Multiple VMs with virtual-box-analog-bridge-connection

Hello guys.
How can i create two VMs with bridge connection (analog of the virtualbox bridge connection)??? I tried to create two sys-net vms but i didn’t manage to launch second vm. I.e. if i launch first sys-net vm then i get ip addr (via dhcp server in out local network) successfully. But i can’t launch the second one. I get the pci error because both vms use the same pci ethernet device (at the Device tab of the Qube settings menu)

I.e. guys. Using simple words. How Can I create two sys-net vms that will obtain different ip addresses from my dhcp server and these vms will use the same pci ethernet adapter???

This breaks down to two parts: one is not Qubes specific, the other is Qubes specific.

  1. How do I get 2 IP addresses on 1 NIC?
    You can find many guides online to do exactly this.
    By DHCP is quite difficult, but you could set one by DHCP and one by
    static address.
    If you hit a problem doing this, then post details of what you have
    tried, and exactly what error you are encountering.

  2. The Qubes part.
    You will have to make sure that the changes persist across restarts of
    sys-net.
    You could use bind-dirs to set the static IP address, or use a script
    in /rw/config. Both are well documented at Documentation | Qubes OS

Once you have that working, you will have to hack the networking in
sys-net, both in nft and in routing, to ensure that traffic from
sys-firewall1 passes via IP1, and sys-firewall2 passes via IP2.
Again, you will have to ensure that these changes persist across
reboots.
Because the scripts in /rw/config are run after networking is up, I
recommend that you autostart sys-firewall1, and manually start
sys-firewall2, to avoid any leakage.

None of this is impossible, depending on your level of experience.
It’s far simpler to shell out 10USD on a USB NIC, and create separate
sys-net qubes.

Hello unman!!!. Many thanks for your answer.
Can i setup my system like this

But ip addresses in dom4 and dom7 have to be obtained from dhcp.
Please help me.

I’m afraid I cant see that image at the moment.

Can i send you the image alternatively ???

Guys, any thoughts ???

@unman is an ascii kind of person. Does the following work for you? (had some fun doing this)


               ┌────────────────────────────────────────────────────────────────────────────┐
               │ Computer                                                                   │
               │                                                                            │
               │ ┌───────────────────────────────────────────┐      ┌─────────────────────┐ │
        │      │ │ Backend (driver) domain                   │      │                     │ │
        │      │ │        198.51.100.1                       │      │  guest domain       │ │
        │      │ │       ┌──────────┐                        │      │                     │ │
        │      │ │  ┌────┼──────────┼────────────────────┐   │      │  domU e.g. dom4     │ │
        │      │ │  │    │          │   Software Bridge  │   │      │                     │ │
        │      │ │  │    │xenbr0    │                    │   │      │                     │ │
        │      │ │  │    │O/S bridge│        ┌───────────┼┐  │virtual                     │ │
        │      │ │  │    │interface ├──┬─────┤ vif 4.0   ││  │ link │                     │ │
        │      │ │  │    │          │  │     │           │┼──┼───┐  │    198.51.100.27    │ │
        │      │ │  │    │          │  │     │(netback)  ││  │   │  │  ┌───────────────┐  │ │
        │      │ │  │    │          │  │     └───────────┼┘  │   │  │  │    eth0       │  │ │
        │      │ │  │    └──────────┘  │                 │   │   └──┼──┼┐(netfront)    │  │ │
        │      │ │  │                  │                 │   │      │  └┴──────────────┘  │ │
        │      │ │  │                  │                 │   │      │                     │ │
        │      │ │  │                  │                 │   │      └─────────────────────┘ │
physical│      │ │  │                  │                 │   │                              │
 link   │      │ │  │                  │  Virtual Switch │   │      ┌─────────────────────┐ │
        │      ├─┼──┼────┐             │                 │   │      │                     │ │
        │      │ │  │    │             │                 │   │      │   guest dom7        │ │
        ├──────┤ │eth0   ├─────────────┤                 │   │      │                     │ │
        │      │ │  │    │             │                 │   │virtual   198.51.100.32     │ │
        │      ├─┼──┼────┘             │     ┌───────────┼┐  │ link │ ┌───────────────┐   │ │
        │      │ │  │                  │     │vif7.0     ││  │      │ │   eth0        │   │ │
        │      │ │  │                  └─────┤           │┼──┼──────┼─┤               │   │ │
        │      │ │  │                        │ (netback) ││  │      │ │ (netfront)    │   │ │
        │      │ │  │                        ├───────────┼┘  │      │ └───────────────┘   │ │
        │      │ │  └────────────────────────┴───────────┘   │      │                     │ │
        │      │ │                                           │      │                     │ │
               │ └───────────────────────────────────────────┘      └─────────────────────┘ │
               │                                                                            │
               └────────────────────────────────────────────────────────────────────────────┘

1 Like

@deeplow
I really appreciate the effort. Stunning work, although ASCII art is
difficult for me too.

The problem is that as soon as people start using images in place of
words and explanations, they
a) make it extremely difficult to search and index posts,
b) stop providing explanations, and
c) exclude some other users.

If I understand that image, it looks like a standard Qubes setup, except
that Charley wants the qubes to get IP addresses via DHCP from a network
server. That’s rather different from the “simple words” explanation of
the problem, and isn’t, I think, currently possible.

I thought the problem was:

-------sys-net-----
NIC → eth0 → vif0 → qube0

→ eth1 → vif1 → qube1
eth0 and eth1 to get IP addresses via DHCP from network

It seems to be:

-------sys-net-----
NIC → eth0 → vif0 → qube0
>-> vif1 → qube1

qube0 and qube1 to get IP addresses via DHCP from network

1 Like

I saw in the one of tabs of the Network Manager (sys-net vm) “Shared Device” option. May it needs for me???

Did you read me replies?
Which of those options are you trying to do?
If neither, please say EXACTLY what you are trying to do.

Don’t post a picture. Write it out.
The process of writing it out will help clarify it in your mind, and
help others to help you.

Take a step back.
Don’t say what you think the solution is (e.g “I need 2 qubes getting
addresses using DHCP from network”), but what the problem is (e.g “I
connect to a network that uses DHCP - I want to connect to the mysql
server from 1 qube, and to the intranet from another qube, and I don’t
want the admins to be able to see the connections coming from the same
IP address”.)
Be specific.

Thanks for you attention to my problem, @unman. Ok. I will explain what I did, but first of all i begin from what i need

  1. I need to create 2,3…and so on qubes (sys-net) that will obtain ip addr from dhcp server in our local network and then connect to these sys-nets my working vms. Due to it needs to create 2,3… sys-nets the solution you provided (to buy usb ethernet adapter as the second ethernet adapter) was not for me. These sys-nets have to work with the SAME NIC. A solution with virtualbox guests where each guests network adapter setup as a bridge is good for me. I want to move this solution to the qubes os. Simply it needs that each working vm has its own REAL ip address (from our network) .
  2. What I did
    I created second sys-net1 vm ( i cloned it from sys-net ). But when I launch the second one I get the error “…requested operation is not valid. PCI device in use…”

Hmm, that doesn’t really address my question.
Why do you need to do this?
Is it absolutely impossible for you to get allocated static IP addresses
(or permanent DHCP leases) from your network admin?

@unman yes, it is impossible. Ip addresses have to be assigned dynamically.

Why do you think you need to do this?

Hello @unman. What do you think is this solution is good for me. [qubes-users] Custom LAN Network with dhcpd