Virtualisation VirtualBox networks
Mayank Sharma finds virtualisation software has decent networking skills.
Never happy with the default setup, Mayank Sharma shows you how to piece together a network, knowing that the firewall has all the pipes blocked.
VirtualBox is a wonderful application that has democratised virtualisation, a critical enterprise technology, and made it accessible to the average desktop user. Using the app’s graphical interface you can get up and running creating virtual machines in no time.
Despite being easy to use, VirtualBox packs in some advanced features. Of note is its networking prowess, which allows the software to emulate a variety of network setups. The majority of VirtualBox’s networking features are housed within the Network settings dialog. Right-click any virtual machine (VM) and head to Settings> Network to bring these up. As you will notice, you can attach four virtual network interface controllers (NICs) to a VM.
There are two important parameters that define the behaviour of these virtual NICs. First, you have to choose what type of adaptor the NIC should emulate: you are given options such as Intel PRO/1000 MT Desktop (82540EM), PCnet-FAST III (Am79C973), a Paravirtualized Network (virtio-net) and more. Second, and more importantly, you have to decide how they operate with respect to your host’s physical network ( seebox,right). The choice of the virtual NIC adaptor type comes down to whether the guest has drivers for that NIC. VirtualBox automatically suggests the correct adaptor type based on the guest OS it’s connected to – you don’t really need to modify this setting.
However, the choice of networking mode depends on various factors. Do you want the VM to be part of your main network? Will the VM be running a server? Do you want other machines on your network to be able to connect to the VM? By default, the virtual NICs function as NAT adaptors and can access the Internet via the host. Most users, however, prefer to switch to the bridged adaptor type, which makes the VM an independent member of the main network.
The disadvantage of a bridged adaptor is that it exposes the VMs to the real network. Furthermore, if you operate many VMs you can run out of IP addresses or your network administrator becomes fed up with you asking for statically assigned IP addresses for the servers running inside the VMs. This is why most network administrators wouldn’t permit you to network VMs via more than one bridged adaptor. So what if you want to run a server inside your virtual machine without creating multiple bridges to the real network?
Security by isolation
One of the most popular uses for VirtualBox is as a test environment for running everything from individual apps to even complete operating systems, before deploying them on a real machine. Similarly, thanks to the app’s networking dexterity, you can use it to test network software by creating a virtual lab that’s isolated from the real network.
To put this into practice, let’s create an IPFire firewall ( www.ipfire.org) server inside a VM that will have two virtual NICs. One will be connected to the Internet and the other will be connected to the other VMs on this machine. The firewall will issue IP addresses to these other VMs, which will connected to the Internet via the firewall virtual machine.
First, set up a standard VM running any Linux distro. For this tutorial we’re creating a VM for the IPFire server with 512MB of RAM and a single processor. Then open this VM’s Settings window and switch to the Network tab to attach the two virtual NICs. In the Adaptor 1 tab, make sure it’s attached to the bridged adaptor. This NIC will connect the firewall server and the VMs it services to the Internet. Then switch to Adapter 2 tab and enable it. Use the Attached To: pulldown menu and select the option labelled Internal Network. The other VMs in our network will connect to the firewall server via this NIC.
That’s all there’s to it. The rest is in the configuration of the IPFire server. Once we’ve set up the server, any virtual machine on this computer that uses the same Internal Network as the one on the server will be able to communicate seamlessly through the firewall server.
Set up the virtual network
The firewall server will act as the gateway to the virtual network. Point the server’s virtual optical drive to the IPFire installation ISO image and boot it up. Follow through the
firewall’s installation process with the default options, which will install IPFire as the sole distro inside the VM. When you reboot the VM post-installation, you’ll be asked for a set of passwords for the root and the admin user.
Now comes the crucial part where you have to configure the roles for the NICs attached to this firewall server. IPFire supports several different modes. The default mode, known as Green + Red, is designed for machines that have two network adaptors like our VM. Once you’ve selected this mode in the Network Configuration Type, select the Drivers and cards assignment option to assign the NICs to either of the modes. The adapter listed first is the Bridged NIC, which you should mark as the Red interface and the Internal Network adaptor as the Green interface. You can identify the NICs by comparing their MAC address to the ones listed in the Network settings window in VirtualBox.
Next scroll down to the Address Settings option and configure the Green interface. Assign it 10.0.0.1 as the IP address with a Netmask of 255.255.255.0. For the Red interface select the DHCP option. Now move on to the DNS / Gateway settings option and enter 8.8.8.8 as the primary and 8.8.4.4 as the secondary DNS.
Hand out addresses
When you’re done with the network settings, IPFire’s setup wizard will bring up the options to configure the DHCP server, which will hand out addresses to all VMs that will be hooked to the firewall VM. Activate the DHCP Server and enter 10.0.0.10 in the Start Address field and 10.0.0.30 in the End Address field. This instructs the firewall server to hand out addresses between these two values to any connecting VMs in our virtual network.
That’s it. Save the settings and enable IPFire to boot up to the login prompt. Now change the network settings of any other VM and switch its virtual NIC to the Internal Network mode. When you boot up this VM it’ll make it possible to access the Internet like before. However, now the data is flowing through the IPFire firewall server. To verify this, enter the ipconfig command in the terminal of this VM, which will have an address between the specified ranges (10.0.0.10 to 10.0.0.30). In addition, head to https://10.0.0.1:444 from any VM on the internal network and you’ll get to IPFire’s webbased administration panel. Use admin as the user and the password you assigned to it earlier while setting up IPFire.
You now have a virtual network setup within VirtualBox that’s doling out addresses to other VMs. These can all access each other as well as the internet via the firewall VM. Explore the IPFire interface to setup the firewall and test its behaviour on the VM in the virtual LAN.