Hi,
I have a small home network that was redundantly built with a firewall
(IPCop), a server (mail, www, ftp, ...) on DMZ (ubuntu 8.04) and a few
PCs on the GREEN net.
I wanted to consolidate all this on a single PC (ubuntu 8.10)
virtualizing the two machines above.
I started with the firewall completely reinstalling it from scratch on a
new virtual machine.
It works.
I had to set-up a series of bridges for networking.
My current /etc/network/interfaces is:
======================
auto lo
iface lo inet loopback
# LAN -------------------------------
auto eth0 tap0 br0
iface eth0 inet manual
iface tap0 inet manual
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
tunctl_user mauro
iface br0 inet static
address 192.168.0.5
netmask 255.255.255.0
#gateway 192.168.0.254
bridge_ports eth0 tap0
bridge_maxwait 0
#-----------------------------------
# WAN ------------------------------
auto eth2 tap2 tap4 br2
# physical interface to Ydea net
iface eth2 inet static
address 192.168.120.5
netmask 255.255.255.0
iface tap2 inet manual
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
tunctl_user mauro
iface tap4 inet manual
up /root/Ydea/tap-up.sh
down /root/Ydea/tap-down.sh
tunctl_user mauro
iface br2 inet manual
# address 192.168.120.5
# netmask 255.255.255.0
bridge_ports tap4 tap2
bridge_maxwait 0
#-----------------------------------
# DMZ ------------------------------
auto tap1 tap3 br1
iface tap1 inet manual
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
tunctl_user mauro
iface tap3 inet manual
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
tunctl_user mauro
iface br1 inet static
address 192.168.77.5
netmask 255.255.255.0
bridge_ports tap1 tap3
bridge_maxwait 0
======================
** FIRST QUESTION **
Is there a way to "secure" this setup?
I mean: from the HOST machine I can directly access all interfaces,
while I would like to have the WAN and DMZ bridges to be "not reachable"
from it; they should be accessible only through the firewall.
Is it possible? how?
---------------------------------------
I then wanted to port the server machine into a second virtual machine.
Since I lost track of all the tweaking I did to it I just started moving
the real HD to the Host machine and creating a write-through .vmdk disk
and booting from that.
It seems to work; it boots and I can do *almost* everything there, but I
can't get network to work (pretty useless server!).
Problem is the NIC doesn't seem to be there... but is there!
I mean:
dmsg says (I had to retype this because I have NO other access to this
VM but VirtualBox window and that will not allow me to select/cut/paste
text):
pcnet32: PCnet/FAST III 79C973 at 0xc020, 08 00 27 f5 7d 81 assigned IRQ 11.
pcnet32: Found PHY 0022:561b at address 0.
eth0: registered as PCnet/FAST III 79C973
pcnet32: 1 cards_found.
... but it doesn't seem to be there; e.g.: if I try to bring it manually
up I get:
loki:~# ifconfig eth0 192.168.77.10 up
SIOCSIFADDR: No such device
eth0: ERROR while getting interface flags: No such device
eth0: ERROR while getting interface flags: No such device
loki:~#
same (or similar) errors if I try via ifup; my current /etc/network
interfaces is:
======================
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.77.10
netmask 255.255.255.0
gateway 192.168.77.1
======================
** SECOND QUESTION **
What should I check?
I looked around and it all seems ok to me... but I obviously missed
something.
I also did a fresh installation of an ubuntu 8.04 on the *same* VM (just
switching the Hard Disks specifications and (unsurprisingly) it works. I
seem to have some setting on my old disk that prevents net to work, but
I'm unable to find out what it is.
Can someone show me exactly why and how I'm currently making a fool of
myself?
** THIRD QUESTION **
If and when I manage to have this work I would like to convert the real
hd to a virtual disk.
How can I do that?
I found vague hints to "creating vdi with non-empty contents", but not a
real recipe.
Pointers welcome.
Thanks in advance for any hint.
Regards
Mauro
_______________________________________________
vbox-users mailing list
[email protected]
http://vbox.innotek.de/mailman/listinfo/vbox-users
