This discussion is archived
3 Replies Latest reply: Jan 28, 2013 3:36 PM by Dude! RSS

two nics, filter one of them

EdStevens Guru
Currently Being Moderated
OL 5.6 x86-x4, running under VirtualBox

This may end up as ae a VBox question, but I'll start here because I think it can be addressed as purely a linux issue.

Background
When I create a vm under Vbox, I create two NICs for it. The first is defined for NAT and is configured as eth0 with dhcp. The second is defined hostonly and is configured as eth1 with a fixed ip address. This allows the vm to hide behind the host's IP address when going to oracle's yum server via eth0, and keep all other communication local to the host via eth1. Unlike VMware, VBox seems to require DHCP in order to use the NAT adapter, so this two NIC configuration is the only way I've found to allow the vm to pull from the yum server and still keep everything else private.

Issue
While testing some scripts I ported over from a real server in my data center, I notice some unexpected behavior and so ran some rudimentary tests. What I found to my surprise was that - from the vm - I could successfully ping the name of a live data center server. I would have expected that to fail, as I have no entry for it in the vm's /etc/hosts file. But it seems it is still getting DNS name resolution.

I'm sure there is a perfectly logical explanation, based on who/when/were the dns resolution occurs, but since network admin isn't really my expertise I'd like some enlightenment on this.
And in the end, is there anything I can do with my vm or Vbox config to make sure I don't accidentally touch a data center server? The ONLY destination my vm should reach outside of the 'hostonly' environment is oracle's yum server.
  • 1. Re: two nics, filter one of them
    Dude! Guru
    Currently Being Moderated
    The NAT interface uses the host network as a proxy to make connections on behalf of the virtual machine. The VirtualBox built-in DHCP server, which you must use with this interface, also forwards DNS queries.

    The /etc/hosts file has normally precedence over DNS resolving. You can check /etc/nsswitch.conf. If a host record is found in /etc/hosts, DNS will not be queried. You could for instance add the following entry to your /etc/hosts file of your Linux guest system so that the query goes nowhere, or use the TCP/IP address it should use.

    0.0.0.0 datacenter datacenter.example.com
  • 2. Re: two nics, filter one of them
    EdStevens Guru
    Currently Being Moderated
    Dude wrote:
    The NAT interface uses the host network as a proxy to make connections on behalf of the virtual machine. The VirtualBox built-in DHCP server, which you must use with this interface, also forwards DNS queries.

    The /etc/hosts file has normally precedence over DNS resolving. You can check /etc/nsswitch.conf. If a host record is found in /etc/hosts, DNS will not be queried. You could for instance add the following entry to your /etc/hosts file of your Linux guest system so that the query goes nowhere, or use the TCP/IP address it should use.

    0.0.0.0 datacenter datacenter.example.com
    Perfecto Mundo.

    A ping actually rerouted to 127.0.0.1, which was a bit of a surprise. But all the same, those server names are now protected from inadvertent access from my sandbox machines.
  • 3. Re: two nics, filter one of them
    Dude! Guru
    Currently Being Moderated
    Maybe it depends on the platform. Under Mac OS X it goes nowhere. Any IP ending with a .0 is actually a network and not a host address.

    http://en.wikipedia.org/wiki/0.0.0.0

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points