Showing posts with label networking. Show all posts
Showing posts with label networking. Show all posts

2017-09-22

Shorewall setup for VirtualBox host-only interface

VirtualBox has a networking mode called "host-only" which allows guests to communicate with each other, and the host to communicate with the guests.

To do this, a host-only network (interface) must be defined on the host. It can be done via GUI:


or via the commandline (needs sudo because this creates a new network interface on the host):

$ sudo vboxmanage hostonlyif create

This creates a host-only virtual interface on the host, named vboxnetN (N starts at 0 and increments for each new one):

$ ip addr list
...
12: vboxnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ...
    inet 192.168.56.1/24 brd 192.168.56.255 scope global vboxnet0
    inet6 fe80::800:27ff:fe00:0/64 scope link 
       valid_lft forever preferred_lft forever


There are three things to do in Shorewall: define a zone, place the host-only interface into that zone, and write a rule.

In /etc/shorewall/zones define the new zone:

# /etc/shorewall/zones
#ZONE    TYPE   OPTIONS    IN                OUT
#                          OPTIONS           OPTIONS
vh       ipv4

In /etc/shorewall/interfaces put the host-only interface vboxnet0 in that zone:

# /etc/shorewall/interfaces
#ZONE    INTERFACE      BROADCAST    OPTIONS
vh       vboxnet0       detect       dhcp

And finally, in /etc/shorewall/rules allow all traffic in the vh zone:

# /etc/shorewall/rules
ACCEPT    vh:192.168.56.0/24    fw    all

On the guest, create a new adapter, and either use DHCP or assign it a static IP in 192.168.56.0/24 (excluding 192.168.56.1, which is the host's IP address).  Attach the adapter to the Host-only Adapter:


Or use the command line:

$ vboxmanage modifyvm myguest --nic2 hostonly

Restart the shorewall service, and that should do it. Test it out by ssh'ing into the guest from the host.

Posted by at No comments:
Labels: , , , ,

2014-12-29

Mellanox Infiniband network cards on Linux

Sometimes, when one updates the firmware for Mellanox Infiniband cards, the MAC/hardware address gets changed. This usually happens if the IB card is OEM, i.e. made by Mellanox but stamped with a different company's name.

When the MAC gets changed, the network interface will not come up. The fix is to update the HWADDR field in /etc/sysconfig/network-scripts/ifcfg-ib0 and /etc/sysconfig/network-scripts/ifcfg-ib1. Use "ip link list" to display the new MAC.
Posted by at No comments:
Labels: , , , , ,

2011-05-18

Modifying MTU to prevent sftp from stalling

I have Ubuntu 11.04 Natty on my laptop, now, and it almost always stalls when trying to download a file via sftp while on wifi with the VPN on. Turns out, modifying the MTU (maximum transmission unit) on the wifi fixes the problem. The default value is 1500, but apparently, the VPN protocol adds overhead which reduces the effective size. On my laptop, the VPN tunnel virtual device has an MTU of 1412.

        tun0  Link encap:UNSPEC  HWaddr ... 
        inet addr:xxx.xx.xx.xxx  P-t-P:xxx.xx.xx.xxx  Mask:255.255.255.248
        UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
        RX packets:92323 errors:0 dropped:0 overruns:0 frame:0
        TX packets:61094 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:500
        RX bytes:119168710 (119.1 MB)  TX bytes:4994871 (4.9 MB)

So, what I did was change the MTU of the wifi device wlan0 to 1412:

        sudo ifconfig wlan0 mtu 1412
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)