virtual machine networking settings

sneakyimp · 11-28-2016, 06:41 PM

I'm using VirtualBox and am confused by the documentation on networking settings for the VMs. Can anyone help me get clear on the networking options for this virtual machines?

6.3 Network Address Translation (NAT)
Virtual machines can connect to the internet but not to each other. Virtual machine and host (i.e., my workstation) are on entirely different networks (i.e., 192.168.1.x for my workstation versus 10.0.x.x for virtual machines) so host cannot "see" virtual machines via network -- no SSH, no HTTP, etc., between host and virtual machines. Does this mean that the host and its guest VMs cannot see each other at all? If they can see each other, how might one ssh into a vm from host? Of point a browser to the VM from host?

6.4 6.4. Network Address Translation Service
Not clear to me how this relates to 6.3, but apparently you can group VMs into named networks so they can interact with each other? Can host contact VMs for ssh, http, etc?

6.5. Bridged networking
Device drive on host is somehow used to route both VM (guest) and host traffic. VMs can communicate with 'outside world.' VMs appear as connected on the network? Host can talk to VMs? How are IP addresses allocated and determined?

6.6. Internal networking
Similar to 6.5, but VMs can only communicate with each other? Traffic is not routed via the host machine's NIC and so it cannot be snooped by Wireshark et. al.

6.7. Host-only networking
Very similar to 6.6 except that a quasi-local-loopback network interface is created which can be snooped by wireshark.

The help file descriptions in the user manual don't make a lot of sense to me.

frankbell · 11-28-2016, 07:42 PM

I can address the types of VirtualBox networking that I've used. Briefly:

Host-only means that the VMs on a particular host can see each other, but are isolated from your LAN and from the Big Wide World. The network exists only within the host machine. I've never used "Internal," but it appears to differ from host only slightly.

Bridged means the VM has a "bridge" to your LAN through the host's NIC card. It behaves exactly as any other computer in your network and gets its DHCP ip address from your router just as an other computer connecting to your LAN via your router.

I know what NAT does, but I don't really know how it works. Wikipedia has a good article about NAT: https://en.wikipedia.org/wiki/Networ...ss_translation

For VMs that I intend to use as part of my own network and to explore in depth, as I've recently been doing with the BSDs, I normally used bridged. If I'm just checking something out (distro-hopping a new distro, for example), I usually use NAT.

jefro · 11-28-2016, 07:43 PM

Sure, I'll try to explain it untechnically.

NAT is like at home when you have a router with a Wan IP and inside you have a computer with a local ip. The Network Address Translation happens in the router. Virtual machines have a virtual router running in the software to do this. Clients will get a IP based on the virtual routers dhcp offering.

Bridged is a sneaky way to use the host's IP basically.

Internal keeps all VM's on same lan segment. Like they all have a hub/switch between them with no way to exit to host or beyond.

Last is like a loop back in a way.

Most people use NAT or Bridged in a home setup.

sneakyimp · 11-28-2016, 09:41 PM

EDIT: Thanks very much for your responses!

I've got two VMs running at the same time, both in NAT mode. One is Ubuntu server, the other Ubuntu desktop.

After some fiddling around, I created a PHP script on my workstation which has an address of 192.168.1.3 on my LAN. Here's the script:

PHP Code:



$tmp_file = "/tmp/jaith-tmp-store";
file_put_contents($tmp_file, base64_decode($_POST["data"]));
file_put_contents($tmp_file, "\nIP ADDRESS: " . $_SERVER["REMOTE_ADDR"] . "\n", FILE_APPEND);

I got the ifconfig info off both VMs and POSTed it base64_encoded to this PHP script and I get this output from the Ubuntu-server:

Code:

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:7e:c7:97  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe7e:c797/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:11474 (11.4 KB)  TX bytes:6851 (6.8 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:170 errors:0 dropped:0 overruns:0 frame:0
          TX packets:170 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:12680 (12.6 KB)  TX bytes:12680 (12.6 KB)


IP ADDRESS: 192.168.1.3

Here's the result from Ubuntu-desktop

Code:

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:ae:f1:76  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::9baa:3617:f8b9:8a8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:121452 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8264 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:167869231 (167.8 MB)  TX bytes:513259 (513.2 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:213 errors:0 dropped:0 overruns:0 frame:0
          TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:16695 (16.6 KB)  TX bytes:16695 (16.6 KB)


IP ADDRESS: 192.168.1.3

Note that both VMs, although running simultaneously, both claim the exact same IP address. The requests they formulate to my workstation's apache server also appear to originate from my workstation's LAN IP (192.168.1.3).

Synopsis:
* in NAT mode, VMs may access the host (at least via http) at its LAN IP address
* The VMs seem to exist each on their own isolated subnet without any visibility to each other at all. I cannot prove this.
* VMs always seem to grab the exact same IP (10.0.2.15) even if you shut them down and start them up repeatedly.
* separate VMs do appear to generate different hardware addresses (see HWaddr above) and different IPV6 addresses. These addresses also persist if you reboot the VM.

Questions:
* Can VMs access the host on their own subnet. E.g., 10.0.2.X?
* Might there by some technique or command that can be used to scan for other machines on a subnet?

Jjanel · 11-29-2016, 12:32 AM

I'm learning (?struggling?) this too, so I'll follow along!
I add Network adapter #2 as bridged (enp0s8 or eth1), and it *sometimes* gets a dhcp address on the same subnet as my XP host, allowing XP ping/putty to reach the guest (many different distros!)
(fyi, my 'ISP' is basically a public wifi, tho may be similar to home wifi, like 192.168.#.*)
Or, I give it a random ...# (IF I can figure out how, for the particular distro!) and hope ISP doesn't mind

IF I use just 1, and change it to Bridged, the guest *usually* can't 'talk', which I just now realized might be the same issue of the DHCP *server* [ISP] not giving it an IP! (I don't know why the ISP is 'intermittent'!) p.s. I'm web-researching a new occurance: "10.0.3.15" virtualbox "192.168.56.1" host

Yes, key info is the ip a;ip r or ifconfig;netstat -rn
Thanks to all the generous LQ'ers for their help!

sneakyimp · 11-29-2016, 12:16 PM

Quote:

Originally Posted by Jjanel

I'm learning (?struggling?) this too, so I'll follow along!

Let us struggle together. Good technical documentation is so rare these days. I hope to make a feature chart for the various networking options for VirtualBox VM's:
* guest can connect to the WWW (aka "the Internet" etc. I.e., I will check if one can access google.com or microsoft.com or youporn.com or something)
* guest can connect to host
* host can connect to guest
* guest can connect to other guest
* etc.

Quote:

Originally Posted by Jjanel

I add Network adapter #2 as bridged (enp0s8 or eth1), and it *sometimes* gets a dhcp address on the same subnet as my XP host, allowing XP ping/putty to reach the guest (many different distros!)

Why add a second network adapter? That seems likely to complicate matter unnecessarily. Keep in mind that each network adapter can acquire a separate IP address -- i.e., a single computer with multiple network cards can connect to multiple networks (getting a different IP on each) and can also connect with multiple IPs to a single network. Also, XP??? That's super duper old. They ended support for it in April 2014 (two and a half years ago).

Quote:

Originally Posted by Jjanel

(fyi, my 'ISP' is basically a public wifi, tho may be similar to home wifi, like 192.168.#.*)
Or, I give it a random ...# (IF I can figure out how, for the particular distro!) and hope ISP doesn't mind

In the interest of clarity, let's refer to the internet company providing service (e.g., Time Warner Cable or Comcast) as your ISP and to the wifi network as your wifi network. If you are connecting at Starbucks or something then we can refer to the network as "Company X wifi" or something?

I'm a bit confused by your post but will try to keep up. I would not recommend adding a second network adapter to any of your virtual machines unless you have some advanced networking need.

Quote:

Originally Posted by Jjanel

IF I use just 1, and change it to Bridged, the guest *usually* can't 'talk', which I just now realized might be the same issue of the DHCP *server* [ISP] not giving it an IP!

here's the docs on bridged mode. I've not experimented with this mode yet so I can't really be very helpful. According to frankbell:

Quote:

Originally Posted by frankbell

Bridged means the VM has a "bridge" to your LAN through the host's NIC card. It behaves exactly as any other computer in your network and gets its DHCP ip address from your router just as an other computer connecting to your LAN via your router.

If your LAN's DHCP is not granting these VMs an IP, I wonder if your VMs are identifying themselves with a distinct MAC address? If not, your LAN may not recognize them as distinct machines or something.

Quote:

Originally Posted by Jjanel

(I don't know why the ISP is 'intermittent'!) p.s. I'm web-researching a new occurance: "10.0.3.15" virtualbox "192.168.56.1" host

If you don't have control over the LAN and how DHCP is configured, this could be tricky to figure out. The appearance of a 3 in there is mentioned in the docs in section on NAT (section 6.3). It describes an "internal DHCP server" in VirtualBox itself that takes over IP address delegation when you set up a networking mode that calls for it:

Quote:

The virtual machine receives its network address and configuration on the private network from a DHCP server integrated into VirtualBox. The IP address thus assigned to the virtual machine is usually on a completely different network than the host. As more than one card of a virtual machine can be set up to use NAT, the first card is connected to the private network 10.0.2.0, the second card to the network 10.0.3.0 and so on. If you need to change the guest-assigned IP range for some reason, please refer to Section 9.11, “Fine-tuning the VirtualBox NAT engine”.

sneakyimp · 11-29-2016, 01:45 PM

I've been unable to test "NAT Network" setting for some reason. I can select it in the VirtualBox GUI under Network settings for the VM, but the interface does not let me specify a network name and the dialog says "Invalid Settings Detected".

sneakyimp · 11-29-2016, 02:37 PM

I had some trouble getting my Ubuntu Desktop VM to connect to the network. The VirtualBox GUI has an option Devices->Network->Connect Network Adapter which seemed to do the trick. I managed to get two instances of Ubuntu, one server and one desktop, running in bridge mode at the same time. They both acquired IP addresses on my LAN (one at 192.168.1.239, the other at 192.168.1.240) and were able to access the WWW, the host machine, and each other -- all via LAN IP.

I cannot get my VMs to acquire any IP address in Internal mode. I've tried the Connect Network Adapter menu in the Virtualbox GUI but no dice. On the desktop VM, I open the Network control panel and try to connect. It says "Connecting" for about a minute and then says I'm disconnected.

sneakyimp · 11-29-2016, 02:47 PM

I'm also unable to apply "Host-only" setting to either VM. Same problem as with "NAT Network" posted above: The dialog in the VirtualBox won't let me specify valid settings. In particular, I cannot specify a value for Name and the dialog says "invalid settings detected."

jefro · 11-29-2016, 03:12 PM

Click on the invalid setting icon. I think it will tell you what is wrong exactly.

Notes.
Some distro's would be more easy to configure network settings if you create the VM and then install. If you later change the network settings, the client doesn't usually correct the way you may think. It is like installing a new nic card in a manner of speaking.

sneakyimp · 11-29-2016, 04:40 PM

Quote:

Originally Posted by jefro

Click on the invalid setting icon. I think it will tell you what is wrong exactly.

"No NAT Network name is currently specified."
I cannot specify this because the name selector contains no current options nor any way to specify a new one.

or

"No host-only network adapter is currently selected."
once again, dialog has an empty selector and contains no means of creating new ones.

Quote:

Originally Posted by jefro

Some distro's would be more easy to configure network settings if you create the VM and then install. If you later change the network settings, the client doesn't usually correct the way you may think. It is like installing a new nic card in a manner of speaking.

Good point. Will look into that when I get a chance.

sneakyimp · 11-29-2016, 05:28 PM

Based on my efforts so far, I made this quick-reference chart which will hopefully be useful to others:

Code:

                                    | guests | guests     | guests  | host   |
                                    | access | access     | access  | access | COMMENTS
                                    | www    | each other | host IP | guest  |
----------------------------------------------------------------------------------
Network Address Translation (NAT)   |   X    |            |    X    |        | each VM apparently on isolated subnet
Network Address Translation Service |        |            |         |        | couldn't apply this setting in VirtualBox GUI
Bridged networking                  |   X    |     X      |    X    |   X    | VMs can each obtain IP from your LAN's DHCP service and are accessible to other machines on LAN
Internal networking                 |        |            |         |        | applied this setting in VirtualBox but VMs never acquired an IP address
Host-only networking                |        |            |         |        | couldn't apply this setting in VirtualBox GUI

c0wb0y · 11-29-2016, 07:30 PM

Quote:

Synopsis:
* in NAT mode, VMs may access the host (at least via http) at its LAN IP address

This is expected as the VMs traffic are passing through the host.

Quote:

* The VMs seem to exist each on their own isolated subnet without any visibility to each other at all. I cannot prove this.

That is normal behavior as well. Any VMs configured for NAT will all use 10.0.2.15 in their own, distinct, separate Layer 2 space. So all the VMs are completely unaware of other VMs.

Quote:

* VMs always seem to grab the exact same IP (10.0.2.15) even if you shut them down and start them up repeatedly.

That's how the vbox engine was programmed. I see no issue with that.

Quote:

* separate VMs do appear to generate different hardware addresses (see HWaddr above) and different IPV6 addresses. These addresses also persist if you reboot the VM.

This is indeed good news. We don't want machines to have duplicate MACs. IPv6 local-links are partially-generated from interface's MAC address.

Quote:

Questions:
* Can VMs access the host on their own subnet. E.g., 10.0.2.X?
* Might there by some technique or command that can be used to scan for other machines on a subnet?

Certainly. You have several options:
- allocate 2 NICs for your VM. 1st one is for NAT. This will act as your gateway to the Internet. Or you can use bridge-networking and let your router provides IP via DHCP.

2nd NIC is set as host-only. This will connect to your host via vboxnet0. It's up to you how you provision an IP though. You can use vbox DHCP, or you can manually configure the IP.

Optionally, a 3rd NIC assigned to Internal-networking. This is the one your looking for if you want VM-to-VM communication. Remember to set all VMs to Internal-networking AND using the same "virtual switch". You can scan other VMs, you can setup httpd, ssh whatever.