Wrangling CoLinux Networking

by David Sklar

Related link: http://www.colinux.org/



As much I wanted my Windows Re-Education Camp efforts to succeed completely, my brain and my fingers have Unix idioms too deeply ingrained in them to make the increasing amount of adjustment effort worth it.



Instead of firing up my long-dormant VMWare installation, I thought I'd give CoLinux a try.



Setup and installation was very smooth, with one big exception: networking. This wasn't a total surprise, since the CoLinux wiki warns that networking is the hardest part of setup, but it was still annoying.



Basic installation was easy and straightforward. I just followed the directions. I downloaded the Colinux distribution and a 1GB Debian 3.0r0 disk image file. I put everything in one directory, created a swapfile, made a few pathname adjustments to the CoLinux configuration file and was up and running with a Debian installation.



At this point, the virtual CoLinux computer could neither talk to the Windows XP side of things nor to the rest of the Internet. The CoLinux networking documentation describes two ways that CoLinux's networking can be set up: NAT or Bridged.



Networking: NAT



NAT uses Windows's Internet Connection Sharing to hide CoLinux behind the outward-facing IP address of Windows. This is recommended as the easier way to set up CoLinux networking, but it was off-limits to me because Windows XP (or my D-Link "Cable/DSL Residential Gateway", depending on your perspective) is unnecessarily inflexible.



The D-Link router, which is plugged into my cable modem and acts as a firewall and router for my vast home/office network, insists that its private subnet be 192.168.0.1 - 192.168.0.255. Windows XP Internet Connection Sharing also insists that its private subnet (the one that the CoLinux virtual computer would use) be 192.168.0.1 - 192.168.0.255.



If either one of them would let me change what subnet it uses, then I could use NAT with CoLinux. But they don't. Perhaps this is a misguided ploy to get me to buy a more expensive router or somehow run Windows Server 2003 (which has more configurable NAT settings) on my Thinkpad. (I should note, though, that the NAT software that comes with VMWare can use any subnet you specify. You get what you pay for, perhaps.)



Networking: Bridged



So, my NAT dreams squashed, I proceeded to the world of bridged networking. In this model, you tell CoLinux the name of your Ethernet adapter and then it piggybacks a connection on it. There's just one physical Ethernet plug on the back of my computer, but to the network (the DHCP server in the D-Link router, the other computers behind the router, and so on) it appears that two computers, with two IP addresses and two MAC addresses, live behind that plug.



At first, everything was fine with bridged networking. I configured Debian's /etc/network/interfaces file to get an IP address for eth0 via DHCP. I started up CoLinux. It talked to the DHCP server. The Windows side of things and the Linux side of things were two subnet-sharing digital peas in a pod. Both of these "computers" were sharing the same atoms in the physical world, but from their logical perspectives they were just two different computers connected via a network.



Networking: Unplugged



Then disaster struck: I unplugged my laptop from the network. This is not an infrequent occurance. I bought a 3.5 pound computer on
purpose. When I am traveling or otherwise not online, I'd still like to be able, for example, to access Apache running on CoLinux
from Firefox running on Windows XP.



Unfortunately, bridged networking makes this tricky. The Windows computer and the Linux computer really don't know they live in the same CPU. So once that network cable was unplugged, they each thought they had no way to talk to any other computers on the network -- including each other.



After disappearing down the disabling "Media Sense" rabbit hole, I stumbled upon what would provide my solution to this problem: the Loopback Adapter. This is essentially a software-only fake Ethernet adapter that is always "plugged in". By telling CoLinux to use bridgednetworking, but over the Loopback Adapter and not the regular Ethernet connection, I had a way for Windows and Linux to talk to each other over a "network" whether or not my computer was actually connected to an external network.



In Windows, I assigned the Loopback Adapter a static IP address. In /etc/network/interfaces, I gave eth0 a different static IP address in the same subnet. (I chose a different subnet than 192.168.0.1 - 192.168.0.255, of course!) The result? uninterrupted communication between Windows and Linux.



All of my networking problems were not solved at this point, though. While Windows was now connected to two networks (the "real" one via its regular Ethernet port and the fakey one via the Loopback adapter), Linux was only connected to one: the fakey Loopback network. This means that Linux had no outside network access. This was bad.



I solved this problem by providing additional bridged network interfaces to CoLinux. One to the Windows Ethernet adapter and one to the Wireless Ethernet adapter. These are configured in /etc/network/interfaces to get IP addresses via DHCP. So, all direct communication between the Windows computer and the Linux computer happens over the private Loopback network. But, when the Linux computer wants to talk to the rest of the world, it uses the Ethernet adapters in the Windows computer to make it happen.



DNS



To smooth communication between the Windows computer and the Linux computer, I run BIND on Windows with configuration files that resolve the appropriate addresses in the private subnet to hostnames in my private .home top level domain.



Security



Because the Windows and Linux computers only need to talk to each other over the Loopback network, you can restrict connections (with Windows Firewall or iptables) for sensitive services to just the Loopback subnet. The public interfaces on both Windows and Linux still need appropriate protection from any incoming external connections.



Configuration Details



I am using Windows XP SP 2, Colinux 0.6.1, and WinPCap 3.1 Beta 3.



In Windows, Network Connection "Loopback Adapter" has these TCP/IP properties:

IP address: 10.3.75.1
Subnet Mask: 255.255.255.0
Default gateway: 10.3.75.1
Preferred DNS Server: 10.3.75.1



The networking portion of my Colinux configuration file is:

<network index="0" type="bridged" name="MS LoopBack Driver"/>

<network index="1" type="bridged" name="Intel(R) PRO/1000 MT Mobile Connection (Microsoft's Packet Scheduler)"/>

<network index="2" type="bridged" name="Intel(R) PRO/Wireless 2200BG Network Connection (Microsoft's Packet Scheduler)"/>]]>



In Linux, the /etc/network/interfaces file contains:

# lo: colinux loopback
# eth0: connection via MS Loopback to Windows XP
# eth1: bridged connection to world via Gigabit Ethernet
# eth2: bridged connection to world via 802.11b/g

auto lo eth0 eth1

iface lo inet loopback
iface eth0 inet static
up /etc/network/local-ns.pl
address 10.3.75.2
netmask 255.255.255.0
iface eth1 inet dhcp
up /etc/network/local-ns.pl
iface eth2 inet dhcp
up /etc/network/local-ns.pl


/etc/network/local-ns.pl is a short program that makes sure
that /etc/resolv.conf always has the local (Windows) nameserver IP
address in it. The script is:

#!/usr/bin/perl

$local_ns='search home
nameserver 10.3.75.1
';

my $resolv_conf;
open(IN,'</etc/resolv.conf');
{ local $/; $resolv_conf = <IN>; }
if (! ($resolv_conf =~ /\Q$local_ns/)) {
$resolv_conf = $local_ns . $resolv_conf;
}

open(OUT,'>/etc/resolv.conf');
print OUT $resolv_conf;
close(OUT);




What was your CoLinux setup experience?


2 Comments

da-x@colinux.org
2004-10-23 12:59:57
Slirp
The latest development snapshot versions of coLinux have a new network daemon based on QEMU's modified Slirp code. It lets you have outbound connections (e.g for apt-get and X clients) out-of-the-box.
JoeNotCharles
2004-11-05 14:02:41
Sounds perfect
Beautiful! Haven't tried it out yet, but this sounds like just what I was looking for.