NAT Network and RHEL 7 network setup

Discussions about using Linux guests in VirtualBox.
EddyR
Posts: 16
Joined: 23. Jul 2019, 09:49

NAT Network and RHEL 7 network setup

Post by EddyR »

Dear VB forum.

I am not a novice but seem to be missing something basic with NAT Network configuration and RHEL/CentOS 7. I have set up a "NAT Network" called NatNetwork (198.168.4.0/24) and 2 CentOS 7 clients configured with their Adapter 1 using NATnetwork with IP address provided by VB with DHCP. The CentOS 7 clients can ping the internet (8.8.8.8) but not each other. Firewall is disabled.

From my understanding this configuration without any other alterations is supposed to allow the 2 CentOS clients to contact each other as well as the internet.

What is not configured correctly?

The following is my configuration:
VB version: 6.0.10 r 132072 (Qt5.6.2)

Attached is the output from:
- ip route show
- ip a
Attachments
# ip route show<br /># ip a
# ip route show
# ip a
Capture.PNG (19.63 KiB) Viewed 6399 times
Martin
Volunteer
Posts: 2560
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Win10, Linux, OS/2

Re: NAT Network and RHEL 7 network setup

Post by Martin »

How did you create the two centos clients?
Do they have different MAC addresses?
EddyR
Posts: 16
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Post by EddyR »

The CentOS clients were build from scratch (i.e. new VM and install from CentOS minimal ISO)

Server1: 08:00:27:e8:35:1b
Server2: 08:00:27:58:f2:27

I wouldn't have expected the same MAC addresses ...
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: NAT Network and RHEL 7 network setup

Post by mpack »

To clarify, both CentOS guests were each built from scratch? You didn't build one and then clone it (which is the obvious move IMO)?

Yes, two CentOS guests configured to be on the same NAT network ought to be able to ping each other, unless ICMP has been disabled in them.

Can you show the results of "ifconfig -a" for both VMs?
EddyR
Posts: 16
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Post by EddyR »

I've been trying to figure out why this doesn't work for some time so I built the simplest case - 2 CentOS clients from scratch each receiving their IP information over DHCP without any intervention from me. Both of the CentOS clients are configured to use the same NAT Networking.

From my understanding - this should just work (but it doesn't).
Eddy
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: NAT Network and RHEL 7 network setup

Post by socratis »

EddyR wrote:From my understanding - this should just work (but it doesn't).
This *does* work for a bunch of clients that I have, and so does for a lot of people.

Besides the info that mpack asked for ("ifconfig -a" for both, from within the guests), I'd like to see also the output from your host of the commands:
  • VBoxManage list dhcpservers
    VBoxManage list natnetworks
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
EddyR
Posts: 16
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Post by EddyR »

Below is what you asked for. All of the values should be default except for the IP for the "NAT Network" which I defined.
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1686
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_Ift forever preferred_Ift forever
inet6 ::1/128 scope host
valid_Ift forever preferred_Ift forever
2: enp@s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:e8:35:1b brd ff:ff:ff:ff:ff:ff
inet 198.168.4.23/24 brd 198.168.4.255 scope global noprefixroute dynamic enpés3
valid_Ift 840sec preferred_Ift 840sec
inet6 fe00::d66a:f810:59b1:eab9/64 scope link noprefixroute
valid_Ift forever preferred_Ift forever
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1686
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_Ift forever preferred_Ift forever
inet6 ::1/128 scope host
valid_Ift forever preferred_Ift forever
2: enp@s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:58:f2:27 brd ff:ff:ff:ff:ff:ff
inet 198.168.4.24/24 brd 198.168.4.255 scope global noprefixroute dynamic enpés3
valid_Ift 119@sec preferred_Ift 119@sec
inet6 fe00::970b:4167:97bd:c475/64 scope link noprefixroute
valid_Ift forever preferred_Ift forever
C:\Program Files\Oracle\VirtualBox>VBoxManage list dhcpservers
NetworkName:    HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter
IP:             192.168.56.100
NetworkMask:    255.255.255.0
lowerIPAddress: 192.168.56.101
upperIPAddress: 192.168.56.254
Enabled:        Yes
Global options:
   1:255.255.255.0

NetworkName:    NatNetwork
IP:             198.168.4.3
NetworkMask:    255.255.255.0
lowerIPAddress: 198.168.4.4
upperIPAddress: 198.168.4.254
Enabled:        Yes
Global options:
   1:255.255.255.0
   3:198.168.4.1
   6:10.100.0.50 10.100.0.99 10.100.0.100
   15:bynet.co.il
C:\Program Files\Oracle\VirtualBox>VBoxManage list natnetworks
NetworkName:    NatNetwork
IP:             198.168.4.1
Network:        198.168.4.0/24
IPv6 Enabled:   No
IPv6 Prefix:    fd17:625c:f037:2::/64
DHCP Enabled:   Yes
Enabled:        Yes
loopback mappings (ipv4)
        127.0.0.1=2
Last edited by socratis on 24. Jul 2019, 09:49, edited 2 times in total.
Reason: Fixed formatting.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: NAT Network and RHEL 7 network setup

Post by socratis »

I took the liberty of highlighting the important parts in the output of your commands, hope you don't mind ;)
  1. The two guests have indeed different MACs.
  2. The two guests have indeed different IPs, from the correct NATnetwork range.
  3. Everything looks normal, host and guests.
Now, why you can't ping the two guests might be a problem with the guests, not VirtualBox.

Just for reference, here's a similar setup with my custom "VBoxNATservice" network option between a Mint19 and a Fedora29 clients. I "trimmed" the output for brevity, not for obfuscation, you don't care for all my 4 networking options ;) :
socratis@VB-Mint-19:~$ ip a
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:15:c6:f7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.40.107/24 brd 192.168.40.255 scope global dynamic noprefixroute enp0s9
       valid_lft 1149sec preferred_lft 1149sec
[socratis@vb-fedora-29-localdomain ~]$ ip a
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:23:de:63 brd ff:ff:ff:ff:ff:ff
    inet 192.168.40.146/24 brd 192.168.40.255 scope global dynamic noprefixroute enp0s9
       valid_lft 980sec preferred_lft 980sec
$ VBoxManage list dhcpservers
NetworkName:    VBoxNATservice
IP:             192.168.40.100
NetworkMask:    255.255.255.0
lowerIPAddress: 192.168.40.101
upperIPAddress: 192.168.40.254
Enabled:        Yes
Global options:
   1:255.255.255.0
   3:192.168.40.1
   6:1.1.1.1
   15:SGK
$ VBoxManage list natnetworks
NetworkName:    VBoxNATservice
IP:             192.168.40.1
Network:        192.168.40.0/24
IPv6 Enabled:   Yes
IPv6 Prefix:    fd17:625c:f037:a828::/64
DHCP Enabled:   Yes
Enabled:        Yes
loopback mappings (ipv4)
        127.0.0.1=2
and finally pinging Mint19 from Fedora29:
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 192.168.40.107
PING 192.168.40.107 (192.168.40.107) 56(84) bytes of data.
64 bytes from 192.168.40.107: icmp_seq=1 ttl=64 time=0.554 ms
64 bytes from 192.168.40.107: icmp_seq=2 ttl=64 time=0.306 ms
64 bytes from 192.168.40.107: icmp_seq=3 ttl=64 time=0.380 ms
64 bytes from 192.168.40.107: icmp_seq=4 ttl=64 time=0.345 ms

--- 192.168.40.107 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 102ms
rtt min/avg/max/mdev = 0.306/0.396/0.554/0.095 ms
and vice versa, pinging Fedora29 from Mint19:
socratis@VB-Mint-19:~$ ping -c 4 192.168.40.146
PING 192.168.40.146 (192.168.40.146) 56(84) bytes of data.
64 bytes from 192.168.40.146: icmp_seq=1 ttl=64 time=0.256 ms
64 bytes from 192.168.40.146: icmp_seq=2 ttl=64 time=0.624 ms
64 bytes from 192.168.40.146: icmp_seq=3 ttl=64 time=0.284 ms
64 bytes from 192.168.40.146: icmp_seq=4 ttl=64 time=0.602 ms

--- 192.168.40.146 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3064ms
rtt min/avg/max/mdev = 0.256/0.441/0.624/0.173 ms
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
EddyR
Posts: 16
Joined: 23. Jul 2019, 09:49

Re: NAT Network and RHEL 7 network setup

Post by EddyR »

So I see that in your environment it works yet mine it doesn't.
Could you point out where you might think the issue/differences might be?

Shouldn't I be able to ping the gateway (192.168.4.1)?
Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?

Eddy
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: NAT Network and RHEL 7 network setup

Post by socratis »

EddyR wrote:Could you point out where you might think the issue/differences might be?
Already told you:
socratis wrote:might be a problem with the guests, not VirtualBox
EddyR wrote:Shouldn't I be able to ping the gateway (192.168.4.1)?
Sure, if it allows it...
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 192.168.40.1
PING 192.168.40.1 (192.168.40.1) 56(84) bytes of data.
64 bytes from 192.168.40.1: icmp_seq=1 ttl=255 time=0.128 ms
64 bytes from 192.168.40.1: icmp_seq=2 ttl=255 time=0.198 ms
64 bytes from 192.168.40.1: icmp_seq=3 ttl=255 time=0.299 ms
64 bytes from 192.168.40.1: icmp_seq=4 ttl=255 time=0.439 ms

--- 192.168.40.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 51ms
rtt min/avg/max/mdev = 0.128/0.266/0.439/0.116 ms
EddyR wrote:Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?
I'm not really sure that pinging a broadcast address should ... ping anything:
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 -b 192.168.40.0
WARNING: pinging broadcast address
PING 192.168.40.0 (192.168.40.0) 56(84) bytes of data.

--- 192.168.40.0 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 110ms
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: NAT Network and RHEL 7 network setup

Post by mpack »

socratis wrote:I'm not really sure that pinging a broadcast address should ... ping anything
That would be a no-no in most networking protocols that I'm familiar with. It's a recipe for a cascade condition. Or a DoS attack.

A discovery function in a network would allow replies to a broadcast message, but there would be safeguards to protect against contention, such as randomly selecting a turnaround delay. I'm not an expect on TCP/IP/UDP networks, but AFAIK ping is not intended to be used that way.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: NAT Network and RHEL 7 network setup

Post by fth0 »

@socratis
A little bit off topic:

You edited/formatted one of EddyR's posts, and it looks like the result of a bad character recognition program to me, e.g. valid_Ift (with capital I after the underscore), enp@s0, enpés0, and the IPv4 addresses all start with 198 instead of 192.

I verified this in Safari on a macOS host (@home) and in Firefox on a Linux host (@work).

Now I'm curious how this has been achieved. :D
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: NAT Network and RHEL 7 network setup

Post by socratis »

@fth0
You're right! But the only things that I did was:
  • I did not touch the content at all, I never do, I even leave mistakes intact! These errors/misreadings that you point out were there, in the original post. Just look at the first post and the picture included. Maybe it was 'EddyR' that passed it through an OCR? And that goes for the "valid_lft" and the "enp0s3" part, not the 198.168 part, that's really clear, and there's nothing wrong with that part, even networking wise (I think).
  • I just included the output in {quote}{pre} ... {/pre}{/quote} tags to better simulate the Terminal output and I highlighted with {color}{b} ... {/b}{/color} the interesting parts, to have a better focus for the reader.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: NAT Network and RHEL 7 network setup

Post by fth0 »

Thanks for your explanations. :-)
socratis wrote:Just look at the first post and the picture included.
You're most probably right. I've been misled by one of his later posts, in which 'EddyR' used 192.168 himself.
socratis wrote:[...] the 198.168 part, that's really clear, and there's nothing wrong with that part, even networking wise (I think).
It depends. As long as all IPv4 packets with an IPv4 destination address in this range stay limited to the (closed) NAT network, there probably will be no problem. But if (someday) such IPv4 packets reach the router, then the router could do the job it is named after, and route the packets to the Internet, like it or not. :) Therefore, using private IPv4 addresses in private networks is a common (and simple) precautionary measure in network security.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: NAT Network and RHEL 7 network setup

Post by socratis »

fth0 wrote:then the router could do the job it is named after, and route the packets to the Internet, like it or not.
That's a keeper! :lol:

Networking question for you: assume that I have two VMs, or even better Computers with public IP addresses (like 198.168.4.x), but in a LAN-like environment, and let's go with the simplest case; Ethernet cable to the router. Wouldn't the fact that they're in the same masked range (255.255.255.0) mean that the packets wouldn't go through the router to the outside world, but the router (knowing the arp table) simply forward the packets to the corresponding destination?
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Post Reply