that would take a little learning how to set up too, but probably less technically demanding unless I am mistaken. The thing is, I do not have complex networking skills, and that limits my options.