1 | <?xml version="1.0" encoding="UTF-8"?>
|
---|
2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
|
---|
4 | <chapter id="networkingdetails">
|
---|
5 | <title>Virtual networking</title>
|
---|
6 |
|
---|
7 | <para>As briefly mentioned in <xref linkend="settings-network" />,
|
---|
8 | VirtualBox provides up to eight virtual PCI Ethernet cards for each virtual
|
---|
9 | machine. For each such card, you can individually select<orderedlist>
|
---|
10 | <listitem>
|
---|
11 | <para>the hardware that will be virtualized as well as</para>
|
---|
12 | </listitem>
|
---|
13 |
|
---|
14 | <listitem>
|
---|
15 | <para>the virtualization mode that the virtual card will be operating
|
---|
16 | in with respect to your physical networking hardware on the
|
---|
17 | host.</para>
|
---|
18 | </listitem>
|
---|
19 | </orderedlist></para>
|
---|
20 |
|
---|
21 | <para>Four of the network cards can be configured in the "Network" section
|
---|
22 | of the settings dialog in the graphical user interface of VirtualBox. You
|
---|
23 | can configure all eight network cards on the command line via VBoxManage
|
---|
24 | modifyvm; see <xref linkend="vboxmanage-modifyvm" />.</para>
|
---|
25 |
|
---|
26 | <para>This chapter explains the various networking settings in more
|
---|
27 | detail.</para>
|
---|
28 |
|
---|
29 | <sect1 id="nichardware">
|
---|
30 | <title>Virtual networking hardware</title>
|
---|
31 |
|
---|
32 | <para>For each card, you can individually select what kind of
|
---|
33 | <emphasis>hardware</emphasis> will be presented to the virtual machine.
|
---|
34 | VirtualBox can virtualize the following six types of networking
|
---|
35 | hardware:<itemizedlist>
|
---|
36 | <listitem>
|
---|
37 | <para>AMD PCNet PCI II (Am79C970A);</para>
|
---|
38 | </listitem>
|
---|
39 |
|
---|
40 | <listitem>
|
---|
41 | <para>AMD PCNet FAST III (Am79C973, the default);</para>
|
---|
42 | </listitem>
|
---|
43 |
|
---|
44 | <listitem>
|
---|
45 | <para>Intel PRO/1000 MT Desktop (82540OEM);</para>
|
---|
46 | </listitem>
|
---|
47 |
|
---|
48 | <listitem>
|
---|
49 | <para>Intel PRO/1000 T Server (82543GC);</para>
|
---|
50 | </listitem>
|
---|
51 |
|
---|
52 | <listitem>
|
---|
53 | <para>Intel PRO/1000 MT Server (82545EM);</para>
|
---|
54 | </listitem>
|
---|
55 |
|
---|
56 | <listitem>
|
---|
57 | <para>Paravirtualized network adapter (virtio-net).</para>
|
---|
58 | </listitem>
|
---|
59 | </itemizedlist></para>
|
---|
60 |
|
---|
61 | <para>The PCNet FAST III is the default because it is supported by nearly
|
---|
62 | all operating systems out of the box, as well as the GNU GRUB boot
|
---|
63 | manager. As an exception, the Intel PRO/1000 family adapters are chosen
|
---|
64 | for some guest operating system types that no longer ship with drivers for
|
---|
65 | the PCNet card, such as Windows Vista; see <xref
|
---|
66 | linkend="vista_networking" /> for details.<footnote>
|
---|
67 | <para>Support for the Intel PRO/1000 MT Desktop type was added with
|
---|
68 | VirtualBox 1.6. The T Server variant of the Intel PRO/1000 card was
|
---|
69 | added with VirtualBox 1.6.2 because this one is recognized by Windows
|
---|
70 | XP guests without additional driver installation. The MT Server
|
---|
71 | variant was added with VirtualBox 2.2 to facilitate OVF imports from
|
---|
72 | other platforms.</para>
|
---|
73 | </footnote></para>
|
---|
74 |
|
---|
75 | <para>The <emphasis role="bold">"Paravirtualized network adapter
|
---|
76 | (virtio-net)"</emphasis> is special. If you select this, then VirtualBox
|
---|
77 | does <emphasis>not</emphasis> virtualize common networking hardware (that
|
---|
78 | is supported by common guest operating systems out of the box). Instead,
|
---|
79 | VirtualBox then expects a special software interface for virtualized
|
---|
80 | environments to be provided by the guest, thus avoiding the complexity of
|
---|
81 | emulating networking hardware and improving network performance. Starting
|
---|
82 | with version 3.1, VirtualBox provides support for the industry-standard
|
---|
83 | "virtio" networking drivers, which are part of the open-source KVM
|
---|
84 | project.</para>
|
---|
85 |
|
---|
86 | <para>The "virtio" networking drivers are available for the following
|
---|
87 | guest operating systems:</para>
|
---|
88 |
|
---|
89 | <para><itemizedlist>
|
---|
90 | <listitem>
|
---|
91 | <para>Linux kernels version 2.6.25 or later can be configured to
|
---|
92 | provide virtio support; some distributions also back-ported virtio
|
---|
93 | to older kernels.</para>
|
---|
94 | </listitem>
|
---|
95 |
|
---|
96 | <listitem>
|
---|
97 | <para>For Windows 2000, XP and Vista, virtio drivers can be
|
---|
98 | downloaded and installed from the KVM project web page.<footnote>
|
---|
99 | <para><ulink
|
---|
100 | url="http://www.linux-kvm.org/page/WindowsGuestDrivers">http://www.linux-kvm.org/page/WindowsGuestDrivers</ulink>.</para>
|
---|
101 | </footnote></para>
|
---|
102 | </listitem>
|
---|
103 | </itemizedlist></para>
|
---|
104 |
|
---|
105 | <para>VirtualBox also has limited support for so-called <emphasis
|
---|
106 | role="bold">jumbo frames</emphasis>, i.e. networking packets with more
|
---|
107 | than 1500 bytes of data, provided that you use the Intel card
|
---|
108 | virtualization and bridged networking. In other words, jumbo frames are
|
---|
109 | not supported with the AMD networking devices; in those cases, jumbo
|
---|
110 | packets will silently be dropped for both the transmit and the receive
|
---|
111 | direction. Guest operating systems trying to use this feature will observe
|
---|
112 | this as a packet loss, which may lead to unexpected application behavior
|
---|
113 | in the guest. This does not cause problems with guest operating systems in
|
---|
114 | their default configuration, as jumbo frames need to be explicitly
|
---|
115 | enabled.</para>
|
---|
116 | </sect1>
|
---|
117 |
|
---|
118 | <sect1 id="networkingmodes">
|
---|
119 | <title>Introduction to networking modes</title>
|
---|
120 |
|
---|
121 | <para>Each of the eight networking adapters can be separately configured
|
---|
122 | to operate in one of the following five modes:<glosslist>
|
---|
123 | <glossentry>
|
---|
124 | <glossterm>Not attached</glossterm>
|
---|
125 |
|
---|
126 | <glossdef>
|
---|
127 | <para>In this mode, VirtualBox reports to the guest that a network
|
---|
128 | card is present, but that there is no connection -- as if no
|
---|
129 | Ethernet cable was plugged into the card. This way it is possible
|
---|
130 | to "pull" the virtual Ethernet cable and disrupt the connection,
|
---|
131 | which can be useful to inform a guest operating system that no
|
---|
132 | network connection is available and enforce a
|
---|
133 | reconfiguration.</para>
|
---|
134 | </glossdef>
|
---|
135 | </glossentry>
|
---|
136 |
|
---|
137 | <glossentry>
|
---|
138 | <glossterm>Network Address Translation (NAT)</glossterm>
|
---|
139 |
|
---|
140 | <glossdef>
|
---|
141 | <para>If all you want is to browse the Web, download files and
|
---|
142 | view e-mail inside the guest, then this default mode should be
|
---|
143 | sufficient for you, and you can safely skip the rest of this
|
---|
144 | section. Please note that there are certain limitations when using
|
---|
145 | Windows file sharing (see <xref linkend="nat-limitations" /> for
|
---|
146 | details).</para>
|
---|
147 | </glossdef>
|
---|
148 | </glossentry>
|
---|
149 |
|
---|
150 | <glossentry>
|
---|
151 | <glossterm>Bridged networking</glossterm>
|
---|
152 |
|
---|
153 | <glossdef>
|
---|
154 | <para>This is for more advanced networking needs such as network
|
---|
155 | simulations and running servers in a guest. When enabled,
|
---|
156 | VirtualBox connects to one of your installed network cards and
|
---|
157 | exchanges network packets directly, circumventing your host
|
---|
158 | operating system's network stack.</para>
|
---|
159 | </glossdef>
|
---|
160 | </glossentry>
|
---|
161 |
|
---|
162 | <glossentry>
|
---|
163 | <glossterm>Internal networking</glossterm>
|
---|
164 |
|
---|
165 | <glossdef>
|
---|
166 | <para>This can be used to create a different kind of
|
---|
167 | software-based network which is visible to selected virtual
|
---|
168 | machines, but not to applications running on the host or to the
|
---|
169 | outside world.</para>
|
---|
170 | </glossdef>
|
---|
171 | </glossentry>
|
---|
172 |
|
---|
173 | <glossentry>
|
---|
174 | <glossterm>Host-only networking</glossterm>
|
---|
175 |
|
---|
176 | <glossdef>
|
---|
177 | <para>This can be used to create a network containing the host and
|
---|
178 | a set of virtual machines, without the need for the host's
|
---|
179 | physical network interface. Instead, a virtual network interface
|
---|
180 | (similar to a loopback interface) is created on the host,
|
---|
181 | providing connectivity among virtual machines and the host.</para>
|
---|
182 | </glossdef>
|
---|
183 | </glossentry>
|
---|
184 |
|
---|
185 | <glossentry>
|
---|
186 | <glossterm>VDE (Virtual Distributed Ethernet) networking</glossterm>
|
---|
187 |
|
---|
188 | <glossdef>
|
---|
189 | <para>This option can be used to connect to a Virtual Distributed
|
---|
190 | Ethernet switch on a Linux or a FreeBSD host. It is only available
|
---|
191 | if the VDE software and the VDE plugin library from the
|
---|
192 | VirtualSquare project are installed on the host system. For more
|
---|
193 | information on setting up VDE networks, please see the
|
---|
194 | documentation accompanying the software.</para>
|
---|
195 | </glossdef>
|
---|
196 | </glossentry>
|
---|
197 | </glosslist></para>
|
---|
198 |
|
---|
199 | <para>The following sections describe the available network modes in more
|
---|
200 | detail.</para>
|
---|
201 | </sect1>
|
---|
202 |
|
---|
203 | <sect1 id="network_nat">
|
---|
204 | <title>Network Address Translation (NAT)</title>
|
---|
205 |
|
---|
206 | <para>Network Address Translation (NAT) is the simplest way of accessing
|
---|
207 | an external network from a virtual machine. Usually, it does not require
|
---|
208 | any configuration on the host network and guest system. For this reason,
|
---|
209 | it is the default networking mode in VirtualBox.</para>
|
---|
210 |
|
---|
211 | <para>A virtual machine with NAT enabled acts much like a real computer
|
---|
212 | that connects to the Internet through a router. The "router", in this
|
---|
213 | case, is the VirtualBox networking engine, which maps traffic from and to
|
---|
214 | the virtual machine transparently. The disadvantage of NAT mode is that,
|
---|
215 | much like a private network behind a router, the virtual machine is
|
---|
216 | invisible and unreachable from the outside internet; you cannot run a
|
---|
217 | server this way unless you set up port forwarding (described
|
---|
218 | below).</para>
|
---|
219 |
|
---|
220 | <para>The network frames sent out by the guest operating system are
|
---|
221 | received by VirtualBox's NAT engine, which extracts the TCP/IP data and
|
---|
222 | resends it using the host operating system. To an application on the host,
|
---|
223 | or to another computer on the same network as the host, it looks like the
|
---|
224 | data was sent by the VirtualBox application on the host, using an IP
|
---|
225 | address belonging to the host. VirtualBox listens for replies to the
|
---|
226 | packages sent, and repacks and resends them to the guest machine on its
|
---|
227 | private network.</para>
|
---|
228 |
|
---|
229 | <para>The virtual machine receives its network address and configuration
|
---|
230 | on the private network from a DHCP server integrated into VirtualBox. The
|
---|
231 | IP address thus assigned to the virtual machine is usually on a completely
|
---|
232 | different network than the host. As more than one card of a virtual
|
---|
233 | machine can be set up to use NAT, the first card is connected to the
|
---|
234 | private network 10.0.2.0, the second card to the network 10.0.3.0 and so
|
---|
235 | on. If you need to change the guest-assigned IP range for some reason,
|
---|
236 | please refer to <xref linkend="changenat" />.</para>
|
---|
237 |
|
---|
238 | <sect2 id="natforward">
|
---|
239 | <title>Configuring port forwarding with NAT</title>
|
---|
240 |
|
---|
241 | <para>As the virtual machine is connected to a private network internal
|
---|
242 | to VirtualBox and invisible to the host, network services on the guest
|
---|
243 | are not accessible to the host machine or to other computers on the same
|
---|
244 | network. However, like a physical router, VirtualBox can make selected
|
---|
245 | services available to the world outside the guest through <emphasis
|
---|
246 | role="bold">port forwarding.</emphasis> This means that VirtualBox
|
---|
247 | listens to certain ports on the host and resends all packets which
|
---|
248 | arrive there to the guest, on the same or a different port.</para>
|
---|
249 |
|
---|
250 | <para>To an application on the host or other physical (or virtual)
|
---|
251 | machines on the network, it looks as though the service being proxied is
|
---|
252 | actually running on the host. This also means that you cannot run the
|
---|
253 | same service on the same ports on the host. However, you still gain the
|
---|
254 | advantages of running the service in a virtual machine -- for example,
|
---|
255 | services on the host machine or on other virtual machines cannot be
|
---|
256 | compromised or crashed by a vulnerability or a bug in the service, and
|
---|
257 | the service can run in a different operating system than the host
|
---|
258 | system.</para>
|
---|
259 |
|
---|
260 | <para>You can set up a guest service which you wish to proxy using the
|
---|
261 | command line tool <computeroutput>VBoxManage</computeroutput>; for
|
---|
262 | details, please refer to <xref linkend="vboxmanage-modifyvm" />.</para>
|
---|
263 |
|
---|
264 | <para>You will need to know which ports on the guest the service uses
|
---|
265 | and to decide which ports to use on the host (often but not always you
|
---|
266 | will want to use the same ports on the guest and on the host). You can
|
---|
267 | use any ports on the host which are not already in use by a service. For
|
---|
268 | example, to set up incoming NAT connections to an
|
---|
269 | <computeroutput>ssh</computeroutput> server in the guest, use the
|
---|
270 | following command: <screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen>With
|
---|
271 | the above example, all TCP traffic arriving on port 2222 on any host
|
---|
272 | interface will be forwarded to port 22 in the guest. The protocol name
|
---|
273 | <computeroutput>tcp</computeroutput> is a mandatory attribute defining
|
---|
274 | which protocol should be used for forwarding
|
---|
275 | (<computeroutput>udp</computeroutput> could also be used). The name
|
---|
276 | <computeroutput>guestssh</computeroutput> is purely descriptive and will
|
---|
277 | be auto-generated if omitted. The number after
|
---|
278 | <computeroutput>--natpf</computeroutput> denotes the network card, like
|
---|
279 | in other parts of VBoxManage.</para>
|
---|
280 |
|
---|
281 | <para>To remove this forwarding rule again, use the following command:
|
---|
282 | <screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen></para>
|
---|
283 |
|
---|
284 | <para>If for some reason the guest uses a static assigned IP address not
|
---|
285 | leased from the built-in DHCP server, it is required to specify the
|
---|
286 | guest IP when registering the forwarding rule: <screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen>This
|
---|
287 | example is identical to the previous one, except that the NAT engine is
|
---|
288 | being told that the guest can be found at the 10.0.2.19 address.</para>
|
---|
289 |
|
---|
290 | <para>To forward <emphasis>all</emphasis> incoming traffic from a
|
---|
291 | specific host interface to the guest, specify the IP of that host
|
---|
292 | interface like this:<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen>This
|
---|
293 | forwards all TCP traffic arriving on the localhost interface (127.0.0.1)
|
---|
294 | via port 2222 to port 22 in the guest.</para>
|
---|
295 |
|
---|
296 | <para>It is not possible to configure incoming NAT connections while the
|
---|
297 | VM is running. However, you can change the settings for a VM which is
|
---|
298 | currently saved (or powered off at a snapshot).</para>
|
---|
299 | </sect2>
|
---|
300 |
|
---|
301 | <sect2 id="nat-tftp">
|
---|
302 | <title>PXE booting with NAT</title>
|
---|
303 |
|
---|
304 | <para>PXE booting is now supported in NAT mode. The NAT DHCP server
|
---|
305 | provides a boot file name of the form
|
---|
306 | <computeroutput>vmname.pxe</computeroutput> if the directory
|
---|
307 | <computeroutput>TFTP</computeroutput> exists in the directory where the
|
---|
308 | user's <computeroutput>VirtualBox.xml</computeroutput> file is kept. It
|
---|
309 | is the responsibility of the user to provide
|
---|
310 | <computeroutput>vmname.pxe</computeroutput>.</para>
|
---|
311 | </sect2>
|
---|
312 |
|
---|
313 | <sect2 id="nat-limitations">
|
---|
314 | <title>NAT limitations</title>
|
---|
315 |
|
---|
316 | <para>There are four <emphasis role="bold">limitations</emphasis> of NAT
|
---|
317 | mode which users should be aware of:</para>
|
---|
318 |
|
---|
319 | <glosslist>
|
---|
320 | <glossentry>
|
---|
321 | <glossterm>ICMP protocol limitations:</glossterm>
|
---|
322 |
|
---|
323 | <glossdef>
|
---|
324 | <para>Some frequently used network debugging tools (e.g.
|
---|
325 | <computeroutput>ping</computeroutput> or tracerouting) rely on the
|
---|
326 | ICMP protocol for sending/receiving messages. While ICMP support
|
---|
327 | has been improved with VirtualBox 2.1
|
---|
328 | (<computeroutput>ping</computeroutput> should now work), some
|
---|
329 | other tools may not work reliably.</para>
|
---|
330 | </glossdef>
|
---|
331 | </glossentry>
|
---|
332 |
|
---|
333 | <glossentry>
|
---|
334 | <glossterm>Receiving of UDP broadcasts is not reliable:</glossterm>
|
---|
335 |
|
---|
336 | <glossdef>
|
---|
337 | <para>The guest does not reliably receive broadcasts, since, in
|
---|
338 | order to save resources, it only listens for a certain amount of
|
---|
339 | time after the guest has sent UDP data on a particular port. As a
|
---|
340 | consequence, NetBios name resolution based on broadcasts does not
|
---|
341 | always work (but WINS always works). As a workaround, you can use
|
---|
342 | the numeric IP of the desired server in the
|
---|
343 | <computeroutput>\\server\share</computeroutput> notation.</para>
|
---|
344 | </glossdef>
|
---|
345 | </glossentry>
|
---|
346 |
|
---|
347 | <glossentry>
|
---|
348 | <glossterm>Protocols such as GRE are unsupported:</glossterm>
|
---|
349 |
|
---|
350 | <glossdef>
|
---|
351 | <para>Protocols other than TCP and UDP are not supported. This
|
---|
352 | means some VPN products (e.g. PPTP from Microsoft) cannot be used.
|
---|
353 | There are other VPN products which use simply TCP and UDP.</para>
|
---|
354 | </glossdef>
|
---|
355 | </glossentry>
|
---|
356 |
|
---|
357 | <glossentry>
|
---|
358 | <glossterm>Forwarding host ports < 1024 impossible:</glossterm>
|
---|
359 |
|
---|
360 | <glossdef>
|
---|
361 | <para>On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is
|
---|
362 | not possible to bind to ports below 1024 from applications that
|
---|
363 | are not run by <computeroutput>root</computeroutput>. As a result,
|
---|
364 | if you try to configure such a port forwarding, the VM will refuse
|
---|
365 | to start.</para>
|
---|
366 | </glossdef>
|
---|
367 | </glossentry>
|
---|
368 | </glosslist>
|
---|
369 |
|
---|
370 | <para>These limitations normally don't affect standard network use. But
|
---|
371 | the presence of NAT has also subtle effects that may interfere with
|
---|
372 | protocols that are normally working. One example is NFS, where the
|
---|
373 | server is often configured to refuse connections from non-privileged
|
---|
374 | ports (i.e. ports not below 1024).</para>
|
---|
375 | </sect2>
|
---|
376 | </sect1>
|
---|
377 |
|
---|
378 | <sect1>
|
---|
379 | <title id="network_bridged">Bridged networking</title>
|
---|
380 |
|
---|
381 | <para>With bridged networking, VirtualBox uses a device driver on your
|
---|
382 | <emphasis>host</emphasis> system that filters data from your physical
|
---|
383 | network adapter. This driver is therefore called a "net filter" driver.
|
---|
384 | This allows VirtualBox to intercept data from the physical network and
|
---|
385 | inject data into it, effectively creating a new network interface in
|
---|
386 | software. When a guest is using such a new software interface, it looks to
|
---|
387 | the host system as though the guest were physically connected to the
|
---|
388 | interface using a network cable: the host can send data to the guest
|
---|
389 | through that interface and receive data from it. This means that you can
|
---|
390 | set up routing or bridging between the guest and the rest of your
|
---|
391 | network.</para>
|
---|
392 |
|
---|
393 | <para>For this to work, VirtualBox needs a device driver on your host
|
---|
394 | system. The way bridged networking works has been completely rewritten
|
---|
395 | with VirtualBox 2.0 and 2.1, depending on the host operating system. From
|
---|
396 | the user perspective, the main difference is that complex configuration is
|
---|
397 | no longer necessary on any of the supported host operating
|
---|
398 | systems.<footnote>
|
---|
399 | <para>For Mac OS X and Solaris hosts, net filter drivers were already
|
---|
400 | added in VirtualBox 2.0 (as initial support for Host Interface
|
---|
401 | Networking on these platforms). With VirtualBox 2.1, net filter
|
---|
402 | drivers were also added for the Windows and Linux hosts, replacing the
|
---|
403 | mechanisms previously present in VirtualBox for those platforms;
|
---|
404 | especially on Linux, the earlier method required creating TAP
|
---|
405 | interfaces and bridges, which was complex and varied from one
|
---|
406 | distribution to the next. None of this is necessary anymore. Bridged
|
---|
407 | network was formerly called "Host Interface Networking" and has been
|
---|
408 | renamed with version 2.2 without any change in functionality.</para>
|
---|
409 | </footnote></para>
|
---|
410 |
|
---|
411 | <para><note>
|
---|
412 | <para>Even though TAP is no longer necessary on Linux with bridged
|
---|
413 | networking, you <emphasis>can</emphasis> still use TAP interfaces for
|
---|
414 | certain advanced setups, since you can connect a VM to any host
|
---|
415 | interface -- which could also be a TAP interface.</para>
|
---|
416 | </note>To enable bridged networking, all you need to do is to open the
|
---|
417 | Settings dialog of a virtual machine, go to the "Network" page and select
|
---|
418 | "Bridged network" in the drop down list for the "Attached to" field.
|
---|
419 | Finally, select desired host interface from the list at the bottom of the
|
---|
420 | page, which contains the physical network interfaces of your systems. On a
|
---|
421 | typical MacBook, for example, this will allow you to select between "en1:
|
---|
422 | AirPort" (which is the wireless interface) and "en0: Ethernet", which
|
---|
423 | represents the interface with a network cable.</para>
|
---|
424 |
|
---|
425 | <para>Depending on your host operating system, the following limitations
|
---|
426 | should be kept in mind:<itemizedlist>
|
---|
427 | <listitem>
|
---|
428 | <para>On <emphasis role="bold">Macintosh</emphasis> hosts,
|
---|
429 | functionality is limited when using AirPort (the Mac's wireless
|
---|
430 | networking) for bridged networking. Currently, VirtualBox supports
|
---|
431 | only IPv4 over AirPort. For other protocols such as IPv6 and IPX,
|
---|
432 | you must choose a wired interface.</para>
|
---|
433 | </listitem>
|
---|
434 |
|
---|
435 | <listitem>
|
---|
436 | <para>On <emphasis role="bold">Linux</emphasis> hosts, functionality
|
---|
437 | is limited when using wireless interfaces for bridged networking.
|
---|
438 | Currently, VirtualBox supports only IPv4 over wireless. For other
|
---|
439 | protocols such as IPv6 and IPX, you must choose a wired
|
---|
440 | interface.</para>
|
---|
441 |
|
---|
442 | <para>Also, setting the MTU to less than 1500 bytes on wired
|
---|
443 | interfaces provided by the sky2 driver on the Marvell Yukon II EC
|
---|
444 | Ultra Ethernet NIC is known to cause packet losses under certain
|
---|
445 | conditions.</para>
|
---|
446 | </listitem>
|
---|
447 |
|
---|
448 | <listitem>
|
---|
449 | <para>On <emphasis role="bold">Solaris</emphasis> hosts, there is no
|
---|
450 | support for using wireless interfaces. Filtering guest traffic using
|
---|
451 | IPFilter is also not completely supported due to technical
|
---|
452 | restrictions of the Solaris networking subsystem. These issues would
|
---|
453 | be addressed in a future release of Solaris 11.</para>
|
---|
454 |
|
---|
455 | <para>With VirtualBox 2.0.4 and above, it is possible to use
|
---|
456 | Crossbow Virtual Network Interfaces (VNICs) with bridged networking,
|
---|
457 | but with the following caveats:</para>
|
---|
458 |
|
---|
459 | <itemizedlist>
|
---|
460 | <listitem>
|
---|
461 | <para>A VNIC cannot be shared between multiple guest network
|
---|
462 | interfaces, i.e. each guest network interface must have its own,
|
---|
463 | exclusive VNIC.</para>
|
---|
464 | </listitem>
|
---|
465 |
|
---|
466 | <listitem>
|
---|
467 | <para>The VNIC and the guest network interface that uses the
|
---|
468 | VNIC must be assigned identical MAC addresses.</para>
|
---|
469 | </listitem>
|
---|
470 | </itemizedlist>
|
---|
471 |
|
---|
472 | <para>When using VLAN interfaces with VirtualBox, they must be named
|
---|
473 | according to the PPA-hack naming scheme (e.g. "e1000g513001"), as
|
---|
474 | otherwise the guest may receive packets in an unexpected
|
---|
475 | format.</para>
|
---|
476 | </listitem>
|
---|
477 | </itemizedlist></para>
|
---|
478 | </sect1>
|
---|
479 |
|
---|
480 | <sect1 id="network_internal">
|
---|
481 | <title>Internal networking</title>
|
---|
482 |
|
---|
483 | <para>Internal Networking is similar to bridged networking in that the VM
|
---|
484 | can directly communicate with the outside world. However, the "outside
|
---|
485 | world" is limited to other VMs on the same host which connect to the same internal
|
---|
486 | network.</para>
|
---|
487 |
|
---|
488 | <para>Even though technically, everything that can be done using internal
|
---|
489 | networking can also be done using bridged networking, there are security
|
---|
490 | advantages with internal networking. In bridged networking mode, all traffic
|
---|
491 | goes through a physical interface of the host system. It is therefore possible
|
---|
492 | to attach a packet sniffer (such as Wireshark) to the host interface and log
|
---|
493 | all traffic that goes over it. If, for any reason, you prefer two or more VMs
|
---|
494 | on the same machine to communicate privately, hiding their data from both
|
---|
495 | the host system and the user, bridged networking therefore is not an option.</para>
|
---|
496 |
|
---|
497 | <para>Internal networks are created automatically as needed, i.e. there is
|
---|
498 | no central configuration. Every internal network is identified simply by
|
---|
499 | its name. Once there is more than one active virtual network card with the
|
---|
500 | same internal network ID, the VirtualBox support driver will automatically
|
---|
501 | "wire" the cards and act as a network switch. The VirtualBox support
|
---|
502 | driver implements a complete Ethernet switch and supports both
|
---|
503 | broadcast/multicast frames and promiscuous mode.</para>
|
---|
504 |
|
---|
505 | <para>In order to attach a VM's network card to an internal network, set
|
---|
506 | its networking mode to "internal networking". There are two ways to
|
---|
507 | accomplish this:</para>
|
---|
508 |
|
---|
509 | <para><itemizedlist>
|
---|
510 | <listitem>
|
---|
511 | <para>You can use a VM's "Settings" dialog in the VirtualBox
|
---|
512 | graphical user interface. In the "Networking" category of the
|
---|
513 | settings dialog, select "Internal Networking" from the drop-down
|
---|
514 | list of networking modes. Now select the name of an existing
|
---|
515 | internal network from the drop-down below or enter a new name into
|
---|
516 | the entry field.</para>
|
---|
517 | </listitem>
|
---|
518 |
|
---|
519 | <listitem>
|
---|
520 | <para>You can use <screen>VBoxManage modifyvm "VM name" --nic<x> intnet</screen>
|
---|
521 | Optionally, you can specify a network name with the command <screen>VBoxManage modifyvm "VM name" --intnet<x> "network name"</screen>
|
---|
522 | If you do not specify a network name, the network card will be
|
---|
523 | attached to the network <computeroutput>intnet</computeroutput> by
|
---|
524 | default.</para>
|
---|
525 | </listitem>
|
---|
526 | </itemizedlist></para>
|
---|
527 |
|
---|
528 | <para>Unless you configure the (virtual) network cards in the guest
|
---|
529 | operating systems that are participating in the internal network to use
|
---|
530 | static IP addresses, you may want to use the DHCP server that is built
|
---|
531 | into VirtualBox to manage IP addresses for the internal network. Please
|
---|
532 | see <xref linkend="vboxmanage-dhcpserver" /> for details.</para>
|
---|
533 |
|
---|
534 | <para>As a security measure, the Linux implementation of internal
|
---|
535 | networking only allows VMs running under the same user ID to establish an
|
---|
536 | internal network.</para>
|
---|
537 | </sect1>
|
---|
538 |
|
---|
539 | <sect1 id="network_hostonly">
|
---|
540 | <title>Host-only networking</title>
|
---|
541 |
|
---|
542 | <para>Host-only networking is another networking mode that was added with
|
---|
543 | version 2.2 of VirtualBox. It can be thought of as a hybrid between the
|
---|
544 | bridged and internal networking modes: as with bridged networking, the
|
---|
545 | virtual machines can talk to each other and the host as if they were
|
---|
546 | connected through a physical ethernet switch. Similarly, as with internal
|
---|
547 | networking however, a physical networking interface need not be present,
|
---|
548 | and the virtual machines cannot talk to the world outside the host since
|
---|
549 | they are not connected to a physical networking interface.</para>
|
---|
550 |
|
---|
551 | <para>Instead, when host-only networking is used, VirtualBox creates a new
|
---|
552 | software interface on the host which then appears next to your existing
|
---|
553 | network interfaces. In other words, whereas with bridged networking an
|
---|
554 | existing physical interface is used to attach virtual machines to, with
|
---|
555 | host-only networking a new "loopback" interface is created on the host.
|
---|
556 | And whereas with internal networking, the traffic between the virtual
|
---|
557 | machines cannot be seen, the traffic on the "loopback" interface on the
|
---|
558 | host can be intercepted.</para>
|
---|
559 |
|
---|
560 | <para>Host-only networking is particularly useful for preconfigured
|
---|
561 | virtual appliances, where multiple virtual machines are shipped together
|
---|
562 | and designed to cooperate. For example, one virtual machine may contain a
|
---|
563 | web server and a second one a database, and since they are intended to
|
---|
564 | talk to each other, the appliance can instruct VirtualBox to set up a
|
---|
565 | host-only network for the two. A second (bridged) network would then
|
---|
566 | connect the web server to the outside world to serve data to, but the
|
---|
567 | outside world cannot connect to the database.</para>
|
---|
568 |
|
---|
569 | <para>To change a virtual machine's virtual network interface to "host
|
---|
570 | only" mode:<itemizedlist>
|
---|
571 | <listitem>
|
---|
572 | <para>either go to the "Network" page in the virtual machine's
|
---|
573 | settings notebook in the graphical user interface and select
|
---|
574 | "Host-only networking", or</para>
|
---|
575 | </listitem>
|
---|
576 |
|
---|
577 | <listitem>
|
---|
578 | <para>on the command line, type <computeroutput>VBoxManage modifyvm
|
---|
579 | "VM name" --nic<x> hostonly</computeroutput>; see <xref
|
---|
580 | linkend="vboxmanage-modifyvm" /> for details.</para>
|
---|
581 | </listitem>
|
---|
582 | </itemizedlist></para>
|
---|
583 |
|
---|
584 | <para>For host-only networking, like with internal networking, you may
|
---|
585 | find the DHCP server useful that is built into VirtualBox. This can be
|
---|
586 | enabled to then manage the IP addresses in the host-only network since
|
---|
587 | otherwise you would need to configure all IP addresses
|
---|
588 | statically.<itemizedlist>
|
---|
589 | <listitem>
|
---|
590 | <para>In the VirtualBox graphical user interface, you can configure
|
---|
591 | all these items in the global settings via "File" -> "Settings"
|
---|
592 | -> "Network", which lists all host-only networks which are
|
---|
593 | presently in use. Click on the network name and then on the "Edit"
|
---|
594 | button to the right, and you can modify the adapter and DHCP
|
---|
595 | settings.</para>
|
---|
596 | </listitem>
|
---|
597 |
|
---|
598 | <listitem>
|
---|
599 | <para>Alternatively, you can use <computeroutput>VBoxManage
|
---|
600 | dhcpserver</computeroutput> on the command line; please see <xref
|
---|
601 | linkend="vboxmanage-dhcpserver" /> for details.</para>
|
---|
602 | </listitem>
|
---|
603 | </itemizedlist></para>
|
---|
604 | </sect1>
|
---|
605 | </chapter>
|
---|