Linux dual-nic Bridge

If the network connection mode of virtual box is set to NAT, the virtual machine can be directly connected to the Internet, but not to the host machine. Set the network connection mode of virtual box to host interface. The virtual machine can be connected to the host machine or the Internet. 1. the ip address of the NIC on the host is 192.168.1.3. Perform the following steps on the host to create a virtual network card for data exchange with the Virtual Machine network. (1) install the software package yum install tunctl-1.5-1.fc10 bridge-utils-y that provides the tunctl and brctl tools (2), set to allow forwarding echo 1>/proc/sys/net/ipv4/ip_forward (3) iptables is used to forward ip packets. iptables-t nat-a postrouting-j MASQUERADE (4), set to allow Virtual Box access to the/dev/net/tun file chmod 0666/dev/net/tun (5), the tap device tap0 as the Virtual network card, its owner is set to mygod user, note that you must set the owner to your own account. Otherwise, the tunctl-t tap0-u mygod (6) error occurs when running the virtual machine, and the ifconfig tap0 up (7) error occurs when running the virtual machine) set the ip address and mask of the virtual network card ifconfig tap 0 10.0.2.3 netmask 255.255.255.0 2. Open Virtual Box, set the connection method to host interface in the network Settings of the Virtual machine, and set the Interface Name in Host Interface Settings to tap0. 3. After Entering the Virtual Machine CentOS-5.2, run the following command. (1) Run system-config-network and set the eth0 Nic as follows: ip: 10.0.2.4 netmask: 255.255.255.0 gate way: 10.0.2.3 (2) re-activate the eth0 Nic ifdown eth0 ifup eth0 4. Solve the problem: After completing the above steps, the VM can successfully ping the host machine 192.168.1.3, but cannot connect to the Internet, the ping gateway 192.168.1.1 receives a prompt From 10.0.2.3 icmp_seq = 1 Destination Host Prohibited. After using the iptables-t filter -- list Command, we found that the FORWARD chain in the filter table contains "REJECT all -- anywhere reject-with icmp-host-prohibited ". Think about this rule, and execute the following command: iptables-t filter-f forward. OK. Now you can ping the gateway, but ping www.163.com still gets the prompt of unknown host www.163.com. It seems that it is a problem with the DNS settings of virtual machines. Open the/etc/resolv. conf file and add "nameserver 192.168.3.1 ". Done! 5. After the host machine is restarted, run the following script again with the root account :#! /Bin/bash tunctl-d tap0 tunctl-t tap0-u mygod ifconfig tap0 up ifconfig tap0 10.0.2.3 netmask limit 255.255.0 iptables-t filter-f forward iptables-t nat-a postrouting-j SNAT -s 10.0.2.0/24 -- to-source 192.168.3.3 echo 1>/proc/sys/net/ipv4/ip_forward