VirtualboxHostNetworkingAndWIFI

Revision 9 as of 2008-08-06 16:28:14

Clear message

Virtualbox host networking and WIFI

Scope of this howto

While being connected to your router (thus the Internet) via your computer WIFI card, enable host networking on a different subnet by bridging your unused ethernet card.

Your Virtualbox machines will be connected to the Internet as well.

Tested with Innotek Virtualbox 1.5.6, Sun xVM Virtualbox 1.6.0, 1.6.2 and Ubuntu 8.04 (Hardy)

Pre-requisites

One computer with:
WIFI controller eth0
ethernet controller eth1
Virtualbox
Internet connection thru eth0

All the bridge creation and host interface creation knowledge comes from Virtualbox help contents. (see chapter Host Interface Networking and bridging on Linux hosts)

How to - by example

Consider a connection to the internet via eth0 (WIFI) with IP 192.168.0.2 .
The bridge IP address will be 192.168.1.254 (note the difference of subnet between the wifi and the bridge).
Bridge br0 will include eth1 (ethernet card) and host interface tap0.

I will assume that virtualbox is up and running for the user joe.

Install the necessary tools

sudo apt-get install bridge-utils uml-utilities
sudo gpasswd -a $USER uml-net

At this stage /dev/net/tun owners should be root.uml-net, change accordingly if this is not the case. 

ls -l /dev/net/tun 
crw-rw---- 1 root uml-net 10, 200 2008-04-11 23:55 /dev/net/tun

UPDATE July 29: it seems that since a few updates (don't know which one unfortunately) the ownership of /dev/net/tun is reverted to root:root after each reboot so we have to chown and chmod everytime. There must be a rule in udev that we can change or create a script and link it in /etc/rc2.d. I am okay to change a udev rule IF it works, so far it does not.
Personally, I changed the ownership of /lib/udev/devices/net/tun so that /net/dev/tun is created (copied apparently) with the correct permissions. (reboot necessary afterwards unless someone has another solution) 

sudo chgrp uml-net /lib/udev/devices/net/tun
sudo chmod g+rw /lib/udev/devices/net/tun

Edit /etc/network/interfaces

A fresh /etc/network/interfaces should look like the following (or be quite similar) 

auto lo
iface lo inet loopback

If you want to create a permanent host interface
change /etc/network/interfaces to 

auto lo
iface lo inet loopback

auto tap0
iface tap0 inet manual
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
tunctl_user joe    ###replace joe with the name of your user member of vboxusers and uml-net groups##

auto br0
iface br0 inet static
address 192.168.1.254
netmask 255.255.255.0
    bridge_ports eth1 tap0
    bridge_maxwait 0

Add as many host interfaces as desired on the same principle.

I prefer dynamic host interfaces
change /etc/network/interfaces to 

auto lo
iface lo inet loopback

auto br0
iface br0 inet static
address 192.168.1.254
netmask 255.255.255.0
    bridge_ports eth1
    bridge_maxwait 0

To create dynamic tap interfaces (from the virtualbox help, 6.7.2. Creating interfaces dynamically when a virtual machine starts up):
* create a start up script (wherever you want, just remember where), replace joe with your user member of vboxusers and uml-net groups 

cat > /home/joe/addtap.sh <<eof
#!/bin/bash

# Create an new TAP interface for the user 'joe' and remember its name.
interface=`VBoxTunctl -b -u joe`## replace joe with your user

# If for some reason the interface could not be created, return 1 to
# tell this to VirtualBox.
if [ -z "$interface" ]; then
exit 1
fi

# Write the name of the interface to the standard output.
echo $interface

# Bring up the interface.
ifconfig $interface up

# And add it to the bridge.
brctl addif br0 $interface
eof

chmod u+x /home/joe/addtap.sh

* create an end script 

cat > /home/joe/deltap.sh <<eof
#!/bin/bash

# Remove the interface from the bridge.  The second script parameter is
# the interface name.
brctl delif br0 $2

# And use VBoxTunctl to remove the interface.
VBoxTunctl -d $2
eof

chmod u+x /home/joe/deltap.sh

In the virtual machine network settings, do the following changes
attached to: host interface
interface name: (nothing, leave it empty)
setup application: gksudo /home/joe/addtap.sh
terminate application: gksudo /home/joe/deltap.sh

if you wish to avoid typing your password when the tap interface is created, add the following line to your sudoers file 

sudo visudo
%vboxusers ALL=(ALL) NOPASSWD: /home/joe/addtap.sh, /home/joe/deltap.sh

Restart networking 

sudo invoke-rc.d networking restart

Enable IP forwarding

Enable IP forwarding by uncommenting line 38 in /etc/sysctl.conf 

net.ipv4.ip_forward=1

Create a firewall service

While it is not necessary to create a firewall service to enable masquerading, it will be much easier to activate if you do so. 

sudo vi /etc/init.d/firewall
#/bin/bash

start() {
        echo "Creating iptables rule"
        iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
}

stop() {
        echo "Flushing iptables"
        iptables -P INPUT ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P OUTPUT ACCEPT
        iptables -t nat -P PREROUTING ACCEPT
        iptables -t nat -P POSTROUTING ACCEPT
        iptables -t nat -P OUTPUT ACCEPT
        iptables -F
        iptables -t nat -F
        iptables -X
        iptables -t nat -X
}

case $1 in
        start)  start;;
        stop)   stop;;
        restart) stop;
                        start;;
        status) /sbin/iptables -L
                /sbin/iptables -t nat -L
                exit 0;;
        *)      echo "Usage: firewall {start|stop|restart|status}"
                exit 1
esac
exit

Make the file executable 

sudo chmod u+x /etc/init.d/firewall

Create links for the service to be started/stopped automatically 

sudo update-rc.d firewall defaults

Start the service 

sudo invoke-rc.d firewall start

Host interface IP in the virtual machine

Assign tap0 as a host interface to your virtual machine.

2 possibilities (at least) for the host interface IP address:

No DHCP server

If you have no dhcp server serving the 192.168.1.0 range, you will need to assign an IP address in the 192.168.1.0 range to your virtual machine once it is started. 

sudo ifconfig eth0 192.168.1.253

It will be necessary to add 192.168.1.254 as a default route as well 

sudo route add default gw 192.168.1.254

If you want to make it permanent in you virtual machine, edit /etc/network/interfaces of your virtual machine. 

auto eth0
iface eth0 inet static
address 192.168.1.253
netmask 255.255.255.0
gateway 192.168.1.254

DHCP server

You have a dhcp server serving on the 192.168.1.0 range either locally (laptop): make sure the gateway given by dhcp is the ip of your bridge br0

or on your ethernet LAN connection: nothing to do (in that case, your access to the internet will occur thru ethernet most certainly and not thru WIFI)

James Dupin

CategoryNetworking