NATing with VirtaulBox and NetworkManager

For what it's worth,

I use VirtualBox on my fedora laptop.  Now, I need to access the guest OS from
the host as well as access the host from the guest.  Using the normal "NAT" that
is built into VirtualBox doesn't allow that.  I also can not use the Bridging
method explained in the manual, so I've done the following that works with
NetworkManager.

I need to have the guest access the net wither I'm using wireless or switch to
wired.  I setup a 'tap0' device that I assign an address, then I make sure that
the iptables firewall will let me NAT and setup MMASQUERADE for what ever device
is active.  You just need to assign a static ipaddr to the guest and make sure
that the gateway on the guest is the ipaddr of the tap0 device.

Any suggestions for improvement are greatly encouraged.


I've setup a dispatcher to do all of the work for me.

#!/bin/bash

PATH=/sbin:/usr/bin:/usr/local/bin:/bin:/usr/bin:/usr/sbin

if [ -x /usr/bin/logger ]; then
        LOGGER="/usr/bin/logger -s -p user.notice -t NetworkManagerDispatcher"
else
        LOGGER=echo
fi

getinterface() {
  NAME=$1
  ip link show | grep ": $NAME" | while read L; do
    OIFS=$IFS
    IFS=" :"
    set $L
    IFS=$OIFS
    echo $2
  done
}

NIC=$1
OPERAND=$2

## chown the device for virtualbox
chown root.vboxusers /dev/net/tun
chmod g+rw /dev/net/tun

# check if tap0 is already defined
interface=$(getinterface tap0)

## if not defined, then create it using openvpn
## and give it an address
if [ -z "$interface" ]; then
    openvpn --mktun --dev tap0
    #VBoxTunctl -t tap0 -u bpm
    ip link set up dev tap0

    ip addr add 192.168.89.1/24 dev tap0
    ip route add 192.168.89.0/24 dev tap0
fi

## make sure the active NIC is the one routing.
case "$OPERAND" in
    up)
        echo 1 > /proc/sys/net/ipv4/ip_forward
        iptables -t nat -F
        iptables -t nat -A POSTROUTING -o $NIC -j MASQUERADE
        ;;
    down)
        echo 0 > /proc/sys/net/ipv4/ip_forward
        iptables -t nat -F
        ;;
esac


--
Brian Millett - [ Col. Ben Zayn & Garibaldi, "Eyes"]
"Mr. Garibaldi. Very good."
'You know me?'
"Intimately. Fix you a drink?"
'I don't drink.'
"Really? Good. It's a vile habit when abused. Makes a soldier weak.
    Gets him in a *lot* of trouble."
_______________________________________________
NetworkManager-list mailing list
NetworkManager-list@...
http://mail.gnome.org/mailman/listinfo/networkmanager-list

I do something similar, only using bridging.  I know you said this doesn't
work for you, though I'm not sure why that is the case.  On boot I bring up a
tap interface without an address, bridge it as the sole interface to br0, and
assign br0 an ip address on a subnet unique to my laptop.  I then have two
vbox tap interfaces that are configured as per VirtualBox's manual using the
software's internal tap handling.  These interfaces belong to a WinXP VM and
a Win2k3 demo VM, and I've set VirtualBox to bridge them to br0.  Since
VirtualBox struggles with Solaris and FreeBSD guests, I've installed VMWare
player and configured it to bridge to br0 as well.  This allows me to run
Solaris 10 VMs and a FreeBSD VMs through VMWare Player.  The result is that
all of my virtual machines can communicate with each other and my laptop,
regardless of which VM software is used.  I use a dispatcher script similar
to what you posted to select the proper interface for masquerading and to
bring up an iptables firewall to protect my virtual network.  However, I also
run DHCP and BIND9 services on br0 to allow easy network configuration and
name resolution for the VMs on the virtual network.  I'm not sure if this is
at all helpfull, but you asked for suggestions for improvement.  :)

Bob Z.

On Thursday 08 November 2007 2:08:21 pm Brian Millett wrote:

_______________________________________________
NetworkManager-list mailing list
NetworkManager-list@...
http://mail.gnome.org/mailman/listinfo/networkmanager-list