[SGVLUG] VirtualBox networking question

Claude Felizardo cafelizardo at gmail.com
Thu Jun 7 01:14:30 PDT 2012 

Yes, I'm using VirtualBox and I'm trying to figure out how to configure a
guest such that it can not see the subnet that my host is on.

My host has a class B IP address.  Let use 129.1.2.3 for example.  Not sure
of the subnet mask, it might be something like 255.255.255.0.  not sure.

Let's also assume there is an internal web server with address 129.1.2.2 so
it's in the same subnet.  This webserver is configured to allow machines on
the same subnet complete access but if a machine outside tries to access,
it might be configured to block access or it might prompt the browser for a
web username/password.

Normally a guest VM will use NAT by default with DHCP so it will have get a
private IP of like 10.0.0.5 for example.  All connections from the VM will
go out using my 129.1.2.3 IP so as far as the webserver is concerned, it's
coming from my host machine so it will allow access.

Now I want to configure a guest VM so that it looks like it's coming from
another subnet and have the webserver reject the connection.  Again, I
don't have admin rights on the webserver, routers, nothing.  Only my own
desktop.

What I was able to do was create yet another guest VM but configure the
network adapter to use bridge mode.  I'm still using DHCP but I changed the
MAC address and when it first came up, a DHCP server somewhere gave it an
address of like 129.1.4.5.  The last two octets were not the same as my
host so it was on a different subnet and when i tried to access the
internal webservers, I got no response but I was still able to access
google.com and I'm pretty sure I tried other external websites.

However when i tried to reproduce the test, every time I try, the VM either
gets an IP on the same subnet (a local DHCP server perhaps?) or it can't
get a valid IP.  I've tried this with the VM running WinXP, Win7 and Ubuntu.

Now I don't know how the web servers on the same subnet are configured so I
don't know if they just drop packets from outside the subnet or if they are
suppose to return some kind of error.  So maybe the routing was broken and
maybe when I went to google, I was getting a cached result?

The last thing I tried was ubuntu and I was trying to change the default
gateway to be a node I saw when I ran traceroute that looked like it was a
border router but i ran out of time and had to leave.

Claude



On Wed, Jun 6, 2012 at 10:38 PM, Dan Buthusiem <dan.buthusiem at gmail.com>wrote:

> You're using virtualbox, right? Would you be able to draw me a picture? I
> thought you wanted the guest1 (server) and guest2 (client?) to be
> completely off in their own little world.
> On Jun 6, 2012 6:19 PM, "Claude Felizardo" <cafelizardo at gmail.com> wrote:
>
>> Hey guys, sorry it took a while to get back to this.  I had to move back
>> to my cubicle office after temporarily moving to another office with a real
>> window while they did some minor construction then I had a couple of other
>> things that took priority for a while...
>>
>> Anyway, I finally got a chance to look at this and got it working.  They
>> key as Matthew pointed out was to set the adapter type to "Bridged" instead
>> of the default "NAT".  I'm doing this at work so I can't just assign
>> "random" IPs nor can I muck with the firewall or routers.
>>
>> So I've got two virtual machines, both are configured for DHCP and use
>> the live ethernet device as my desktop.   The difference is the VM with
>> NAT, even though it has a 10.0.x.x address, it looks like it's coming from
>> my desktop so it can access machines on the local subnet as my desktop.
>>  The other VM with the bridged adapter has an IP from a DHCP server from
>> outside the subnet so it can NOT access things that are restricted to
>> project internal machines only which is exactly what I wanted.
>>
>> I did not have to make any funny cables, use any proxy servers or
>> external machines nor did I have to create a VM to act as some kind of
>> server.
>>
>>   Not sure if changing the MAC address made a difference.
>>
>> Actually, strike that.  I'm having a problem trying to reproduce this.
>>  Looks like it really depends on which DHCP server responds determine if I
>> can see the restricted servers or not.  Could be that the DHCP servers are
>> getting tired of my asking for a new IP over and over?  Or perhaps its the
>> winxp and win7 machines that are getting tired of being yanked around.  I'm
>> currently installing ubuntu, we'll see how that goes...
>>
>> Nope, I installed the latest ubuntu and it looks like the local DHCP
>> server gave me an IP on the same subnet.  Rats.
>>
>> Claude
>>
>>
>>
>> On Fri, May 25, 2012 at 9:04 AM, Matthew Campbell <dvdmatt at gmail.com>wrote:
>>
>>> Yes, it's fairly easy to set this up in VB.
>>>
>>> You can even set it up through DHCP if you are a masochist ;)
>>>
>>> Matt
>>>
>>> - Put the VB Vnetwork NIC in bridge mode
>>> - Assign it a unique MAC address
>>> - Configure DHCP to assign an outside IP address to that MAC (or hard
>>> code it, much easier)
>>> - Configure your router to route that 1 address to the big bad world in
>>> addition to its current nets.
>>> -easy peasy
>>> On May 24, 2012 8:13 PM, "nopbin at gmail.com" <nopbin at gmail.com> wrote:
>>>
>>>> With constraints as described, Virtualbox is not going to get you an ip
>>>> address outside your firewall.  Best bet is to use an aws node or something
>>>> like that if you don't have wired or wireless access to an external network.
>>>> On May 24, 2012 7:57 PM, "Claude Felizardo" <cafelizardo at gmail.com>
>>>> wrote:
>>>>
>>>>> I believe there are a couple of people on this mailing list who are
>>>>> using VirtualBox or equiv...
>>>>>
>>>>> Has anyone setup a VirtualBox guest machine so it can access the
>>>>> internet but can not access the host's local network?  Basically create a
>>>>> network sandbox.
>>>>>
>>>>> For example, let's say I want to verify that an internal web server
>>>>> can NOT be accessed from the internet yet I want to be able to access it
>>>>> from my desktop and I don't have access to a machine outside my network to
>>>>> test from.  So using VirtualBox, I created a virtual machine running
>>>>> Ubuntu.  When I bring up a browser, I'm able to access a web server as if I
>>>>> was connecting directly from my desktop.  I want to configure this virtual
>>>>> machine so it has an IP address outside my local network.
>>>>>
>>>>> Any suggestions?  Tried googling but either it can't do it or I'm just
>>>>> not using the right keywords.
>>>>>
>>>>> Claude
>>>>>
>>>>>
>>>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20120607/01eeb6e7/attachment.html

More information about the SGVLUG mailing list