| 7 | | NOTE: as of kernel 2.6.18 and later (i.e. with Ubuntu 7.04) this stopped working, as now normal users are no longer allowed to dynamically create TAP devices. See the !VirtualBox user manual for details of how to do this is done in current versions of !VirtualBox (1.4.0 and later). |
| 8 | | |
| 9 | | = 1. Introduction = |
| 10 | | |
| 11 | | This is a quick tutorial on how to setup your Linux environment and !VirtualBox, |
| 12 | | so that it can automatically create network interfaces and put them in bridge |
| 13 | | when the VM is launched. |
| 14 | | |
| 15 | | In fact the Vbox User Manual has all the details that you need to accomplish it, but I thought it would be better to give some more "hands on" for you guys ;) |
| 16 | | |
| 17 | | I've tested this setup in my home computer, running Kubuntu 6.10. I've an ADSL |
| 18 | | modem to which I connect through my eth0 port. The modem has DHCP, so I get my IP automatically. |
| 19 | | |
| 20 | | = 1.1 What is bridging anyway? = |
| 21 | | |
| 22 | | Well... I thought you would already know it (since you are reading this howto). |
| 23 | | But hey... let me try to give you a brief explanation. Bridging in the sense we |
| 24 | | are working here, is to configure your computer, so that, some (or all), of the |
| 25 | | networks it has connected to it will look like they are in fact one single |
| 26 | | network. |
| 27 | | |
| 28 | | One example of its use is if you have a notebook that can connect to your home |
| 29 | | computer through a wireless adapter and the home computer is also connect to the Internet (or to any other network) through a cable. To make the notebook able to access the Internet you have to options: routing(ref 1) and bridging(ref 2). Both solutions will work, but if you do routing only TCP/IP packets will be able to be exchanged (ok, ok, 90% of the world uses TCP/IP but hang with me). On the other hand bridging will give you a lot more of flexibility, since now the notebook will appear is it were direct connect to the other network, just like you. Doing so the notebook can then get its own IP address with DHCP, and you (and anybody on the same network than you) will be able to exchange any packet with the notebook without any problem. |
| 30 | | |
| 31 | | What happens here is that your computer was turned in a Switch (or a HUB), and |
| 32 | | simple connects all machines that are connected to it, like you had cables connection every one of them. To do this on linux you create a "virtual" interface, that will be the actual bridge, and simple "plug" all interfaces you |
| 33 | | want to be connect to it. So what we will do here is configure a single bridge, and say that our network interface (usually eth0), and all network interfaces created by the VMs, will be connected to it. |
| 34 | | |
| 35 | | = 1.2 Prerequisites = |
| 36 | | |
| 37 | | Before continuing the first thing you're going to need is make sure you have |
| 38 | | tunctl and brctl in your machine (the program `VBoxTunctl` is shipped with !VirtualBox starting from version 1.4.0). These are the programs that we will use in the next sections to create our virtual interfaces and our bridge. |
| 39 | | |
| 40 | | In Ubuntu these two programs are on the uml-utilities and bridge-utils packages, respectively. |
| 41 | | |
| 42 | | To install these packages issue the following command: |
| 43 | | |
| 44 | | {{{ |
| 45 | | sudo apt-get install bridge-utils uml-utilities |
| 46 | | }}} |
| 47 | | |
| 48 | | = 2. Configuring the bridge = |
| 49 | | |
| 50 | | Ok, so lets start with the fun ;) |
| 51 | | |
| 52 | | First of all, lets configure the network setup so that you will have a br0 |
| 53 | | interface at boot, and your network interface (eth0) will be part of it. |
| 54 | | |
| 55 | | To accomplish this in Ubuntu I've configured my /etc/network/interfaces to look |
| 56 | | something like this: |
| 57 | | |
| 58 | | {{{ |
| 59 | | auto br0 |
| 60 | | iface br0 inet dhcp |
| 61 | | bridge_ports eth0 |
| 62 | | |
| 63 | | auto eth0 |
| 64 | | iface eth0 inet manual |
| 65 | | }}} |
| 66 | | |
| 67 | | Quite simple huh? With this setup you should have what we want. To test it |
| 68 | | immediately run reinitialise the network: |
| 69 | | |
| 70 | | {{{ |
| 71 | | sudo /etc/init.d/networking restart |
| 72 | | }}} |
| 73 | | |
| 74 | | After it finish its job, doing an |
| 75 | | {{{ |
| 76 | | ifconfig |
| 77 | | }}} |
| 78 | | should show you something like this: |
| 79 | | |
| 80 | | {{{ |
| 81 | | br0 Encapsulamento do Link: Ethernet Endereço de HW 00:11:D8:37:D8:B9 |
| 82 | | inet end.: 192.168.1.2 Bcast:192.168.1.255 Masc:255.255.255.0 |
| 83 | | endereço inet6: fe80::211:d8ff:fe37:d8b9/64 Escopo:Link |
| 84 | | UP BROADCAST RUNNING MULTICAST MTU:1500 Métrica:1 |
| 85 | | pacotes RX:6973 erros:0 descartados:0 excesso:0 quadro:0 |
| 86 | | Pacotes TX:7301 erros:0 descartados:0 excesso:0 portadora:0 |
| 87 | | colisões:0 txqueuelen:0 |
| 88 | | RX bytes:3557787 (3.3 MiB) TX bytes:932172 (910.3 KiB) |
| 89 | | |
| 90 | | eth0 Encapsulamento do Link: Ethernet Endereço de HW 00:11:D8:37:D8:B9 |
| 91 | | endereço inet6: fe80::211:d8ff:fe37:d8b9/64 Escopo:Link |
| 92 | | UP BROADCAST RUNNING MULTICAST MTU:1500 Métrica:1 |
| 93 | | pacotes RX:184453 erros:75 descartados:0 excesso:0 quadro:0 |
| 94 | | Pacotes TX:255573 erros:0 descartados:0 excesso:0 portadora:0 |
| 95 | | colisões:0 txqueuelen:1000 |
| 96 | | RX bytes:23372490 (22.2 MiB) TX bytes:136539269 (130.2 MiB) |
| 97 | | IRQ:217 Endereço de E/S:0x6000 |
| 98 | | }}} |
| 99 | | |
| 100 | | Note that br0 is the interface that gets the IP. The eth0 is like a "dummy" |
| 101 | | interface. |
| 102 | | |
| 103 | | = 3. Giving the needed access = |
| 104 | | |
| 105 | | Ok, now we need to give some permissions to devices and files. Note that, as |
| 106 | | everything involving permissions, there is always some risk involved on it. But |
| 107 | | hey, its for a good cause! |
| 108 | | |
| 109 | | = 3.1 /dev/net/tun = |
| 110 | | |
| 111 | | First things first, to allow VBox to automatically create the virtual interface |
| 112 | | it needs to have write access to /dev/net/tun. The best way I thought of doing it (without doing a chmod 666), was to change the ownership of the device to the vboxusers group. Since everybody that will run VBox will already be part of that group, this looked like a good solution. After that we need to give write |
| 113 | | permissions to the members of the group. Following are the commands: |
| 114 | | |
| 115 | | {{{ |
| 116 | | sudo chown root.vboxusers /dev/net/tun |
| 117 | | sudo chmod g+rw /dev/net/tun |
| 118 | | }}} |
| 119 | | |
| 120 | | = 3.2 ifconfig and brctl = |
| 121 | | |
| 122 | | Besides that you (optionally) need to setuid in the "ifconfig" and "brtcl" |
| 123 | | commands. Setuid is necessary on these commands because you need to call them on the script used to configure your network, but they both need to be run as root to do what we want. |
| 124 | | |
| 125 | | People concerned with this security (like me) would raise an eyebrow with this, |
| 126 | | since setuids always introduce some risk on the system. In my case I decided the risk was low, and decided to live with it. |
| 127 | | |
| 128 | | But if you don't want to use setuid below I will show a way to make the bridging work without needing to do setuids (but having to put root password every time you boot/shutdown a VM). |
| 129 | | |
| 130 | | So, to do the setuid run the following commands: |
| 131 | | |
| 132 | | {{{ |
| 133 | | chmod +s /sbin/ifconfig |
| 134 | | chmod +s /usr/sbin/brctl |
| 135 | | }}} |
| 136 | | |
| 137 | | = 4. The scripts = |
| 138 | | |
| 139 | | Now that everything is in place lets configure the scripts that will be called |
| 140 | | by !VirtualBox every time a VM is turned on/off. I call these scripts tapUP and |
| 141 | | tapDown, but you can name them whatever you want. The commands i use are the |
| 142 | | same as described in the !VirtualBox User Manual, with the exception that i don't use |
| 143 | | sudo (since i did a setuid in ifconfig and brctl). |
| 144 | | |
| 145 | | TapUP: |
| 146 | | {{{ |
| 147 | | #!/bin/sh |
| 148 | | /sbin/ifconfig $2 up |
| 149 | | /usr/sbin/brctl addif br0 $2 |
| 150 | | }}} |
| 151 | | |
| 152 | | !TapDown: |
| 153 | | {{{ |
| 154 | | #!/bin/sh |
| 155 | | /usr/sbin/brctl delif br0 $2 |
| 156 | | }}} |
| 157 | | |
| 158 | | If you decided to not do the setuid in step 3.2, you can use kdesu (for |
| 159 | | example), to ask root password when running these commands. The files would look something like this: |
| 160 | | |
| 161 | | TapUP: |
| 162 | | {{{ |
| 163 | | #!/bin/sh |
| 164 | | kdesu "/sbin/ifconfig $2 up && /usr/sbin/brctl addif br0 $2" |
| 165 | | }}} |
| 166 | | |
| 167 | | !TapDown: |
| 168 | | {{{ |
| 169 | | #!/bin/sh |
| 170 | | kdesu /usr/sbin/brctl delif br0 $2 |
| 171 | | }}} |
| 172 | | |
| 173 | | I put both command between commas and use the "&&" so that it asks for the |
| 174 | | password only once. |
| 175 | | |
| 176 | | = 5. Wrapping it up = |
| 177 | | |
| 178 | | Well, thats it! Quite easy huh? Now all you need to do is create and virtual machine, go on its "Network" options, change the "Attached to" to "Host Interface", give the Interface a name (each machine should use a different interface!), and point the "Startup Application" and "Terminate Application", to your TapUP and !TapDown files. |
| 179 | | |
| 180 | | I've tested it with a Windows guest, and everything worked like a charm. |
| 181 | | |
| 182 | | = 6. Thanks = |
| 183 | | |
| 184 | | = 7. Changelog = |
| | 5 | = Changelog = |
