VirtualBox

Changes between Initial Version and Version 1 of Advanced_Networking_Linux


Ignore:
Timestamp:
Mar 21, 2007 3:25:20 PM (18 years ago)
Author:
Michael Thayer
Comment:

HOWTO on advanced Linux networking

Legend:

Unmodified
Added
Removed
Modified
  • Advanced_Networking_Linux

    v1 v1  
     1Advanced Network setting for Linux[[BR]]
     2Contributed by Jean-Jacques Sarton, 2007/03/21
     3
     4The virtual machine may be fully integrated into the network and you may have access between all virtual machine and the host if you do a little bit more.
     5
     6A bridge can contain only one physical/virtual device. So you can create your bridge as follow:
     7
     8{{{
     9#!/bin/sh
     10# set PATH for the case we are called via sudo or su root
     11
     12PATH=/sbin:/usr/bin:/bin:/usr/bin
     13
     14# create a tap
     15tunctl -t tap1 -u <user>
     16ip link set up dev tap1
     17
     18# create the bridge
     19brctl addbr br0
     20brctl addif br0 tap1
     21
     22# set the IP address and routing
     23ip link set up dev br0
     24ip addr add 10.1.1.1/24 dev br0
     25ip route add 10.1.1.0/24 dev br0
     26}}}
     27
     28With this code you will be able to contact the virtual machine attached to the Host Interface tap1 from the host and the host from the virtual machine.
     29The IP adress should not conflict with the main IP address of your PC which will probably been within the range 192.168.0.0/16.
     30
     31With these settings we will not have an access to the external world from the virtual machine. How to do this will be explained later.
     32
     33If we plan to use more as one virtual machine we can add further tap devices to the bridge. The script can be modified as follow:
     34
     35{{{
     36#!/bin/sh
     37# set PATH for the case we are called via sudo or su root
     38
     39PATH=/sbin:/usr/bin:/bin:/usr/bin
     40USER=<name of the vm user>
     41
     42NUMBER_OF_VM
     43# create the bridge
     44brctl addbr br0
     45
     46# create the taps and insert them into the bridge
     47
     48NB=1
     49while [ $NB -lt $NUMBER_OF_VM
     50do
     51   tunctl -t tap$NB -u $USER
     52   ip link set up dev tap$NB
     53   brctl addif br0 tap$NB
     54   let NB=$NB+1
     55done
     56
     57# set the IP address and routing
     58ip link set up dev br0
     59ip addr add 10.1.1.1/24 dev br0
     60ip route add 10.1.1.0/24 dev br0
     61}}}
     62
     63Now we will be able to start the virtual machines 1 to n, the virtual machine
     64are to be attached to tap1, tap2, ...tapn.
     65
     66Settings within the virtual machines. You may use the tools provided by the guest system in order to configure the device used for the network connection or set the ip address manually or via a script. On linux the commands which are to be called manually are:
     67
     68{{{
     69ip link set up dev eth0
     70ip addr add 10.1.1.2/24 dev eth0
     71ip route add default via 10.1.1.1 dev eth0
     72}}}
     73
     74You must also edit the file /etc/resolv.conf in order to be able to resolve network names such as www.virtualbox.org or local names. The content of this file can be the same as for the resolv.conf file on your computer.
     75
     76You may also assign the address via DHCP, in this case the dhcpd daemon must work on the host machine.
     77A simple configuration shall look as follow:
     78
     79{{{
     80ddns-update-style interim;
     81ignore client-updates;
     82
     83subnet 10.1.1.0 netmask 255.255.255.0 {
     84
     85# --- default gateway
     86        option routers                  10.1.1.1;
     87        option subnet-mask              255.255.255.0;
     88
     89        option domain-name              "domain.org";
     90        option domain-name-servers      10.1.1.1;
     91
     92#       option ntp-servers              10.1.1.1;
     93
     94        range dynamic-bootp 10.1.1.2 10.1.1.254;
     95        default-lease-time 21600;
     96        max-lease-time 43200;
     97}
     98}}}
     99
     100If you want to use zeroConf rendez-vous/Bonjour for automatic setting of the IP address for the guests you shout use an addres in the range 169.254.0.0/16 for the host eg 169.254.0.1.
     101
     102Connecting the internal network to the world.
     103
     104With the above scenario we don't have access to the wide world and will not
     105ne able to update a guest system or download anythings. In order ot get this working we must configure the main system so that it do NAT.
     106
     107The simplest way should be to insert the interface used for the connection to the internet and using the dhcp server provided by the router (if you are attached to the internet via a DSL router). I we do so, all systems can reach the web and you may surf or download files within your virtual machine.
     108
     109If you want that the machine are not normally connected to the wide world
     110you can set you host machine (and unset it) for a temporary connection
     111to the world.
     112
     113Setting NAT can be do with the following code
     114
     115{{{
     116INTIF="br0"
     117EXTIF="eth0"
     118echo 1 > /proc/sys/net/ipv4/ip_forward
     119
     120# clear existing iptable rules, set a default policy
     121iptables -P INPUT ACCEPT
     122iptables -F INPUT
     123iptables -P OUTPUT ACCEPT
     124iptables -F OUTPUT
     125iptables -P FORWARD DROP
     126iptables -F FORWARD
     127iptables -t nat -F
     128
     129# set forwarding and nat rules
     130iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
     131iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
     132iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
     133
     134Setting will be do with
     135
     136# clear existing iptable rules, set a default policy
     137iptables -P INPUT ACCEPT
     138iptables -F INPUT
     139iptables -P OUTPUT ACCEPT
     140iptables -F OUTPUT
     141iptables -P FORWARD DROP
     142iptables -F FORWARD
     143iptables -t nat -F
     144
     145# disable forwarding
     146echo 0 > /proc/sys/net/ipv4/ip_forward
     147echo 1 > /proc/sys/net/ipv4/ip_dynaddr
     148}}}
     149
     150If a firewall is already installed you may also enable/disable the access to the internet calling:
     151
     152{{{
     153# insert NAT rule
     154iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
     155# enable forwarding
     156echo 1 > /proc/sys/net/ipv4/ip_forward
     157}}}
     158
     159and disabling the internet access with:
     160
     161{{{
     162# remove NAT rule
     163iptables -t nat -F
     164# disable forwarding
     165echo 0 > /proc/sys/net/ipv4/ip_forward
     166}}}
     167
     168Connection via Ipv6
     169
     170Since the Ipv6 Address range is limited to approximately 3.5^9 addresses and most of them are already used, the next generation of the Internet protocol was developed. A major advantage of Ipv6 is that there are enough room for providing all systems with unique and  world wide valid without the need of special thinks as NAT or STUN. With the advance of technology and use of IP based services for computers, IP-based telephones and so on the need of an extended range of IP address increase considerably.
     171
     172With IPv6 the full connectivity to the net will become real and  the communication between different systems will be easier.
     173
     174All major OS (BSD, Linux MacOS X and other UNIX like systems support actually IPv6. This is also the case for Windows Vista and Windows XP (on XP you may need some supplements from Microsoft).
     175
     176If you have a connection to the IPv6 world via a provider as SIXXS.NET or
     177use 6to4 (Protocol 41) you will get an IPv6 main Address and have the possibility to use own segments for your local network. Each of the systems will be connected to the IPv6 network without the need of NAT and so on.
     178
     179For this case we assume that you will try IPv6 on a virtual machine and
     180get your first experiences with IPv6 based network.
     181
     182A further assumption is that you have a fix IPv6 address from sixxs.net or an other supplier and also the ability to configure your own segment.
     183
     184The address you will get may look as 2001:XXXX:YYYY:ZZZZ::2 (XXXX, YYYY ans ZZZZ are hexadecimal coded values). This will be the main address for connection to IPv6 via a tunnel. If your supplier provide you with the ability to use segments you will get the main part of the IPv6 Address you may use (Prefix) and this should be 2001:XXXX:SSSS::/48 XXXX. You can with this use the prefixes 2001:XXXX:SSSS:0000::/64 up to 2001:XXXX:SSSS:ffff::/64 within your IPv6 network.
     185
     186For the bridge you will need an own interface or tap device, it shall not be connected to your main interface port.
     187
     188A script for setting the bridge look as for the example above, there are only a fews differences.
     189
     190{{{
     191#!/bin/sh
     192# set PATH for the case we are called via sudo or su root
     193
     194PATH=/sbin:/usr/bin:/bin:/usr/bin
     195
     196# create a tap
     197tunctl -t tap1 -u <user>
     198ip link set up dev tap1
     199
     200# create the bridge
     201brctl addbr br0
     202brctl addif br0 tap1
     203
     204# set the IP address and routing
     205ip link set up dev br0
     206ip -6 addr add 2001:XXXX:SSSS:1::1/64 dev br0
     207ip -6 route add 2001:XXXX:SSSS:1:/64 dev br0
     208}}}
     209
     210On the virtual machine you can use the automatic router and ip setting feature  provided by IPv6. In this case you should install radvd (provided by most Linux distributions) and modify the file /etc/radvd.conf:
     211
     212{{{
     213interface br0
     214{
     215       AdvSendAdvert on;
     216       MinRtrAdvInterval 30;
     217       MaxRtrAdvInterval 100;
     218       prefix 2001:XXXX:SSSS:1::/64
     219       {
     220            AdvOnLink on;
     221            AdvAutonomous on;
     222            AdvRouterAddr on;
     223       };
     224};
     225}}}
     226
     227The interface (br0) and the IPv6 prefix must be modified, the other values are normally OK.
     228
     229On the virtual host you must not do anythings, the IPv6 Address and the routing will be set automatically. The only problem is that DNS will not work.
     230You may reach other host within the IPv6 net if you use the IPv6 Address directly.
     231On Linux and UNIX like systems you can solve the DNS problem if you put into the file /etc/resolv.conf the IPv6 address of the name server. Your DNS server will probably not have an IPv6 Address and your virtual host will not
     232deal with Ipv4 Addresses.
     233In order to solve this problem you can download ptrtd and totd. After compiling, configuring then and starting them you must only edit the /etc/resolv.conf file and put there the line nameserver 2001:XXXX:SSSS:1::1
     234to this file and you will have full connection to the Ipv4 and Ipv6 worlds.
     235Totd (Trick or Treat Daemon)  ftp://ftp.pasta.cs.uit.no/pub/Vermicelli is a caching nameserver which look first fo IPv6 addresses and if there is  no such
     236address look for the IPv4 address and build an IPv6 address which will have the configured prefix.
     237Ptrtd (Portable Transport Relay Translator Daemon) hear recponize such address and translate the IPv6 ethernet frames to IPv4 Frames and for frames returned from the outside convert them to IPv6.
     238
     239Compiling Totd may fail, but you can fix this if you edit the file Makefile and delete the option -Werror.
     240Totd is normally installed under /usr/local/sbin and expect the configurations file totd.conf under the directory /usr/local/etc.
     241This file shall contain the following:
     242
     243{{{
     244forwarder YOUR_IPv4_ADDRESS
     245prefix 2001:XXX:SSS:N::
     246pidfile /var/run/totd.pid
     247}}}
     248
     249YOUR_IPv4_ADDRESS and 2001:XXX:SSS:N:: are to be replaced with proper values, N is the segment number for translated IPv4 addresses and may be for example 4.
     250
     251For ptrtd there is no configuration file, so you must start it as follow:
     252{{{
     253ptrtd -p 2001:XXX:SSS:N::
     254}}}
     255
     256Name resolution for you IPv6 Network
     257
     258The easiest way is to run avahi on your host and on the guest systems the corresponding service. Avahi is the Zeroconf implementation on Linux and is available on the most recent distributions. ZeroConf was originally developed by Apple and is available under Mac OSX.
     259Under Linux you shall edit the file /etc/nsswitch.conf and modify the hosts line according the following:
     260hosts:  files dns mdns6
     261This shall be done for the host system and the Linux virtual machine. Please refer also to the avahi documentation.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette