virtualbox, taps and bridges

Tue Oct 7 08:06:47 UTC 2008

Karl Auer <kauer at biplane.com.au> writes:

>Anyway, the situation I got to was that the guest could access the host,
>the host could access the guest, the guest could access the Internet,
>the Internet could access the guest - but the host couldn't access
>anything outside it's own subnet!

If the host can access other machines on the same subnet but nowhere
else, then the problem is possibly that you do not have a default route
on the host. That should be set up by "dhclient br0", as the DHCP server
will usually return the gateway. What does the output of "ip route"
show?

>The script below got me to that point (virtualbox was set to use tap1
>and "Host Interface"). It was cobbled together over several hours from
>hints and ideas from various sources. It is to be run as root (i.e.,
>with sudo).

The script is pretty much correct in that it is doing all that needs to
be done to get things working as you want. This means the problem is
likely to be somewhere else on your real network.

>I think the line "ifconfig $IFACE 0.0.0.0" is suspect, 

Not really. It is just doing the same as "ip link set up dev $IFACE".
I'd change it to the latter just for consistency (plus I dont use
ifconfig anymore - ip for everything).

>One of the irritants
>in all the HowTos was that they gave no indication at all about *why*
>they took various steps. If one doesn't know the why of a thing, it's
>very hard to adapt or correct it.

Think of it as a (potentially) big ethernet switch. The bridge device
itself is the switch + the connection of the host on the switch. Adding
eth0 to the switch is like plugging the cable to the real physical switch into
the virtual switch. Creating a tap device and adding it to the bridge is
like plugging a virtual machine into the switch.

Going through this step by step...

>   # create the bridge
>   brctl addbr br0

This creates the virtual switch and plugs the host into it. Right now
its a useless switch, as is any switch with only one cable plugged in.
You could just give the host an IP address manually at this stage, but
if you want to get one via DHCP from another physical host the virtual
switch will need to be connected to that physical host somehow...

>   # add the real ethernet interface to the bridge
>   ifconfig $IFACE 0.0.0.0
>   brctl addif br0 $IFACE

This plugs the real switch into your virtual switch via the physical
interface $IFACE.

>   # give the bridge an IP address
>   ip link set up dev br0
>   dhclient br0

This gives your host an IP address via the DHCP server reachable from the
"other" port on the switch ($IFACE).

>   # create a tap
>   tunctl -t tap1 -u kauer > /dev/nul
>   ip link set up dev tap1

Creates a virtual ethernet cable with no ends plugged in anywhere. When
you start the virtual machine telling it to use tap1, to plugs one end
of the virtual cable into the virtual machine.

>   # add the tap interface to the bridge too
>   brctl addif br0 tap1

Plugs the virtual cable into the virutal switch. We're just waiting for
the VM to start - configured with tap1 - and we'll have the VM plugged
into the virtual switch.

At this stage, you've got three devices plugged into the virtual switch
(br0): The host is automatically on it, the upstream physical switch via
$IFACE, and the virtual machine via tap1. You can go on to create more
tap devices (virtual ethernet cables) to attach more virtual machines to
the switch.

It should be good to go now. If it's not we've got to start drilling
down into the actual IP addresses you are using and the routers
everyting has to see how it all hangs together.

Hope this helps somewhat.