Proper way to expose VirtualBox' machine to network via "one MAC" security locked switch port

Question

Say, we need to expose LXC container (LXC) or Virtualbox VM (VBM) to public network with its own IP-adress (within additionaly assigned network — ADD-net) which is to be routed through main host. When in SOHO environment it is quite okay to use LXC/VBM with its bridge based networking on main host's primary network interface (say, eth0), but it fails for colo-/hosting sysetms if switch port is security locked to one only MAC-adress due to hoster's policy.

What is the proper way to accomplish it?

I managed to do this with creating artifical bridge interface (br0), which is assigned one of the ADD-net's IP, and then bridging LXC/VBM's ethernet port to br0. Inside LXC/VBM routing is set to use br0's IP as default gateway.

Answer 1

That's pretty okay solution, but when it comes to some auxiliary kind of network interfaces it's useful to know that Linux kernel has special dummy network intefaces driver: modinfo dummy →

filename:       /lib/modules/3.0.0-12-server/kernel/drivers/net/dummy.ko
alias:          rtnl-link-dummy
license:        GPL
srcversion:     8CE65B44AD98B2E491B343B
depends:        
vermagic:       3.0.0-12-server SMP mod_unload modversions 
parm:           numdummies:Number of dummy pseudo devices (int)

As to me it's kinda superfluous to use briding interface just to have VirtualBox bridge to it.

UPD.: It's worth mentioning that dummy NIC is quite terse set-up by default, so to friend it with Ethernet, you need to configure it turning ARP on: ip l set dummy0 up arp on

Answer 2

The proper way to do this is to add a router between your virtual machines and your ISP. This is exactly what you did by adding br0. Your host routes between its various network interfaces and br0, and br0 acts as a switch to which you connect the VMs. All traffic towards your ISP will leave your host with the MAC address of the host's network interface.

This setup requires your ISP to route traffic for your VM's IP addresses to your host's IP address (I believe this is what you mean with "additionaly assigned network").