Set up true NAT networking on Virtualbox

May 8th, 2008 at 09:00pm dark

For a couple of years I used Vmware as virtualization solution, because the alternatives weren’t at its level. I used to run Vmware to emulate a WinXP-Pro guest, with IIS, to write an ASP project for a course. Thanks god, the teacher changed his mind and let some of us code in PHP as well. Anyway, recently Vmware went crazy. Whenever I open it, it just disables my Shift and Control keys: only restarting X solves to problem.

So I switched to VirtualBox.

Good news:

  • It’s released under the GPL. And this is a very good thing.
  • It does not mess up with my keyboard. Yay!

Bad news:

  • I have to use the binary image of the program, because the GPL’d version has no USB support (and I need it for another course).
  • Requires the QT libraries to run. Yuck! As I am a Gnome user, I try to avoid QTs as much as possible. Well, nevermind, I’ve packaged them some time ago (when I used the GUI of wpa_supplicant, but this is another story), so I do not have to compile them.
  • There isn’t a true NAT system, as in Vmware.

The last issue drove me crazy. To set up networking in Virtualbox you have three choices (well, actually four, but I do not consider “cable unplugged” a choice :) )

  • You can use a “fake” NAT, but it makes very painful the access to guest resources. You have to manually map your resources onto local ports: this is secure (well… not very secure, actually, as the socket binds to the INADDR_ANY address, and not on the loopback device), but not as friendly as the Vmware solution (that is, NAT the guests and give to the host OS a virtual network interface on the guests LAN).
  • You can use a network bridge. But this is bad, as it exposes your guests to your LAN. The problem could be solved using iptables, but, in my case, it wouldn’t help very much, as I cannot have more than one MAC address per computer (dormitory restrictions).
  • You can configure a local network between guests with no host connectivity. Not really a solution.

I looked for informations on the Net. No solution. So I decided to write a shell script on my own.

http://dark.asengard.net/mirror/gentoo/vboxnat.sh
(it’s so small that I release it in the public domain ;) )

Why not? :P It combines my Bash and networking skills, and I like writing little tools, so… :)

It’s written with the Gentoo subsystem in mind, but it can be ported to other distros with little pain. It’s very easy to set up: edit the beginning of the script, substituting dark with your username and eth1 with the name of the physical interface that you use to connect to the world. Basically, it does the following:

  • Loads/unloads the Virtualbox kernel module
  • Starts/stops the Virtualbox network interface
  • Associates the Virtualbox network interface with the user that runs the Virtualbox guest
  • Enables/disables IP packets forwarding in the whole system
  • Starts/stops the iptables userspace daemon
  • Adds a iptable rule to allow NAT

And that’s it :)

UPDATE: I’ve edited and uploaded again the script to resolve the issue at comment #1. If /sbin/functions.sh is missing, wrappers functions are defined to handle the console output.

Entry Filed under: IT, Software

3 Comments Add your own

  • 1. John  |  June 7th, 2008 at 00:09:58

    When I run the script
    sh vboxnat.sh
    I get an error mesage
    vboxnat.sh: line 6: /sbin/functions.sh: No such file or directory
    Is functions.sh unique to Gentoo?

  • 2. dark  |  June 7th, 2008 at 11:50:37

    Yes, functions.sh is a general purpose library used to “beautify” the console output of the script. You can safely delete that line, provided that you remove any reference to the functions ebegin/eend (that are the functions included in the library).
    Thanks for the notification, I’ll edit the script to handle the situation ASAP.

  • 3. John  |  June 16th, 2008 at 21:33:02

    I’m using a Slackware based distro and it doesn’t appear that my VBox install is compatible with this script. Besides the differences in the way init is handled, I don’t have any interfaces named VBox. Guess I need to try the Bridge method and see if I can learn enough to come back and try this again.
    Thanks.

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Calendar

May 2008
M T W T F S S
« Apr   Jun »
 1234
567891011
12131415161718
19202122232425
262728293031  

Most Recent Posts

What's played in the cave