VirtualBox VM as Man-in-the-Middle for Network Bridge

0

I have a wired Ethernet port and a wireless port. I have a device connected directly to my PC (running Windows 7) by means of the Ethernet port and the device connects to the Internet, which is available over the wireless network. I can fairly simply bridge the wired port to the wireless port by means of Control Panel > Network and Internet > Network Connections, selecting the two interfaces and bridging them. This allows the device access to the Internet.

However, I'd like to place a VirtualBox VM in the middle of this bridge, allowing it to sniff (and modify by means of libnetfilter_queue in Linux) network traffic on the bridge. What is the simplest method of achieving this?

Sedate Alien

Posted 2010-12-03T11:14:12.803

Reputation: 393

Answers

1

You can't do this by simply bridging the interfaces together. You would need to set up bridged adapters from the VM to both interfaces and enable ip forwarding in the vm. This approach has worked for me in the past.

edit: almost forgot, you also need dhcp handed out from the linux box in this configuration and a NAT postrouting rule

RobotHumans

Posted 2010-12-03T11:14:12.803

Reputation: 5 758

Thanks for the pointers, I've posted the final solution (that appears to work for me) as an answer below. – Sedate Alien – 2010-12-04T01:23:24.240

0

VirtualBox allows a VM's network adapters to be bridged to specific interfaces on the host. I bridged one VM adapter to one host adapter and another VM adapter to another host adapter -- as aking1012 said, the bridging functionality provided by Windows is not required nor useful here.

On the Linux guest, I ran the following commands:

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
ifconfig br0 <lan ip> netmask <netmask> broadcast <broadcast>
iptables -A FORWARD -p all -i br0 -j ACCEPT
iptables -t mangle -A FORWARD -m physdev --physdev-in eth0 -j NFQUEUE --queue-num 0
iptables -t mangle -A FORWARD -m physdev --physdev-in eth1 -j NFQUEUE --queue-num 1

This may not necessarily be correct or the most efficient method, but it seems to work for me. Many thanks to aking1012 for pointing me in the right direction.

Sedate Alien

Posted 2010-12-03T11:14:12.803

Reputation: 393

Asked: 2010-12-03T11:14:12.803

Viewed: 2 895 times

Active: 2010-12-04T01:22:34.910