Connecting physical host to virtual bridge?!?

OklahomaDave · 03-03-2015, 08:31 PM

Hi, all.

I have what may be an unusual setup I'm trying to finish off, and I"m a bit stuck. I'm close, but need a push.

Intent: Create a machine with two NICS (one to an internal net, one to the world) hosting a *virtual* firewall, and configure the networking such that the host is protected by the firewall, and gains Internet access only through the firewall, not directly through the NICS.

Where I am:
I have a Ubuntu 14.04 host box with two physical NICS running a VirtualBox Smoothwall firewall. I've created two virtual bridges on the host, one for each NIC. In the VM, I've installed the Smoothwall firewall and connected the "outside" link to one of the virtual bridges via its tap, and it's working perfectly. I've attached the other "private" network virtual NIC to the other bridge. So far, so good.

The problem:
As noted, I want the Ubuntu host to gain its connectivity to the outside world through the VM firewall via the "private" bridge, not by direct-connecting to the ethernet interface that is slaved to that bridge. In effect, I need to connect a physical host to a virtual bridge tap. Is that even possible? Or have I created for myself a mousetrap from which I cannot escape...

jefro · 03-03-2015, 09:56 PM

Not sure I understand this.

A normal user would install a virtual machine. The client OS in that vm can be used as a firewall or router. That client needs to be connected to one of the nics in no uncertain terms to work. It can be bridged or natted. Now to protect the host you don't use then nic. You use the virtual machine's address and port.

OklahomaDave · 03-04-2015, 09:48 AM

I have resolved this issue. It was borne of a misinterpreted situation between my host and the virtual bridge I had created, combined with a misconfigured server. I now have my host talking to the vBridge as I intended.

Thank you for taking the time to answer.

jefro · 03-04-2015, 05:56 PM

Thanks for the update and solution. I didn't quite fully get the question it seems. Not the first time.

OklahomaDave · 03-04-2015, 07:58 PM

Quote:

Originally Posted by jefro

Thanks for the update and solution. I didn't quite fully get the question it seems. Not the first time.

Well, the question wasn't ideally phrased. I had misconfigured a DHCP server such that it wouldn't hand out addresses on my private net, and I took that to mean my host wasn't talking to the vBridge. When I ran tcpdump on the server and saw it was getting the DHCP requests, I realized something was afoot. Alas.