开发者

Virtualizing an Inline network appliance with VirtualBox (or VMWare)

My device, which is a Linux based IP in-liner is transparent to the network peripherals, that is, no IP address assigned to any of its interfaces.

For the sake of the conversation, let's use ADSL connection as an example, while the device is inspecting the bi-directional traffic, the network is behaving same as if device was not there, attached to the wire (see Physical setup at the attached diagram).

I wonder if I can enclosed that "device" within a Windows machine and have it operated virtually so it still seats inline between the ADSL router and the Windows netwroking interface by using virtual NICs, (or whatever their name is in windows), and inspecting the traffic, same as if it was on a separate physical device, the drawing under "Virtual Setup" in the attached diagram show what I am trying to achieve.

Reading a bit on the VirtualBox docs, seems like binding the right side is relatively simple, perhaps I should have one network adapter set as Bridge Networking and VirtualBox will connect it to the physical NIC on the host machine, and network packets are exchanged dir开发者_如何转开发ectly, circumventing the host operating system's network stack (WinXP in my case).

However, I have no idea how to achieve the left side of my diagram, which requires adding virtual NICs to windows and configure them correctly in a way to make that pipeline possible.

I would appreciate any help.

by the way, if that is not possible with VirtualBox but with other virtualization solution (e.g. VMWare), I would accept the other as well.

components setup diagram http://img715.imageshack.us/img715/810/physicalvsvirtualsetup2.png


It depends on whether you want ( or more if it can ) your linix ( *nix ) inline device to "route" the packets that go through it possibly from one network to another and whether you want this "app" to essentially have no access directly out of your virtual environment ( the green box in your diagram ). If so, what might work is something like:

  • your "app" is run inside a virtual machine ( say another windows xp instance ) with a NIC configured on a virtual internal or "private" network ( I'm positive both virtualbox and vmware server have this option ) but with the same IP subnet and as your actual network 192.168.1.0
  • the left side - eth0 - of your *nix device ( which would have to be a virtual machine ) is also set up on this internal / private network
  • the right side - eth1 - of your *nix device is set up on a bridged network so it has real work access into your real network

This will make it slightly easier to see if traffic / packets are infact going through your *nix device or not, as the app will not have access outside of the virtual internal/private network. NOTE when i say internal/private network I'm not talking about VPNs, just a private network that the host nor your network can reach and the virtual machines can't contact the host or your network.

Without knowing what your *nix device is doing its a little hard. if it can't route or act as a pass through device of some description then the dhcp broadcasts wont get to your dhcp server - which is what I'm guessing your doing something around given that you mentioned it in your diagram.

If your *nix device is a real device then obviously this wont work as I'm assuming its a virtual machine of some description. If this is the case let me know and I'll give some advise on how to work with that situation.

Good luck

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜