Building an Internal Network in VirtualBox

Introduction

The aim is to create a (virtual) Internet of 3 Linux VMs within VirtualBox using internal networking, and also allow those VMs access to the real Internet via NAT. The final network configuration is:

VirtualBox topology

You may use different IP addresses, but be sure to make the corresponding changes in /etc/network/interfaces.

A 32 minute video demonstrating and explaining the steps below is also available:

Create a Base Linux Machine

Setup a base Linux machine using NAT networking (NOT using bridged or internal networking). Install any software that is necessary on all machines, e.g.

sudo apt install openssh-server man manpages manpages-dev nano
sudo apt update
sudo apt upgrade

Clone Base to Client, Router and Server

Create full clones of the base VM to produce three (3) machines, referred to as client, router and server. Be sure to re-initialise the MAC address for each.

Enable Internal Networking

The client VM must have two (2) network adapters, one using NAT and the other using an internal network, e.g. named neta.

The router VM must have three (3) network adapters: NAT, internal network neta, and internal network netb.

The server VM must have two (2) network adapters: NAT and internal network netb.

Below are screenshots of the settings for router adapter 1 (NAT) and router adapter 3 (internal). Settings for other machines/adapters are similar.

VirtualBox Network Settings for Router Adapter 1 using NAT

Set the Hostnames

Start each VM and set the hostname using:

sudo hostnamectl set-hostname <name>
sudo vi /etc/hosts

In the hosts file, change the name for 127.0.1.1 to <name>, where <name> is either client, router or server.

Configure Interfaces

In each VM, edit /etc/network/interfaces to setup static IP addresses for the internal interfaces. Be sure that the interface names are correct as in the example by running:

ifconfig -a

Client

Add the following to /etc/network/interfaces:

# The internal interface on neta
auto enp0s8
iface enp0s8 inet static
    address 192.168.1.11
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255
    post-up route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1 dev enp0s8
    pre-down route del -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1 dev enp0s8

Router

Add the following to /etc/network/interfaces:

# The internal interface on neta
auto enp0s8
iface enp0s8 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255

# The internal interface on netb
auto enp0s9
iface enp0s9 inet static
    address 192.168.2.2
    netmask 255.255.255.0
    network 192.168.2.0
    broadcast 192.168.2.255

Server

Add the following to /etc/network/interfaces:

# The internal interface on netb
auto enp0s8
iface enp0s8 inet static
    address 192.168.2.22
    netmask 255.255.255.0
    network 192.168.2.0
    broadcast 192.168.2.255
    post-up route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.2.2 dev enp0s8
    pre-down route del -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.2.2 dev enp0s8

Enable Forwarding on the Router

Edit /etc/sysctl.conf:

sudo vi /etc/sysctl.conf

and uncomment (remove the hash #) the line referring to ip_forward to be:

net.ipv4.ip_forward=1

The output of /etc/hosts and /etc/sysctl.conf for both client and router is illustrated below.

/etc/hosts and /etc/sysctl.conf for client and router

Reboot the VMs

Reboot each VM using:

sudo reboot

Test the Internal Network

Use ping to test the internal network:

From client, ping 192.168.1.1
From client, ping 192.168.2.2
From client, ping 192.168.2.22

If all pings work, then the internal network is working successfully. You may also test by SSHing from client to server.

Test the Real Internet

Each VM should still have access to the real Internet. Test by pinging an external website, e.g. ping www.google.com, or installing software with sudo apt install ... .

Port Forwarding

Each VM should have port forwarding for SSH enabled on the NAT adapter. However it is important that the Host Port is different for each VM, e.g. 5022, 5023, 5024 for client, router, server, respectively. Then you can connect to each VM (with PuTTY or FileZilla) at the same time, simply by specifying a different port. The image below shows the port forward settings on the router NAT adapter 1 - the red circled Host Port should be different than that of client and server.

Port Forwarding on Router

Create More Servers

To create more servers, simply clone the server (or clone the base and setup as per the server), but ensuring they have different names when setting the hostname and IP addresses in /etc/network/interfaces. E.g. instead of server and 192.168.2.22, set to webserver/192.168.2.22, sshserver/192.168.2.23, fileserver/192.168.2.24. If they all have internal network on netb, then they are all in the same (virtual) LAN.

Created on Tue, 22 May 2018, 3:54pm

Last changed on Thu, 16 Aug 2018, 8:43am