User profile for user: Christopher J K
Christopher J K Author
User level: Level 1
8 points

Virtual Network Adapter

HI all,


I'm trying to create a virtual network adapter on my computer.


Currently, I use my Mac as a router. However, I'd like to have a virtual network to attach virtual machines to. In this setup, my ifconfig should look like this:



lo0: bla bla bla

en0: bla bla bla 10-net-address bla bla bla

en4: bla bla bla public-address bla bla bla

virtual0: bla bla bla 192.168-net-address bla bla bla <--- this is the important line

bla bla bla



I'll then have my virtual machine bridge to virtual0, have pf block all [non-established] connections coming to virtual0 (so the VM can't connect to my machine) and have a few ports get routed to 192.168.xxx.xxx (the VM's address). I might want more than one VM to connect, but it's not an issue from my standpoint to have 2, 3, 4, etc VMs on virtual0 (and I can, later, create virtual1, virtual2, etc as needed).


Does anybody know how I can do this?

OS X Server

Posted on May 3, 2013 7:25 PM

Reply
9 replies
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,512 points

May 3, 2013 8:00 PM in response to Christopher J K

Since you're using VMs, is there some reason that you don't want to use the VM environment (VMWare, Parallels or whatever) to create and manage virtual interfaces for you?


To be honest, I'm not sure what you want to do - it's a bit vague. Are you looking to connect your VMs in a virtual switching fabric, set up one or more VLAN, or do some kind of Tun/Tap routing? If it's the last one, then that's what VMWare (et al) already do. With the right virtual appliance, they can do the first as well. And you don't really need to do the second with VMs unless you have a very complex virtualized network.

Reply
User profile for user: Christopher J K
Christopher J K Author
User level: Level 1
8 points

May 3, 2013 8:11 PM in response to g_wolfman

Thank you for the reply! Here's more background on what I want to do, what I've considered and a slightly different explanation of what exactly I want to do.


What I want is to emulate a "tripod network" - where the switch has a dedicated DMZ side and a trusted side. The trusted side can communicate with the outside world and the DMZ; the DMZ can't initiate any (or limited) outgoing connections and select ports are passed into computers in the DMZ.


This traditionally requires three NICs: WAN; LAN; and DMZ. The WAN gets connected to the modem/internet, and the LAN and DMZ both get connected to hardware switches to which other computer are connected.


In my case, I want the DMZ to be a "virtual" switch - so virtual0 (in my example) would connect to an internal bridge/switch in the same way en0 would connect to a real switch.


VMWare and VirtualBox both let me do NAT, Bridging (to an existing IF) or private-to-host. NAT implies it's going to add rules which I don't want and doesn't create an actual IF. Bridging... needs an existing IF (like the one I'm trying to create). Private-to-host appears to do what I want... However, if I let the VM manage it, that forces me to control the order of VM booting (the one that creates the adapter must start first, then the other ones can join in).


I'd like to have a launchd that does this:


- Create virtual0

- Start VM1 (VMWare)

- Start VM2 (VirtualBox)

- Start VM3 (VirtualBox)

- etc


and have the VMs be configured to connect to virtual0. This way, I can restart any one of the VMs without killing the [virtual] network.


I can also then have pf redirect, say, port 443 to 196.168.xxx.xxx - which may be VM1's address.

Reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,512 points

May 3, 2013 11:49 PM in response to Christopher J K

OK.


The only kernel extension that I know of to provide that facility to OS X is TunTap:

http://tuntaposx.sourceforge.net/index.xhtml.


I have no idea how stable it really is, I've never used it and quite frankly there are only a few commercial companies (with money and reputations riding on their quality) which I personally trust to provide kernel modifying components. Writing good kexts is nto easy.


But maybe this will provide the facility that you need. If so, then I imagine you can bash script the startup and shut down procedures you need and turn those scripts into the target of launchd plists.


I do know you're going to have an interesting time playing with it...good luck.

Reply
User profile for user: Christopher J K
Christopher J K Author
User level: Level 1
8 points

May 4, 2013 11:01 AM in response to Linc Davis

So I just tried using VMWare's host-only networking where it creates "vmnetN" (http://www.vmware.com/support/ws55/doc/ws_net_configurations_hostonly.html). It is extraordinarily intermittent and has very high pings (450ms from VM to host!) and even then only partially works.


I need some other virtual ethernet adapter that does pretty much the exact same thing vmware's does - only better. I also don't need DHCP.

Reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,512 points

May 5, 2013 6:01 AM in response to Christopher J K

In that case, I can tell you that I have gotten VMWare to work exactly that way, and to work well in that configuration.


But we were using very heavy iron at the time. Running more than a couple of VMs taxes any system not built to support running multiple VMs, and running an entire virtualized network is an order of magnitude (in my personal estimation) more taxing.


But it is possible.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Virtual Network Adapter

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up