1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to configure a NIC on FreeBSD host so it's dedicated to VirtualBox VM

Discussion in 'Networking' started by LSDave, Aug 29, 2011.

  1. LSDave

    LSDave New Member

    Messages:
    16
    Likes Received:
    0
    I have a dual-homed FreeBSD 9.0 machine that itself only uses one NIC. Until today, I have left the second NIC unconfigured.

    Now I have installed Virtualbox on the FreeBSD host, and want to assign a particular Window guest two NICs, including dedicated access to this second, previously unused NIC. Within VirtualBox, I know this is a matter of selecting "Bridged Adapter" and pointing VirtualBox to the second NIC. What is unclear is how do I configure the second NIC on the FreeBSD host, so that the NIC is up and available for Virtualbox guests, without having TCP/IP properties or being connectable by/to the host.

    With Hyper-V or VMware on Windows, this is simple a matter of enabling the NIC on the host machine, and then accessing the NIC's properties on the host machine, and then unchecking all the connection items (e.g, Client for Microsoft Networks, QoS Packet Scheduler, File and Print Sharing TCP/IPv4, TCP/IPv6, etc).

    I am still new to FreeBSD and am not sure how to achieve the equivalent result editing by the /etc/rc.conf (or whatever other file).

    Any help is appreciated. Thanks in advance.
     
  2. wblock@

    wblock@ Administrator Staff Member Administrator Moderator Developer

    Messages:
    11,252
    Likes Received:
    25
    Interesting question. I would guess as long as it isn't assigned an IP address, an interface would be up but unused. It wouldn't hurt to just set it that way:
    /etc/rc.conf
    Code:
    ifconfig_re1="up"
    
    As an alternate question: is a second NIC even needed? Well, yes, if it's connected to a different physical network. But can you bridge more than one VM onto a single physical card? Haven't tested, but I'd think so.
     
  3. pbd

    pbd New Member

    Messages:
    191
    Likes Received:
    0
    Yes, that is possible.
     
  4. LSDave

    LSDave New Member

    Messages:
    16
    Likes Received:
    0
    Thank you for your response. Following your advice I added:

    /etc/rc.conf
    Code:
    ifconfig_re1="up"
    
    This worked partially, in that the NIC is up without IPv4 TCP/IP properties assigned, but another concern has arisen. When I run ifconfig it appears that FreeBSD is still assigning IPv6 local-link addresses.

    Specifically, the following output is returned:

    Code:
    bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
            ether [secret]
            inet 192.168.Y.X netmask 0xffffff00 broadcast 192.168.Y.255
            nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
            media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
    
    rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=3808<VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
            ether [secret]
            inet6 fe80::220:18ff:fed9:f864%rl0 prefixlen 64 scopeid 0x7 
            nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
            media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
            options=3<RXCSUM,TXCSUM>
            inet6 ::1 prefixlen 128 
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 
            inet 127.0.0.1 netmask 0xff000000 
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    
    vboxnet0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
            ether [secret]
            nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    
    I do not use IPv6 on the Host and would prefer the Realtek NIC not be assigned ANY address on the Host, as it is physically connected directly to my cable modem.

    So I researched a bit (on this excellent site!) and, following this thread,
    I added:

    /etc/rc.conf
    Code:
    auto_linklocal="NO"
    
    and

    /boot/loader.conf
    Code:
    sysctl net.inet6.ip6.auto_linklocal=0
    
    Despite those additions, as the above-quoted ifconfig report shows, the Ipv6 link-local address continues to be assigned.

    So... any ideas on how to remove that assignment?

    Thanks again for your help so far.
     
  5. phoenix

    phoenix Moderator Staff Member Moderator

    Messages:
    3,409
    Likes Received:
    2
    Add
    Code:
    WITHOUT_IPV6=yes
    to /etc/src.conf, recompile the world and the kernel, and you'll never see an IPv6 address again. :)
     
  6. wblock@

    wblock@ Administrator Staff Member Administrator Moderator Developer

    Messages:
    11,252
    Likes Received:
    25
    It was an example, I was just guessing the interface name for a second card. For your system, it would be
    Code:
    ifconfig_rl0="up"
    
    So it didn't really change anything, it just shows that the interface defaults to up anyway.

    Haven't messed with IPv6 at all, but ifconfig(8) mentions the ifdisabled option to disable all IPv6 on a specific interface.

    phoenix's suggestion doesn't even build IPv6, but you can also just build a kernel without it by commenting out the INET6 option.
    Code:
    #options        INET6
    
    Or use "nooptions".
    Code:
    nooptions       INET6
    
     
  7. pauljames

    pauljames New Member

    Messages:
    19
    Likes Received:
    0
    You can run pf firewall and use it to redirect IP traffic bound for your VMs. Since you have two nics, you might want to use one NIC as a private subnet like 192.168.1.0 (VM IP's) and then you have your other NIC answering requests from the Internet (Routeable addresses).

    So what you might have (and the NICs in this example are just that, an example) in your /etc/pf.conf is,

    Code:
    ext_if="em0" #outside 
    int_if="em1" #inside
    .
    .
    rdr on $ext_if inet proto tcp from any to x.x.x.x -> 192.168.1.3
    
    or rdr pass on $ext_if inet proto tcp from any to x.x.x.x -> 192.168.1.3
    
    x.x.x.x = the IP address you want traffic bound to your VM from the internet. The actual VM you will assign it the non routeable IP address of 192.168.1.3.

    If you don't want to use a firewall then don't assign the IP address you want to give to the VM on any NIC on the FreeBSD Host. Just give it the IP to the VM.

    We use both methods depending on what the requirements are.

    Hope that helps you.