Virtualbox Server/Client topology
I have Ubuntu 14.04 desktop machine that VirtualBox installed on it. I make two virtual machines, one Ubuntu server, the other is Lubuntu client. The default setting allow me to get Internet from guests to Internet through 3G modem connected to the host machine cause the guests use NAT by default, but I can't reach from client to server.
I want to put the two guests in separated network and let the guest server to connect to Internet through NAT with another network interface, and make the guest client connect to Internet through the guest Server.
I did the following:
- On guest server I added two network interfaces, one for local network and the other for NAT.
- On guest client I added local network interface only.
What should I do to make the guest server reach the Internet and then make the guest client reach also to Internet but through the guest server?
You have a list of VirtualBox networking modes in its Documentation.
The one you need on both systems is Internal networking. You have to give it a name, you can create several networks in this mode. VirtualBox will connect all guests in the same internal network, so names must match on both virtual machines. The default should work right out-of-the-box.
The server needs an Internal networking with the same name and another one which connects to the world, in your case NAT.
Now the guest server should be able to connect to the internet through the NAT interface.
Give IPs to the machines
In order to the client and the server reach each other, their interfaces must be configured in the same network. You can do it manually (static addresses) or configuring a DHCP server in the server machine.
These are the steps to do it manually:
root@server:~# ifconfig eth0 192.168.1.1 netmask 255.255.255.0
root@client:~# ifconfig eth0 192.168.1.5 netmask 255.255.255.0
You can set any IP you want, but they must be in the same network. Here, eth0
in the server machine refers to the Internal interface, if you set interface 1 as Internal and 2 as NAT, the above commands will work fine.
Now you should be able to ping
each other, but packets from the client machine won't be able to travel through the server machine yet, only to the server.
Note: These changes will be lost at next reboot, to make the changes permanent you have to edit and configure /etc/network/interfaces
. If you are configuring the client with GUI from the desktop, skip the CLI configuration.
Configure forwarding
You need to configure forwarding. You could simply do
root@server:~# echo 1 > /proc/sys/net/ipv4/ip_forward
but this would only work until you reboot the machine. You need to edit /etc/sysctl.conf
and uncomment #net.ipv4.ip_forward=1
so it looks like:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
This will configure the server machine to forward packets (at next reboot).
Enable masquerading
This will configure the server to do IP masquerading.
root@server:~# modprobe iptable_nat
root@server:~# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
root@server:~# iptables -A FORWARD -i eth0 -j ACCEPT
Take care about eth0
and eth1
, here the 2nd line must be -o NAT_interface
and the 3rd line -i Internal_interface
.
Configure the client to go through the server
This setting should have been already set, either in the GUI assistant or by editing /etc/network/interfaces/
. Just in case it is not applied, add the default route through the server machine:
root@client:~# route add default gw 192.168.1.1
Configure DNS
Now you should be able to communicate from the client machine, but if you configured the IP addresses manually, you still need to provide the DNS servers so you can resolve names.
Edit /etc/resolv.conf
and add the servers you like:
nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 8.8.8.8
nameserver 8.8.4.4
If you configured DHCP in the server machine, you should have already told the DHCP server which DNS servers to use (if not, do it now).
Again, if you configured the client with a GUI assistant, just make sure the DNS are valid and skip this section.