How to configure a NIC on FreeBSD host so it's dedicated to VirtualBox VM

Network related discussions (including general TCP/IP stuff, routing, etc).

How to configure a NIC on FreeBSD host so it's dedicated to VirtualBox VM

Postby LSDave » 29 Aug 2011, 00:59

I have a dual-homed FreeBSD 9.0 machine that itself only uses one NIC. Until today, I have left the second NIC unconfigured.

Now I have installed Virtualbox on the FreeBSD host, and want to assign a particular Window guest two NICs, including dedicated access to this second, previously unused NIC. Within VirtualBox, I know this is a matter of selecting "Bridged Adapter" and pointing VirtualBox to the second NIC. What is unclear is how do I configure the second NIC on the FreeBSD host, so that the NIC is up and available for Virtualbox guests, without having TCP/IP properties or being connectable by/to the host.

With Hyper-V or VMware on Windows, this is simple a matter of enabling the NIC on the host machine, and then accessing the NIC's properties on the host machine, and then unchecking all the connection items (e.g, Client for Microsoft Networks, QoS Packet Scheduler, File and Print Sharing TCP/IPv4, TCP/IPv6, etc).

I am still new to FreeBSD and am not sure how to achieve the equivalent result editing by the /etc/rc.conf (or whatever other file).

Any help is appreciated. Thanks in advance.
LSDave
Junior Member
 
Posts: 16
Joined: 03 May 2010, 07:32

Postby wblock@ » 29 Aug 2011, 04:50

Interesting question. I would guess as long as it isn't assigned an IP address, an interface would be up but unused. It wouldn't hurt to just set it that way:
[file]/etc/rc.conf[/file]
Code: Select all
ifconfig_re1="up"


As an alternate question: is a second NIC even needed? Well, yes, if it's connected to a different physical network. But can you bridge more than one VM onto a single physical card? Haven't tested, but I'd think so.
User avatar
wblock@
Old Fart
 
Posts: 10212
Joined: 07 Sep 2009, 23:23
Location: Milky Way galaxy

Postby pbd » 29 Aug 2011, 07:15

wblock wrote:But can you bridge more than one VM onto a single physical card?


Yes, that is possible.
pbd
Member
 
Posts: 191
Joined: 16 Nov 2008, 16:39
Location: Brno, CZ

Postby LSDave » 30 Aug 2011, 00:14

wblock wrote:Interesting question. I would guess as long as it isn't assigned an IP address, an interface would be up but unused. It wouldn't hurt to just set it that way:
[file]/etc/rc.conf[/file]
Code: Select all
ifconfig_re1="up"


As an alternate question: is a second NIC even needed? Well, yes, if it's connected to a different physical network. But can you bridge more than one VM onto a single physical card? Haven't tested, but I'd think so.


Thank you for your response. Following your advice I added:

[file]/etc/rc.conf[/file]
Code: Select all
ifconfig_re1="up"


This worked partially, in that the NIC is up without IPv4 TCP/IP properties assigned, but another concern has arisen. When I run ifconfig it appears that FreeBSD is still assigning IPv6 local-link addresses.

Specifically, the following output is returned:

Code: Select all
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
        ether [secret]
        inet 192.168.Y.X netmask 0xffffff00 broadcast 192.168.Y.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=3808<VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
        ether [secret]
        inet6 fe80::220:18ff:fed9:f864%rl0 prefixlen 64 scopeid 0x7
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

vboxnet0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether [secret]
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>


I do not use IPv6 on the Host and would prefer the Realtek NIC not be assigned ANY address on the Host, as it is physically connected directly to my cable modem.

So I researched a bit (on this excellent site!) and, following this thread,
I added:

[file]/etc/rc.conf[/file]
Code: Select all
auto_linklocal="NO"


and

[file]/boot/loader.conf[/file]
Code: Select all
sysctl net.inet6.ip6.auto_linklocal=0


Despite those additions, as the above-quoted ifconfig report shows, the Ipv6 link-local address continues to be assigned.

So... any ideas on how to remove that assignment?

Thanks again for your help so far.
LSDave
Junior Member
 
Posts: 16
Joined: 03 May 2010, 07:32

Postby phoenix » 30 Aug 2011, 03:41

Add
Code: Select all
WITHOUT_IPV6=yes
to [file]/etc/src.conf[/file], recompile the world and the kernel, and you'll never see an IPv6 address again. :)
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
User avatar
phoenix
MFC'd
 
Posts: 3349
Joined: 17 Nov 2008, 05:43
Location: Kamloops, BC, Canada

Postby wblock@ » 30 Aug 2011, 05:08

LSDave wrote:Thank you for your response. Following your advice I added:

[file]/etc/rc.conf[/file]
Code: Select all
ifconfig_re1="up"


It was an example, I was just guessing the interface name for a second card. For your system, it would be
Code: Select all
ifconfig_rl0="up"


So it didn't really change anything, it just shows that the interface defaults to up anyway.

I do not use IPv6 on the Host and would prefer the Realtek NIC not be assigned ANY address on the Host, as it is physically connected directly to my cable modem.


Haven't messed with IPv6 at all, but [man=8]ifconfig[/man] mentions the [file]ifdisabled[/file] option to disable all IPv6 on a specific interface.

phoenix's suggestion doesn't even build IPv6, but you can also just build a kernel without it by commenting out the [file]INET6[/file] option.
Code: Select all
#options        INET6


Or use "nooptions".
Code: Select all
nooptions       INET6
User avatar
wblock@
Old Fart
 
Posts: 10212
Joined: 07 Sep 2009, 23:23
Location: Milky Way galaxy

Postby pauljames » 11 Sep 2011, 05:10

You can run pf firewall and use it to redirect IP traffic bound for your VMs. Since you have two nics, you might want to use one NIC as a private subnet like 192.168.1.0 (VM IP's) and then you have your other NIC answering requests from the Internet (Routeable addresses).

So what you might have (and the NICs in this example are just that, an example) in your /etc/pf.conf is,

Code: Select all
ext_if="em0" #outside
int_if="em1" #inside
.
.
rdr on $ext_if inet proto tcp from any to x.x.x.x -> 192.168.1.3

or rdr pass on $ext_if inet proto tcp from any to x.x.x.x -> 192.168.1.3


x.x.x.x = the IP address you want traffic bound to your VM from the internet. The actual VM you will assign it the non routeable IP address of 192.168.1.3.

If you don't want to use a firewall then don't assign the IP address you want to give to the VM on any NIC on the FreeBSD Host. Just give it the IP to the VM.

We use both methods depending on what the requirements are.

Hope that helps you.
pauljames
Junior Member
 
Posts: 19
Joined: 04 Sep 2011, 15:51


Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests