How to add 2nd NIC (network interface card) (eth1) to HVM?
680 views
Skip to first unread message
whoni...@mail2tor.com
Aug 15, 2014, 12:35:46 AM8/15/14
to qubes...@googlegroups.com
I have an operational Debian Wheezy (Whonix) HVM in Qubes.
It currently has one network card (eth0) but I need to add a second NIC
(such as "eth1") for this VM to use for the Whonix two VM architecture.
How would I go about accomplishing this second NIC for a Debian-based
Qubes HVM?
Thanks!
It currently has one network card (eth0) but I need to add a second NIC
(such as "eth1") for this VM to use for the Whonix two VM architecture.
How would I go about accomplishing this second NIC for a Debian-based
Qubes HVM?
Thanks!
Marek Marczykowski-Górecki
Aug 15, 2014, 3:19:00 AM8/15/14
to whoni...@mail2tor.com, qubes...@googlegroups.com
directly using xl command (Xen toolstack). The command would be something like:
xl network-attach VMNAME script=/etc/xen/scripts/vif-route-qubes ip=IP
backend=BACKEND_VMNAME
BACKEND_VMNAME is normally "firewallvm"
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
whoni...@mail2tor.com
Aug 16, 2014, 9:42:37 AM8/16/14
to qubes...@googlegroups.com, adre...@riseup.net
> Qubes currently do not support such configuration. You can try to do it
> directly using xl command (Xen toolstack). The command would be something
> like:
> xl network-attach VMNAME script=/etc/xen/scripts/vif-route-qubes ip=IP
> backend=BACKEND_VMNAME
>
> BACKEND_VMNAME is normally "firewallvm"
You rock Marek! The xl commands seem to be what I need.
> directly using xl command (Xen toolstack). The command would be something
> like:
> xl network-attach VMNAME script=/etc/xen/scripts/vif-route-qubes ip=IP
> backend=BACKEND_VMNAME
>
> BACKEND_VMNAME is normally "firewallvm"
Follow up questions...
For the following "Qubes + Whonix" network architecture:
Qubes netvm -> Qubes firewallvm -> whonix-wateway (HVM) ->
whonix-workstation (HVM)
The "Whonix-Gateway" HVM would have the following network connections, to
basically mimic a ProxyVM in a HVM:
whonix-gateway:
- eth0: standard Qubes NIC -> connecting to Qubes FirewallVM
- eth1: added via Xen xl -> connecting to Whonix-Workstation HVM
The "Whonix-Workstation" HVM would have the following network connection:
whonix-workstation:
- eth0: standard Qubes NIC -> connecting to Whonix-Gateway HVM
To achieve this network architecture with HVMs, I assume that this would
be done with the "backend" option of the Xen "xl" "network-attach"
command, instead of the "NetVM" setting inside the Qubes VM Manager?
Like this...
whonix-gateway:
- eth0 backend = firewallvm
- eth1 backend = whonix-workstation
whonix-workstation:
- eth0 backend = whonix-gateway
firewallvm <--> whonix-gateway (eth0) <--> whonix-gateway (eth1) <-->
whonix-workstation (eth0)
I'm not sure how the NetVM/backends work exactly yet. Maybe they isolate
the network traffic between specified VMs, similar to the concept of
"internal networks" in VirtualBox?
P.S. FYI: There is a currently active project going on in the Whonix
development forums to port Whonix to Qubes. We seem to be getting close to
succeeding.
Thank you for your help!
Marek Marczykowski-Górecki
Sep 4, 2014, 7:44:13 PM9/4/14
to whoni...@mail2tor.com, qubes...@googlegroups.com, adre...@riseup.net
On 16.08.2014 15:42, whoni...@mail2tor.com wrote:
>> Qubes currently do not support such configuration. You can try to do it
>> directly using xl command (Xen toolstack). The command would be something
>> like:
>> xl network-attach VMNAME script=/etc/xen/scripts/vif-route-qubes ip=IP
>> backend=BACKEND_VMNAME
>>
>> BACKEND_VMNAME is normally "firewallvm"
>
>
> You rock Marek! The xl commands seem to be what I need.
>
>
> Follow up questions...
>
> For the following "Qubes + Whonix" network architecture:
>
>
> Qubes netvm -> Qubes firewallvm -> whonix-wateway (HVM) ->
> whonix-workstation (HVM)
>
>
> The "Whonix-Gateway" HVM would have the following network connections, to
> basically mimic a ProxyVM in a HVM:
>
> whonix-gateway:
> - eth0: standard Qubes NIC -> connecting to Qubes FirewallVM
> - eth1: added via Xen xl -> connecting to Whonix-Workstation HVM
>
>
> The "Whonix-Workstation" HVM would have the following network connection:
>
> whonix-workstation:
> - eth0: standard Qubes NIC -> connecting to Whonix-Gateway HVM
>
>
>
> To achieve this network architecture with HVMs, I assume that this would
> be done with the "backend" option of the Xen "xl" "network-attach"
> command, instead of the "NetVM" setting inside the Qubes VM Manager?
Right.
>> Qubes currently do not support such configuration. You can try to do it
>> directly using xl command (Xen toolstack). The command would be something
>> like:
>> xl network-attach VMNAME script=/etc/xen/scripts/vif-route-qubes ip=IP
>> backend=BACKEND_VMNAME
>>
>> BACKEND_VMNAME is normally "firewallvm"
>
>
> You rock Marek! The xl commands seem to be what I need.
>
>
> Follow up questions...
>
> For the following "Qubes + Whonix" network architecture:
>
>
> Qubes netvm -> Qubes firewallvm -> whonix-wateway (HVM) ->
> whonix-workstation (HVM)
>
>
> The "Whonix-Gateway" HVM would have the following network connections, to
> basically mimic a ProxyVM in a HVM:
>
> whonix-gateway:
> - eth0: standard Qubes NIC -> connecting to Qubes FirewallVM
> - eth1: added via Xen xl -> connecting to Whonix-Workstation HVM
>
>
> The "Whonix-Workstation" HVM would have the following network connection:
>
> whonix-workstation:
> - eth0: standard Qubes NIC -> connecting to Whonix-Gateway HVM
>
>
>
> To achieve this network architecture with HVMs, I assume that this would
> be done with the "backend" option of the Xen "xl" "network-attach"
> command, instead of the "NetVM" setting inside the Qubes VM Manager?
> Like this...
>
> whonix-gateway:
> - eth0 backend = firewallvm
> - eth1 backend = whonix-workstation
vif*".
> whonix-workstation:
> - eth0 backend = whonix-gateway
to "none" here and add the connection manually using xl command.
> firewallvm <--> whonix-gateway (eth0) <--> whonix-gateway (eth1) <-->
> whonix-workstation (eth0)
>
>
>
> I'm not sure how the NetVM/backends work exactly yet. Maybe they isolate
> the network traffic between specified VMs, similar to the concept of
> "internal networks" in VirtualBox?
"internal networks" like in VirtualBox). It consists of two ends:
1. frontend - ethN interface in one VM
2. backend - vifX.N interface in other VM (X is VM Xen ID, N is the same as in
frontend).
> P.S. FYI: There is a currently active project going on in the Whonix
> development forums to port Whonix to Qubes. We seem to be getting close to
> succeeding.
>
> Thank you for your help!
>
Reply all
Reply to author
Forward
0 new messages