Sun have updated xVM to v2.0, so I thought I’d have another crack at it – this time on my CentOS 5.2 box. I got dynamic bridging setup so that its more like VMWare – i.e. the physical eth0 is bridged to br0, and tap interface is created when you start a guest and removed when you stop the guest. You can access the LAN and internet. The setup is something like the following…..

  1. Create /etc/sysconfig/network-scripts/ifcfg-br0, this is the permanent bridge interface, and effectively replaces your physical eth0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.6
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
GATEWAY=192.168.0.1
  1. Remove IP config for the physical interface /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=DE:AD:DE:AD:DE:AD
ONBOOT=yes
BRIDGE=br0 
  1. As I can never get UDEV changes to work on CentOS 5.2, I added this to /etc/security/console.perms.d/50-default.perms so that anyone in the vboxusers group can write to /dev/net/tun. This is similar to my previous post about the scanner.
<tunnel>=/dev/net/tun
<console> 0660
<tunnel> 0660 root.vboxusers 
  1. Added my user to vboxusers group, this doesn’t appear to be neccessary, contrary to the user guide….
usermod -a -G vboxusers myusername
  1. Setup /etc/sudoers to not require a password for the startup/teardown scripts (below), also comment out the requirement for a TTY – this is the problem that stops you running sudo as part of the startup command for host networking as its running from a QT GUI, not a TTY.
#Defaults     requiretty
myusername   ALL = NOPASSWD: /usr/local/vbox/setuptap.sh, /usr/local/vbox/cleanuptap.sh 
  1. Create /usr/local/vbox/cleanuptap.sh, this is based on the script in the userguide.pdf – chmod a+x it to make it executable.
#!/bin/bash
/usr/sbin/brctl delif br0 $2
/usr/bin/VBoxTunctl -d $2 
  1. Create /usr/local/vbox/setuptap.sh
#!/bin/bash
interface=`/usr/bin/VBoxTunctl -b -u myusername`
if [ -z "$interface" ]; then
    exit 1
fi
echo $interface
/sbin/ifconfig $interface up
/usr/sbin/brctl addif br0 $interface 

Then call /usr/sbin/sudo /usr/local/vbox/setuptap.sh as the startup, and cleanuptap.sh as the shutdown script in the network settings dialog (no interface name required).

  1. Enable IP forwarding in /etc/sysctl.conf
net.ipv4.ip_forward = 1
  1. Allow forwarding from the br0 interface in /etc/sysconfig/iptables
-A FORWARD -i br0 -j ACCEPT

I also checked for config files where I had bound to the eth0 interface – such as iptables, samba etc; and either set them to bind to br0 or to all interfaces (0.0.0.0:*)

I’m not particularly happy with the security implications of this method – you’ve got to lower permissions on the tunnel device, enable IP forwarding in the kernel, drop the firewall level, lower the security of sudo….. VMWare still does it much better; but this has better performance (I’m running Vista in 512Mb on an AthlonXP 2.4GHz) and is opensource and crossplatform, something that VMWare Server 2.0 most certainly isn’t.

Update: works for Fedora 9 and 10 too.

  1. To enable USB support create a ‘usb’ group (I guess you could use vboxusers created already) and add yourself to it:
groupadd -g 502 usb
usermod -a -G usb myusername

And add the following to /etc/fstab:

none /sys/bus/usb/drivers usbfs devgid=502,devmode=664 0 0