VM's using bridged network on different subnet recently stopped working

Discussions related to using VirtualBox on Windows hosts.
Post Reply
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

Hello!

For years, I have been using VirtualBox to connect a Windows 10 VM to a bridged Ethernet network on one subnet while my host Windows 10 is connected to a wireless network. Using this setup I can work w/ my PC on a corporate network (say 192.168.1.0/24) using my WiFi, while using a VM to configure a switch or firewall on a different subnet (say 192.168.2.0/24) on my laptop's Ethernet port. I had full access from both my host PC and also my Windows 10 VM with DNS & routing working separately through the separate networks. Sometimes, I had the need to connect to a 2nd Ethernet network (say 192.168.3.0/24) and I could use a USB Ethernet port and have a 2nd VM using this 2nd Ethernet for access to two different subnets via VM's and a 3rd network from my host PC.

A few months ago, this setup stopped working. I can get a ping working from the VM to a device on the Ethernet network, but I can't get other ports to work (like web management). I've tried uninstalling VirtualBox (6.1.18) and re-installing with no success. I can see the bridged adapters listed, and can select them - I just can't get TCP connectivity to work.

I'd really like to get this working again. I'm not sure if a Windows Update broke this functionality, or an upgrade of VirtualBox, or something else caused this. But at times it sure comes in handy, and I'd love to get it working again.

Any ideas? Has this broken for anyone else? Or maybe no one else connects to separate subnets like I do.

Dave
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

Your description of the formerly working setup sounds like you have some background knowledge in networking, but your problem description seems to fall a bit short in comparison. Let's fill in some details:

Which of the following basic networking protocols do still work as expected: ARP? DHCP? DNS?

You could use Wireshark on the host to investigate further ...
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

Re: VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

I could use Wireshark, but I haven't taken the time. I was actually hoping that someone else had seen this issue and either had a work around for it or could tell me that there was a bug introduced in VirtualBox and I could go back a few versions to resolve the bridged network issue.

ARP is obviously working because I can ping on the VM's bridged network. I haven't tried DNS, but I doubt that it's working. And I can't recall having tried DHCP on the bridged network - I normally just configure static IP's on the VM.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

FWIW, I think I haven't seen your issue before. But my knowledge about your issue is limited to the information you've given so far, so I could be wrong. For example, you wrote that you "just can't get TCP connectivity to work". Does that mean that you entered a URL in a browser, which could simply be a DNS-related issue, or that you sent a single TCP-SYN packet and didn't get a TCP-SYN/ACK packet in reply, or something in between those two extreme examples?

You are of course welcome to wait a few days for further comments, but I could imagine that your setup is not that common amongst the VirtualBox users reading the VirtualBox forums.
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

Re: VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

Yes, I am trying to use a browser to manage devices, but I am using IP and not DNS resolution (http://192.168.1.1). I have no idea of whether or not the three way handshake is being made - just that I can't manage my devices over the bridged network.
I guess my use-case is a bit abnormal when I'm often using VirtuaBox for multi-subnet access on different NIC's. It used to work so well. :-(
If I get a chance to do further troubleshooting, I'll try to give Wireshark a shot.
Thanks!
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

You're welcome. Two further hints:

If a ping to a specific destination IP works, but not HTTP or TCP traffic, there could be a firewall involved.

Modern browsers also have a network tracer built-in, which can be more comfortable than Wireshark, if the problem is situated somewhere in the higher network layers.
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

Re: VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

What firewall are you referring to? On the VirtualBox host? The VM? The device that I'm connecting to? I'm not talking about inbound access to my VM.
- The device that I'm trying to connect to would typically be a hardware firewall that allows https management.
- My Windows 10 VirtualBox host has a firewall enabled. Not sure how that would affect the VM using a bridged network. Using a VM for outbound access has worked in the past without issue.
- The Windows 10 VM has a firewall enabled, but that doesn't prevent me from accessing http or https devices.

Unless something has changed in Windows or in VirtualBox with the way that the host firewall works, I don't think that it's a firewall issue.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

dbaddorf wrote:What firewall are you referring to?
Anywhere from the IP source to the IP destination, as you've already considered.

An answered ping usually means that the IP routing works as expected. A TCP connection that cannot be established then either means that a firewall blocked one of the directions, or the TCP receiver doesn't want this connection. I think it would be much easier to check this using Wireshark than to theorize about it.
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

Re: VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

Ok, I got some time to test this setup (after installing Windows 10 20h2 update). Now my VirtualBox networking works like it used. Just like taking your car to the mechanic. I'm certainly not sure what fixed it (or if it's even fixed for good).

Here is what I did for my test in case anyone is interested:
  • Windows 10 Host:
    Wireless Adapter: DHCP on the 192.168.2.0/24 network
    Wired Adapter: Static IP: 192.168.10.10/24, no DG, this is to keep my Windows 10 PC from using this network for Internet traffic since Windows seems to default to using a Wired network over a Wireless network
    Wired Adapter is connected to hardware firewall with a static IP of 192.168.1.1/24

    Windows 10 VM:
    Bridged Adapter using Ethernet adapter of host.
    Wired Adapter (bridged): Static IP: 192.168.1.10/24
As I said, it works now. I can ping 192.168.1.1 from the Windows 10 VM. I can also use a browser to manage this firewall at https://192.168.1.1.

I use this setup so that I can use my laptop's wireless connection to stay connected to a corporate LAN & Internet. But I can use my wired adapter and a VM to manage network devices on a separate subnet. I can even specific different DNS & DG for the VM and have separate Internet access from the VM which doesn't interfere with my host. And with a 2nd USB Ethernet Adapter on my host, I can actually work on two separate networks besides the host's network, all with independent access.

Hope this helps someone else.

Dave
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

Thanks for reporting back!
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

Re: VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

Just in case someone comes across this thread, I wanted to post an update.

I had an opportunity last week where I was connected to one Ethernet network subnet (10.2.6.0/24) on my Windows 10 host. Then in a VirtualBox Windows 10 VM, connected to a bridged 2nd Ethernet adapter on my laptop, I was connected to a different network subnet (192.168.253.0/24). With the VirtualBox VM, I was able to access devices on the local 192.168.253.0/24 subnet without issue. But when I tried to access devices on the 10.2.6.0 using Remote Desktop from my VM, I couldn't get this to work. With a packet capture running on the 192.168.253.1 firewall, I didn't even see the RDP packets hitting the firewall - they must not be existing the physical NIC on my laptop. I could ping to this remote network without problem from the VM, showing that basic routing was working without issue.

This indicates to me that VirtualBox is still not working correctly, as it used to work well for testing this sort of connectivity between networks. I could use my laptop and have independent access for up to three networks (wireless and two Ethernet networks) and test the connectivity between these networks as if I had three seperate devices.

I'm not really expecting someone to fix this, but VirtualBox sure was a helpful tool to be able to use in this sort of testing in the past.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

Although you describe your setup in some good detail, it's still not detailed enough to replicate it, and as long as nobody can replicate your problem, nobody can fix anything. I can build something similar to your setup, and it "just works".

Perhaps the following (with example values matching your description) is of some use for you:

If the VM was given the IP address 192.168.253.100 (either statically or via DHCP), and it would want to send either an ICMP Echo Request or a TCP SYN packet to the IP address 10.2.6.200, the VM would first send an ARP request to acquire the MAC address of the gateway in the 192.168.253.0/24 network, and then send the IP packet to that MAC address. If there was no gateway configured (either statically or via DHCP), the IP packet would be dropped right away and not even leave the VM. Everything else is out of control of the VM and/or VirtualBox.
dbaddorf
Posts: 7
Joined: 5. Apr 2021, 21:11

Re: VM's using bridged network on different subnet recently stopped working

Post by dbaddorf »

Thanks for showing interest. I did have the default gateway in my VM, which is why the ping worked. But I certainly realize that I didn't include all of the pertinent info if someone would really like to duplicate this issue. So here goes:

The Goal:
Use a Windows 10 VM to configure and test a firewall which will be deployed at a remote branch office while using my Windows 10 host to connect to the head-end corporate LAN. I would like to use this setup to configure the branch office for Internet connectivity and to create a site to site IPSec VPN between the firewalls so they pass traffic between the branch-office LAN (192.168.253.0/24) and the head-end corporate LAN (10.2.6.0/24). I used to be able to use VirtualBox on my laptop for this kind of setup and it worked flawlessly. Then, I'm assuming either a VirtualBox update or a Windows Update caused it to stop working.

Onboard Ethernet: Used for host communication
DHCP address: 10.2.6.100/24, DG: 10.2.6.251
Connected to corporate LAN.

USB Ethernet: Used for VM communication
On Host, configured for static IP of 192.168.10.1/24, no DG. This is to keep the Windows 10 Host from using the adapter for Host traffic (no default gateway and I am not accessing anything on this subnet).
Configured as Bridged Network for Windows 10 VM. Within VM, DHCP works, but I was using a static IP of 192.168.253.10/24, DG: 192.168.253.1.
Connected to the branch office firewall with IP of 192.168.253.1.

Results:
I can use the VM to access the local 192.168.253.0/24 subnet without problem. This allows me to configure branch office firewall using https://192.168.253.1. After configuring the site-to-site VPN between the firewalls, from the VM I can ping 10.2.6.251 [corporate firewall] or any host on the 10.2.6.0/24 network. This shows that the IP routing is working on the VM, firewalls, and corporate LAN. However, when I try to Remote Desktop from the VM to a host on the corporate network, I don't see any packets hitting the branch firewall. With a packet sniffer running on these FortiGate firewalls, I can see the ICMP traffic (echo & echo replies), but no RDP (port 3389). Of course if I tried to Remote Desktop to the corporate network from my host OS, it would go out the Onboard Ethernet. But when using the Bridged USB Ethernet connected to the VM, the VM doesn't put the RDP packets on the USB Ethernet port and they aren't seen on the Branch firewall.

If someone is trying to duplicate this setup, and need any further information, please let me know.

Thanks! Dave
Martin
Volunteer
Posts: 2560
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Win10, Linux, OS/2

Re: VM's using bridged network on different subnet recently stopped working

Post by Martin »

There is nothing in Virtualbox which could create such a "filtering".
Most probably this must be something inside your VM.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VM's using bridged network on different subnet recently stopped working

Post by fth0 »

Thank you for your detailed description. I just realized that you're trying to connect to the same corporate LAN network from within the VM, which opens up the possibility of back-routing problems. I'd suggest to try the following independent ideas:

Use Wireshark on the guest to simultaneously capture on all network interfaces. At the same time, also use Wireshark on the host to simultaneously capture on all network interfaces. Try the ping and the RDP connection. I can also take a look at the Wireshark captures if you want.

On the Windows host, go to the properties dialog of the network adapter used from the host, and uncheck the VirtualBox driver. Go to the properties dialog of the network adapter used from the VM, and uncheck the IPv4 and IPv6 drivers. Reboot the host and test if that makes a difference.

Use a browser on the guest to access a web server on the corporate network, to differentiate between RDP and HTTP(S) problems. Or try SSH. Also note that RDP can use several TCP and UDP connections, and your problems may be TCP or UDP dependent.
Post Reply