On Tue, Oct 19, 2010 at 4:01 PM, Bryce Stenberg <[email protected]> wrote: > A bit of background for why I need this - our imaged backups (windows) can be >restored directly into VirtualBox. I'm trying to simulate our real network and >machines to run some tests and trials without having to change all the >existing firewall rules on the Windows ISA 2004 server that is loaded up as a >guest also (== I don't want to go changing ip addresses).
Ah, OK, I do this a lot -- I have virtual instances of 'real' machines, that need to have 'real' IP addresses on them. But I do this in Linux, not Windows, so not all the techniques I use will be so easy. But the general technique should work. Here's the set of machines: * my workstation, which is the host running VirtualBox * a VirtualBox guest, a copy of a real machine with a real IP address * a VirtualBox guest acting as a router to the virtual guests that have real IP addresses * a VirtualBox "Internal Network" that can talk *only* to other virtualMachines (therefore I can use "real" IP addresses on it without affecting my workstation) From my workstation, I need to be able to talk to the real original machines using their real IP addresses. This means that I cannot talk directly to the VB guests that have real So each guest machine gets one "Internal Network" adapter, talking to a network I call "VInternet" (Virtual Internet). My host workstation cannot talk to that network at all (so I also add a host-only adapter for convenience, because I don't like using the VBox console). I have another VBox machine that acts as a router for VInternet. It has one interface on NAT (so it can talk to the real Internet for things like DNS), one interface on host-only (so I can log in to it), and one interface on the "Internal Network" VInternet (eth2). All the routing magic happens on this machine, not on my workstation/host. On the VInternet router machine, eth2 is in a private network range (10.43.43.1/24), *and* I add specific host routes to talk to the "real" IP addresses I have on the other end of the VInternet network. The upshot of this is that the VInternet machine can talk to every real machine on the Internet *except* those I've said are duplicated in VInternet. # route add --host IP.add.re.ss eth2 This machine is an Ubuntu server, so instead of talking iptables by hand I have ufw running. /etc/ufw/sysctl.conf holds the "net/ipv4/ip_forward=1" line that usually lines in /etc/sysctl.conf, to enable routing. You have to think carefully about how you are going to manage these routes; if all your virtual guests are in the same network range, you could just route the whole network into the "Internal Network" adapter rather than the individual hosts like I do. The default route for this router machine is the NAT interface. In the virtual machines on the far end of VInt (the copies of real machines) I add a host route to the VInternet router's 10.43.43.1 address, and make that the default gateway. # Add route to talk to the VInternet access machine route add -host 10.255.255.1 eth0 # Add default route via VInternet access machine route add -net default gateway 10.255.255.1 -jim _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
