This note will give you some hints on how to set up a virtual network out of virtual machines on you Mac or Windows machine, using free tools (free as in beer; these tools are not free software as GNU/Linux or OpenVPN, they are just given away in binary form). If your primary machine is Linux, there are easier ways to set up virtual networking, using Linux's own free tools (free as in freedom: you get the source code and can make any modifications to it). We'll cover GNU/Linux network virtualization separately and in more depth, though. --------[ Virtual machines on a Mac ]-------- I use VirtualBox on MacOS for my virtual machines. Your other options are VMWare Fusion and Qemu, but the former costs about $80 beyond the month-long trial period, and the latter requires compilation (you will need Homebrew or MacPorts, and Apple's Xcode; see https://github.com/psema4/pine/wiki/Installing-QEMU-on-OS-X for some idea of what's involved, even though it's for emulating ARM, not x86). VirtualBox seems to be the simplest and most stable free option---let me know if you know a better one!) So download and install a VM engine. Next, build yourself a base virtual machine (VM) with Debian Linux. I used a minimal netinst CD image, which I downloaded from https://www.debian.org/CD/netinst/ Note that you should be on a relatively fast network for the duration of your install, as this small installer image will fetch packages as it installs them. This site has step-by-step instructions for creating a Debian VM. Note that things have become a bit simpler with the newer versions of VirtualBox: instead of connecting the netinst CD before starting the machine for the first time, you can just start it, and you will directly get a prompt to browse for the CD image. Also, you can choose a GUI installation (rather than the ASCII-based one in that tutorial), and it should work fine. Choose to install the SSH server. I used the MATE desktop package; I can't stand Gnome3 any more, it has become bloated and buggy. LXDE is another good choice. Uncheck the print server; we won't be using it. If you have extra space, choose to install the web server. Note that by default your VM will be created with a single Ethernet interface (eth0), NAT-ed, and with Network Manager controlling it, so that your VM can get its initial connectivity. That is fine, we'll reconfigure these later. --------[ Customizing a Debian VM ]-------- Once you get the basic system installed and get to the terminal prompt, install some additional software: apt-get install vim apt-get install emacs apt-get install wireshark apt-get install tshark apt-get install tcpdump apt-get install python-scapy apt-get install dsniff apt-get install ethtool Once you are done installing packages: # /etc/init.d/network-manager stop # apt-get remove network-manager # killall dhclient (this will not immediately destroy your connectivity, but may do so soon. To get back to DHCP-based connectivity, you can use # dhclient -v eth0 ---it's that easy. NetworkManager does not add much as all for wired connections.) Then kill some unnecessary services (this uses the new systemd style): systemctl stop nsf-common.service systemctl stop rpcbind.service systemctl disable nsf-common.service systemctl disable rpcbind.service To set the hostname for your VM (in my example, "netread1"): # hostname netread1 # echo netread1 > /etc/hostname (edit /etc/hosts to add "127.0.1.1 netread1") (if you wonder about 127.0.1.1, see https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution) You can configure your eth0 in /etc/network/interfaces the way Debian does it, but note that this will only work for eth0 (see CAVEAT below). You will need to type root commands into your VMs all the time, therefore it makes sense to give yourself passwordless sudo. I do this by putting the following line into /etc/sudoers: sergey ALL = (ALL) NOPASSWD: ALL This is _not_ a good idea for a production system! If you need to run commands on many systems at once in production, configuring key-based SSH access and then using ssh adminuser@host "command arg1 arg2 ..." would work much better. Also, I add the terminal (for MATE, /usr/bin/mate-terminal) to "Startup Applications" under Control Panels and turn off screen locking in Screensaver configs. --------[ Linked clones ]-------- Now you created a shiny new VM, but you want more than one. Your first VM takes up about 4G of space for a modest GUI-running desktop. Instead of copying the same filesystem over and over, and wasting 4G for each, you can "clone" you VM and make it a "linked" clone (as opposed to a full clone). Creating "linked" clones is under "Expert Mode" in the "Clone" command menu of VirtualBox (the default "Guided Mode" creates full clones). More about linked clones: http://serverfault.com/questions/526946/when-shall-i-use-linked-vs-full-vm-clones There are many tutorials on creating linked clones. Remember to click "Reinitialize MAC address of all network cards", otherwise you may end up with several identical MACs on a LAN, which leads to interesting effects but somewhat hard-to-debug effects. In the "cloud" environments, such tasks as cloning machines and configuring the clones to individualize them are handled automatically by various software packages, but the idea is pretty much the same. --------[ GNS3 ]--------- GNS3 (http://gns3.com) is a popular program that creates virtual networks. There are various other packages for that, but GNS3 is the most popular with people studying Cisco networking gear, as it supports virtual Cisco routers and switches. So I chose that program, figuring that it may come useful to you in your future explorations of networking. There are other alternatives, and I would like to hear from you if you succeed with any of these---see, for example, http://www.brianlinkletter.com/open-source-network-simulators/ With GNS3, you can create a topology (i.e., a network map with hosts and connections between their interfaces) as described in https://www.youtube.com/watch?v=TgjdHWDmTx4 "GNS3 Tutorial - Getting Started with GNS3 on Mac OS X - Building & Saving Your Topologies" and add your VirtualBox VMs to GNS3 as described in https://www.youtube.com/watch?v=oTEliQVyHD0 "GNS3 Tutorial - Installing then connecting VirtualBox to GNS3 in Mac OS X" Note, the latter video is for an older version of GNS3 that apparently worked differently. With the current version, you need not create virtual interfaces and attach them to machines (it won't work). Nor should you mark any interfaces "host-only" (they won't work). Instead, enable a virtual interface on a VM an leave it "Not attached"---GNS3 will automatically configure this interface. Note that GNS3 automatically manages and _starts_ your virtual machines that you put into the topology. This only works when these machines are in a _halted_ state (not suspended or paused!) This may be frustrating if you are used to pausing and resuming virtual machines---but you can still do that with individual machines, from VirtualBox Manager and menus, once GNS3 has started them and stitched then together into a virtual network. Remember, though, that this lasts only while GNS3 is running. If you exit it, you'll need to halt your VMs and restart them from GNS3 again, and repeat your interface configurations. One neat feature of GNS3 is that you can packet-sniff on its virtual links. Right-click on a link, and you'll see a menu item to capture packets on it; it will launch Wireshark and feed packets on this link into it (if installed, of course). --------[ CAVEAT: interface configurations ]------- GNS3 takes over all network interfaces of your VMs (it also creates new serial ones, see below). My network interface configurations thus did not survive VMs being restarted by GNS3; it just re-created one interface per VM. However, once GNS3 is running, you can halt VMs, add new interfaces to them, including ones bridged to actual host Internet- or LAN-connected interfaces, and restart them from the VirtualBox Manager console. The connections in the GNS3-emulated network will continue functioning, but now you can also route to wherever your VMs can connect using the added interfaces. GNS3 won't show you these additional interfaces (it only apparently shows those it created and configured), but they will work. Unfortunately, these additional interfaces will be destroyed when you start the VMs from GNS3, and you'll have to reconfigure them again. It's best to save your network configuration commands in a script, store it, and then re-run it when you re-create your interfaces to match. --------[ A simple network ]-------- My network is in gns3-screenshot.png The three VMs netread1, netread2, and netread-gw are linked clones of a fresh Debian 8.2 install, all with NetworkManager disabled. Accordingly, these machines come up without a configuration and connectivity. All my VMs are "powered off" and have an enabled "Not attached" virtual network interface. I click "Start" in GNS3, and all three come up, with interfaces auto-configured by GNS3. Once all machines come up and you get a root shell: netread1# ifconfig eth0 192.168.20.100 up netread2# ifconfig eth0 192.168.20.200 up netread-gw# ifconfig eth0 192.168.20.1 up Now you should be able to ping the machines from each other. Note that all VMs have only one interface each (if you look into VirtualBox's Settings > Network, you'll see that it's a "Generic Driver" using "UDPTunnel"). Older versions of GNS3 used to work with the VirtualBox's own "host-based" virtual interfaces, and you may hear about it in some youtube tutorials, but this is apparently no longer the case. How I halt and "Power Off" the netread-gw VM, and add another interface to it, using VirtualBox "Settings" > "Network" configs for this machine. I configure this second interface is "Bridged" with my Mac's en0. Then I restart the machine (again, from VirtualBox---I am not touching GNS3, which is running). Now, even though GNS3 view does not see it, netread-gw has an eth1 interface in addition to eth0. I configure both: netread-gw# ifconfig eth0 192.168.20.1 up netread-gw# dhclient -v eth1 At this point eth1 gets an IP address on my LAN, and my LAN's gateway for its default route (and, also, my DNS server address in /etc/resolver.conf). I can ping 8.8.8.8 from it. Now I want to provide connectivity to netread1 and netread2. For this, I configure netread-gw as their default gateway, and configure IP forwarding and NAT on netread-gw. netread-gw# echo 1 > /proc/sys/net/ipv4/ip_forward netread-gw# iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -j MASQUERADE netread1# route add default gw 192.168.20.1 netread2# route add default gw 192.168.20.1 Now these VMs can ping 8.8.8.8 too. To configure DNS on these, you need to set /etc/resolv.conf appropriately---and then you have a proper Internet connection in all VMs. Voila! --------[ Troubleshooting ]--------- I "paused" (suspended) my virtual machines, saving their state, then quit GNS3. When I attempted to start them back, I got the following error message: -------------- Failed to open a session for the virtual machine netread1. NamedPipe#0 failed to bind to local socket /var/folders/1h/3prjrhy96y55j8jrvttgd_kw0000gp/T/gns3_vbox/776153fa-9584-4a90-83d3-7b8f3cd601dc (VERR_FILE_NOT_FOUND). Result Code: NS_ERROR_FAILURE (0x80004005) Component: ConsoleWrap Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed} -------------- This was due to GNS3 automatically adding an emulated serial port to these VMs, bound to a Unix socket it created. After I quite GNS3, this socket got deleted; however, the VMs expected it on resume. I could not just remove the setting in the Settings > VM Ports, because VirtualBox does not allow us to remove devices from a running or paused machine, only from stopped machines. The fix was simple: create a file by this name. $ mkdir /var/folders/1h/3prjrhy96y55j8jrvttgd_kw0000gp/T/gns3_vbox $ touch /var/folders/1h/3prjrhy96y55j8jrvttgd_kw0000gp/T/gns3_vbox/776153fa-9584-4a90-83d3-7b8f3cd601dc This bypassed the error, and allowed me to shut down the machines, and to remove the serial ports. VMs started cleanly from GNS3 after that---and it recreated the (apparently useless) ports.