利用VirtualBox附带工具创建tun/tap设备

发表于   |   分类于


工具介绍:

1.VBoxTunctl、VBoxAddIF、VBoxDeleteIF

版本VirtualBox-2.0.6

jfo@lab:~$ VBoxTunctl -h
Create: VBoxTunctl [-b] [-u owner] [-g group] [-t device-name] [-f tun-clone-device]
Delete: VBoxTunctl -d device-name [-f tun-clone-device]

The default tun clone device is /dev/net/tun - some systems use
/dev/misc/net/tun instead

-b will result in brief output (just the device name)

2.tun

tun设备相当于一块虚拟网卡

3.bridge

TCP/IP协议栈link layer


将一台Linux主机配置成bridge

jfo@lab:~$ sudo brctl addbr br0
jfo@lab:~$ sudo ifconfig eth0 0.0.0.0
jfo@lab:~$ sudo brctl addif br0 eth0
jfo@lab:~$ sudo ifconfig br0 x.x.x.x netmask x.x.x.x

这样,eth0、eth1…就变成虚拟bridge br0的各个port
如果不给br0配置IP地址,那么这台Linux主机完全变成一台bridge

关于bridge的介绍,参考以下说明:
Ethernet bridges connect two or more distinct ethernet segments transparently.
An ethernet bridge distributes ethernet frames coming in on one port to other ports associated to the bridge interface. This is accomplished with brain: Whenever the bridge knows on which port the MAC address to which the frame is to be delivered is located it forwards this frame only to this only port instead of polluting all ports together.
Ethernet interfaces can be added to an existing bridge interface and become then (logical) ports of the bridge interface.
Putting a netfilter structure on top of a bridge interface renders the bridge capable of servicing filtering mechanisms. This way, a transparent filtering instance can be created. It even needs no IP address assigned to work. Of course, you can assign an IP address to the bridge interface for maintenance purposes ( certainly, with ssh only ;-).

在bridge层也可以像iptables一样进行过滤,其命令为ebtables(类似iptables)
ebtables配置:http://ebtables.sourceforge.net/examples.html
ebtables/iptables对包的路由过程介绍:http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html


创建tun设备:

jfo@lab:~$ sudo VBoxTunctl -t vbox2 -g users
Set ‘vbox2’ persistent and owned by gid 100

jfo@lab:~$ sudo ifconfig -a

vbox2     Link encap:Ethernet HWaddr 00:FF:DC:88:E4:75
          BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


将tun设备vbox2添加为bridge的一个端口:

jfo@lab:~$ sudo brctl addif br0 vbox2

这样vbox2就可以被虚拟机用于和外部网络通讯,就像一块真实的网卡

也可利用VBoxAddIF将前面两个步骤合二为一:
jfo@lab:~$ sudo VBoxAddIF vbox2 -g users br0


删除tun设备:

jfo@lab:~$ sudo VBoxTunctl -d vbox2

或者
jfo@lab:~$ sudo VBoxDeleteIF vbox2








end