Sun have updated xVM to v2.0, so I thought I’d have another crack at it – this time on my CentOS 5.2 box. I got dynamic bridging setup so that its more like VMWare – i.e. the physical eth0 is bridged to br0, and tap interface is created when you start a guest and removed when you stop the guest. You can access the LAN and internet. The setup is something like the following…..
- Create /etc/sysconfig/network-scripts/ifcfg-br0, this is the permanent bridge interface, and effectively replaces your physical eth0
DEVICE=br0 TYPE=Bridge ONBOOT=yes BOOTPROTO=static IPADDR=192.168.0.6 NETMASK=255.255.255.0 NETWORK=192.168.0.0 BROADCAST=192.168.0.255 GATEWAY=192.168.0.1
- Remove IP config for the physical interface /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 BOOTPROTO=static HWADDR=DE:AD:DE:AD:DE:AD ONBOOT=yes BRIDGE=br0
- As I can never get UDEV changes to work on CentOS 5.2, I added this to /etc/security/console.perms.d/50-default.perms so that anyone in the vboxusers group can write to /dev/net/tun. This is similar to my previous post about the scanner.
<tunnel>=/dev/net/tun <console> 0660 <tunnel> 0660 root.vboxusers
- Added my user to vboxusers group, this doesn’t appear to be neccessary, contrary to the user guide….
usermod -a -G vboxusers myusername
- Setup /etc/sudoers to not require a password for the startup/teardown scripts (below), also comment out the requirement for a TTY – this is the problem that stops you running sudo as part of the startup command for host networking as its running from a QT GUI, not a TTY.
#Defaults requiretty myusername ALL = NOPASSWD: /usr/local/vbox/setuptap.sh, /usr/local/vbox/cleanuptap.sh
- Create /usr/local/vbox/cleanuptap.sh, this is based on the script in the userguide.pdf – chmod a+x it to make it executable.
#!/bin/bash /usr/sbin/brctl delif br0 $2 /usr/bin/VBoxTunctl -d $2
- Create /usr/local/vbox/setuptap.sh
#!/bin/bash interface=`/usr/bin/VBoxTunctl -b -u myusername` if [ -z "$interface" ]; then exit 1 fi echo $interface /sbin/ifconfig $interface up /usr/sbin/brctl addif br0 $interface
/usr/sbin/sudo /usr/local/vbox/setuptap.sh as the startup, and cleanuptap.sh as the shutdown script in the network settings dialog (no interface name required).
- Enable IP forwarding in /etc/sysctl.conf
net.ipv4.ip_forward = 1
- Allow forwarding from the br0 interface in /etc/sysconfig/iptables
-A FORWARD -i br0 -j ACCEPT
I also checked for config files where I had bound to the eth0 interface – such as iptables, samba etc; and either set them to bind to br0 or to all interfaces (0.0.0.0:*)
I’m not particularly happy with the security implications of this method – you’ve got to lower permissions on the tunnel device, enable IP forwarding in the kernel, drop the firewall level, lower the security of sudo….. VMWare still does it much better; but this has better performance (I’m running Vista in 512Mb on an AthlonXP 2.4GHz) and is opensource and crossplatform, something that VMWare Server 2.0 most certainly isn’t.
Update: works for Fedora 9 and 10 too.
- To enable USB support create a ‘usb’ group (I guess you could use vboxusers created already) and add yourself to it:
groupadd -g 502 usb usermod -a -G usb myusername
And add the following to /etc/fstab:
none /sys/bus/usb/drivers usbfs devgid=502,devmode=664 0 0