NAT Network and RHEL 7 network setup

Discussions about using Linux guests in VirtualBox.

NAT Network and RHEL 7 network setup

Postby EddyR » 23. Jul 2019, 11:26

Dear VB forum.

I am not a novice but seem to be missing something basic with NAT Network configuration and RHEL/CentOS 7. I have set up a "NAT Network" called NatNetwork (198.168.4.0/24) and 2 CentOS 7 clients configured with their Adapter 1 using NATnetwork with IP address provided by VB with DHCP. The CentOS 7 clients can ping the internet (8.8.8.8) but not each other. Firewall is disabled.

From my understanding this configuration without any other alterations is supposed to allow the 2 CentOS clients to contact each other as well as the internet.

What is not configured correctly?

The following is my configuration:
VB version: 6.0.10 r 132072 (Qt5.6.2)

Attached is the output from:
- ip route show
- ip a
Attachments
Capture.PNG
# ip route show
# ip a
Capture.PNG (19.63 KiB) Viewed 455 times
EddyR
 
Posts: 9
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Postby Martin » 23. Jul 2019, 12:05

How did you create the two centos clients?
Do they have different MAC addresses?
Martin
Volunteer
 
Posts: 2219
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Linux, OS/2

Re: NAT Network and RHEL 7 network setup

Postby EddyR » 23. Jul 2019, 17:11

The CentOS clients were build from scratch (i.e. new VM and install from CentOS minimal ISO)

Server1: 08:00:27:e8:35:1b
Server2: 08:00:27:58:f2:27

I wouldn't have expected the same MAC addresses ...
EddyR
 
Posts: 9
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Postby mpack » 23. Jul 2019, 18:14

To clarify, both CentOS guests were each built from scratch? You didn't build one and then clone it (which is the obvious move IMO)?

Yes, two CentOS guests configured to be on the same NAT network ought to be able to ping each other, unless ICMP has been disabled in them.

Can you show the results of "ifconfig -a" for both VMs?
mpack
Site Moderator
 
Posts: 29692
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: NAT Network and RHEL 7 network setup

Postby EddyR » 23. Jul 2019, 18:20

I've been trying to figure out why this doesn't work for some time so I built the simplest case - 2 CentOS clients from scratch each receiving their IP information over DHCP without any intervention from me. Both of the CentOS clients are configured to use the same NAT Networking.

From my understanding - this should just work (but it doesn't).
Eddy
EddyR
 
Posts: 9
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Postby socratis » 23. Jul 2019, 20:03

EddyR wrote:From my understanding - this should just work (but it doesn't).
This *does* work for a bunch of clients that I have, and so does for a lot of people.

Besides the info that mpack asked for ("ifconfig -a" for both, from within the guests), I'd like to see also the output from your host of the commands:
    VBoxManage list dhcpservers
    VBoxManage list natnetworks
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 25224
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: NAT Network and RHEL 7 network setup

Postby EddyR » 24. Jul 2019, 08:48

Below is what you asked for. All of the values should be default except for the IP for the "NAT Network" which I defined.
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1686
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_Ift forever preferred_Ift forever
inet6 ::1/128 scope host
valid_Ift forever preferred_Ift forever
2: enp@s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:e8:35:1b brd ff:ff:ff:ff:ff:ff
inet 198.168.4.23/24 brd 198.168.4.255 scope global noprefixroute dynamic enpés3
valid_Ift 840sec preferred_Ift 840sec
inet6 fe00::d66a:f810:59b1:eab9/64 scope link noprefixroute
valid_Ift forever preferred_Ift forever
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1686
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_Ift forever preferred_Ift forever
inet6 ::1/128 scope host
valid_Ift forever preferred_Ift forever
2: enp@s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:58:f2:27 brd ff:ff:ff:ff:ff:ff
inet 198.168.4.24/24 brd 198.168.4.255 scope global noprefixroute dynamic enpés3
valid_Ift 119@sec preferred_Ift 119@sec
inet6 fe00::970b:4167:97bd:c475/64 scope link noprefixroute
valid_Ift forever preferred_Ift forever
C:\Program Files\Oracle\VirtualBox>VBoxManage list dhcpservers
NetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter
IP: 192.168.56.100
NetworkMask: 255.255.255.0
lowerIPAddress: 192.168.56.101
upperIPAddress: 192.168.56.254
Enabled: Yes
Global options:
1:255.255.255.0

NetworkName: NatNetwork
IP: 198.168.4.3
NetworkMask: 255.255.255.0
lowerIPAddress: 198.168.4.4
upperIPAddress: 198.168.4.254
Enabled: Yes

Global options:
1:255.255.255.0
3:198.168.4.1
6:10.100.0.50 10.100.0.99 10.100.0.100
15:bynet.co.il
C:\Program Files\Oracle\VirtualBox>VBoxManage list natnetworks
NetworkName: NatNetwork
IP: 198.168.4.1
Network: 198.168.4.0/24
IPv6 Enabled: No
IPv6 Prefix: fd17:625c:f037:2::/64
DHCP Enabled: Yes
Enabled: Yes
loopback mappings (ipv4)
127.0.0.1=2
Last edited by socratis on 24. Jul 2019, 09:49, edited 2 times in total.
Reason: Fixed formatting.
EddyR
 
Posts: 9
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Postby socratis » 24. Jul 2019, 10:20

I took the liberty of highlighting the important parts in the output of your commands, hope you don't mind ;)

  1. The two guests have indeed different MACs.
  2. The two guests have indeed different IPs, from the correct NATnetwork range.
  3. Everything looks normal, host and guests.
Now, why you can't ping the two guests might be a problem with the guests, not VirtualBox.

Just for reference, here's a similar setup with my custom "VBoxNATservice" network option between a Mint19 and a Fedora29 clients. I "trimmed" the output for brevity, not for obfuscation, you don't care for all my 4 networking options ;) :
socratis@VB-Mint-19:~$ ip a
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:15:c6:f7 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.107/24 brd 192.168.40.255 scope global dynamic noprefixroute enp0s9
valid_lft 1149sec preferred_lft 1149sec
[socratis@vb-fedora-29-localdomain ~]$ ip a
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:23:de:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.146/24 brd 192.168.40.255 scope global dynamic noprefixroute enp0s9
valid_lft 980sec preferred_lft 980sec
$ VBoxManage list dhcpservers
NetworkName: VBoxNATservice
IP: 192.168.40.100
NetworkMask: 255.255.255.0
lowerIPAddress: 192.168.40.101
upperIPAddress: 192.168.40.254
Enabled: Yes
Global options:
1:255.255.255.0
3:192.168.40.1
6:1.1.1.1
15:SGK
$ VBoxManage list natnetworks
NetworkName: VBoxNATservice
IP: 192.168.40.1
Network: 192.168.40.0/24
IPv6 Enabled: Yes
IPv6 Prefix: fd17:625c:f037:a828::/64
DHCP Enabled: Yes
Enabled: Yes
loopback mappings (ipv4)
127.0.0.1=2

and finally pinging Mint19 from Fedora29:
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 192.168.40.107
PING 192.168.40.107 (192.168.40.107) 56(84) bytes of data.
64 bytes from 192.168.40.107: icmp_seq=1 ttl=64 time=0.554 ms
64 bytes from 192.168.40.107: icmp_seq=2 ttl=64 time=0.306 ms
64 bytes from 192.168.40.107: icmp_seq=3 ttl=64 time=0.380 ms
64 bytes from 192.168.40.107: icmp_seq=4 ttl=64 time=0.345 ms

--- 192.168.40.107 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 102ms
rtt min/avg/max/mdev = 0.306/0.396/0.554/0.095 ms

and vice versa, pinging Fedora29 from Mint19:
socratis@VB-Mint-19:~$ ping -c 4 192.168.40.146
PING 192.168.40.146 (192.168.40.146) 56(84) bytes of data.
64 bytes from 192.168.40.146: icmp_seq=1 ttl=64 time=0.256 ms
64 bytes from 192.168.40.146: icmp_seq=2 ttl=64 time=0.624 ms
64 bytes from 192.168.40.146: icmp_seq=3 ttl=64 time=0.284 ms
64 bytes from 192.168.40.146: icmp_seq=4 ttl=64 time=0.602 ms

--- 192.168.40.146 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3064ms
rtt min/avg/max/mdev = 0.256/0.441/0.624/0.173 ms
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 25224
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: NAT Network and RHEL 7 network setup

Postby EddyR » 24. Jul 2019, 13:31

So I see that in your environment it works yet mine it doesn't.
Could you point out where you might think the issue/differences might be?

Shouldn't I be able to ping the gateway (192.168.4.1)?
Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?

Eddy
EddyR
 
Posts: 9
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Postby socratis » 24. Jul 2019, 16:09

EddyR wrote:Could you point out where you might think the issue/differences might be?
Already told you:
socratis wrote:might be a problem with the guests, not VirtualBox


EddyR wrote:Shouldn't I be able to ping the gateway (192.168.4.1)?
Sure, if it allows it...
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 192.168.40.1
PING 192.168.40.1 (192.168.40.1) 56(84) bytes of data.
64 bytes from 192.168.40.1: icmp_seq=1 ttl=255 time=0.128 ms
64 bytes from 192.168.40.1: icmp_seq=2 ttl=255 time=0.198 ms
64 bytes from 192.168.40.1: icmp_seq=3 ttl=255 time=0.299 ms
64 bytes from 192.168.40.1: icmp_seq=4 ttl=255 time=0.439 ms

--- 192.168.40.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 51ms
rtt min/avg/max/mdev = 0.128/0.266/0.439/0.116 ms


EddyR wrote:Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?
I'm not really sure that pinging a broadcast address should ... ping anything:
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 -b 192.168.40.0
WARNING: pinging broadcast address
PING 192.168.40.0 (192.168.40.0) 56(84) bytes of data.

--- 192.168.40.0 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 110ms
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 25224
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: NAT Network and RHEL 7 network setup

Postby mpack » 24. Jul 2019, 16:39

socratis wrote:I'm not really sure that pinging a broadcast address should ... ping anything

That would be a no-no in most networking protocols that I'm familiar with. It's a recipe for a cascade condition. Or a DoS attack.

A discovery function in a network would allow replies to a broadcast message, but there would be safeguards to protect against contention, such as randomly selecting a turnaround delay. I'm not an expect on TCP/IP/UDP networks, but AFAIK ping is not intended to be used that way.
mpack
Site Moderator
 
Posts: 29692
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: NAT Network and RHEL 7 network setup

Postby fth0 » 24. Jul 2019, 23:03

@socratis
A little bit off topic:

You edited/formatted one of EddyR's posts, and it looks like the result of a bad character recognition program to me, e.g. valid_Ift (with capital I after the underscore), enp@s0, enpés0, and the IPv4 addresses all start with 198 instead of 192.

I verified this in Safari on a macOS host (@home) and in Firefox on a Linux host (@work).

Now I'm curious how this has been achieved. :D
fth0
 
Posts: 143
Joined: 14. Feb 2019, 03:06
Location: Germany
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, macOS, ...

Re: NAT Network and RHEL 7 network setup

Postby socratis » 25. Jul 2019, 00:32

@fth0
You're right! But the only things that I did was:
  • I did not touch the content at all, I never do, I even leave mistakes intact! These errors/misreadings that you point out were there, in the original post. Just look at the first post and the picture included. Maybe it was 'EddyR' that passed it through an OCR? And that goes for the "valid_lft" and the "enp0s3" part, not the 198.168 part, that's really clear, and there's nothing wrong with that part, even networking wise (I think).
  • I just included the output in {quote}{pre} ... {/pre}{/quote} tags to better simulate the Terminal output and I highlighted with {color}{b} ... {/b}{/color} the interesting parts, to have a better focus for the reader.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 25224
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: NAT Network and RHEL 7 network setup

Postby fth0 » 25. Jul 2019, 01:52

Thanks for your explanations. :-)

socratis wrote:Just look at the first post and the picture included.

You're most probably right. I've been misled by one of his later posts, in which 'EddyR' used 192.168 himself.

socratis wrote:[...] the 198.168 part, that's really clear, and there's nothing wrong with that part, even networking wise (I think).

It depends. As long as all IPv4 packets with an IPv4 destination address in this range stay limited to the (closed) NAT network, there probably will be no problem. But if (someday) such IPv4 packets reach the router, then the router could do the job it is named after, and route the packets to the Internet, like it or not. :) Therefore, using private IPv4 addresses in private networks is a common (and simple) precautionary measure in network security.
fth0
 
Posts: 143
Joined: 14. Feb 2019, 03:06
Location: Germany
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, macOS, ...

Re: NAT Network and RHEL 7 network setup

Postby socratis » 25. Jul 2019, 02:09

fth0 wrote:then the router could do the job it is named after, and route the packets to the Internet, like it or not.
That's a keeper! :lol:

Networking question for you: assume that I have two VMs, or even better Computers with public IP addresses (like 198.168.4.x), but in a LAN-like environment, and let's go with the simplest case; Ethernet cable to the router. Wouldn't the fact that they're in the same masked range (255.255.255.0) mean that the packets wouldn't go through the router to the outside world, but the router (knowing the arp table) simply forward the packets to the corresponding destination?
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 25224
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Next

Return to Linux Guests

Who is online

Users browsing this forum: No registered users and 9 guests