HTTP working for all ip adresses except one (vagrant + NAT)

Discussions related to using VirtualBox on Linux hosts.
Post Reply
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

I have a weird issue that I'd like to overcome but I don't know were to look for debugging. I don't even know if its due to Virtualbox, Vagrant, network, firewall or whatever.

Steps to reproduce :

Code: Select all

vagrant init ubuntu/jammy64
vagrant up
vagrant ssh
From there I can access the internet without issue :

Code: Select all

wget --spider VIRTUALBOX_ORG
[...]
Connecting to VIRTUALBOX_ORG ... connected.
request sent, awaiting response... 200 OK
Only one website is inaccessible : THE_IP on port 80 or 443 ; ping is working ; access on ports 80 and 443 from host is working

Code: Select all

host$ wget --spider THE_IP
[...]
request sent, awaiting response... 200 OK

Code: Select all

vagrant@ubuntu-jammy:~$ ping THE_IP
PING THE_IP (THE_IP) 56(84) bytes of data.
64 bytes from THE_IP: icmp_seq=1 ttl=63 time=1.18 ms

vagrant@ubuntu-jammy:~$ wget --spider THE_IP
Spider mode enabled. Check if remote file exists.
--2023-01-03 14:35:19--  THE_IP
Connecting to THE_IP 80... failed: Connection timed out.

Using sudo tcpdump dst THE_IP on the host, I don't see anything whereas using an other IP address I can see the packets.
Using sudo tcpdump dst THE_IP on the guest, I only see outgoing packets.

Therefore I guess the issue is between the guest and the host but I don't know where to look...


Host config : Ubuntu 22.04 - Virtualbox Version 7.0.4 r154605 (Qt5.15.3)

I noticed the same issue on a Windows Host within the same network.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by scottgus1 »

A couple things to know:

1. Vagrant isn't supported here. They have their own help channels. If you can demonstrate the same issue in a Virtualbox-only-driven VM not influenced by Vagrant in any way, then we can help.

2.Once you get a Virtualbox-only VM with the same issues happening:
Nestom wrote:From there I can access the internet without issue :
Is this from within the VM's OS?
Nestom wrote:Only one website is inaccessible : THE_IP on port 80 or 443 ; ping is working ; access on ports 80 and 443 from host is working
Is this trying to access from the host OS or the LAN into a website hosted within the VM?

3.
Nestom wrote:I guess the issue is between the guest and the host but I don't know where to look...
If the VM is using Virtualbox's NAT for its network, do you have ports 80 and 443 open in the NAT Port Forwarding? See Virtualbox Networks: In Pictures: NAT
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

Thank you for your answer. It lead me to investigate a little more.
1. Vagrant isn't supported here. If you can demonstrate the same issue in a Virtualbox-only-driven VM not influenced by Vagrant in any way, then we can help.
I downloaded Ubuntu cloud image OVA for Ubuntu jammy and imported it into VirtualBox ; same issue.

That being said, I can't conclude yet that this is a VirtualBox-only problem and not related to my organization network or firewall.

2. From within the VM OS I have no issue to access the internet. (To clarify my original post, the vagrant ssh command ssh into the VM)
Is this trying to access from the host OS or the LAN into a website hosted within the VM?
I'm trying to access a public website from the VM OS. The public website is on my organization network though.

3. In the VM's network config I have nothing in Advanced > Port forwarding
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

I found something interesting !

Actually, there seems to be an issue with all IP addresses ending with .2 (1.1.1.2 and 1.0.0.2 affected).
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by scottgus1 »

Nestom wrote:
Nestom wrote:From within the VM OS I have no issue to access the internet.
I'm trying to access a public website from the VM OS. The public website is on my organization network though.
OK, this is understandable. You're able to access the internet from the VM, and you are trying to get access out of the VM to a computer on the office LAN. Neither of these will require a port-forward.

From the linked tutorial, you'll see that Virtualbox's NAT behaves like a router, with the VM on the private "LAN" side of the 'router' and the internet, the host, and the rest of the office LAN on the public "WAN" side of the 'router'. As long as you did not change the DHCP-served 10.0.2.15 IP address that NAT serves to the VM's adapter, everything should work, as is evidenced by your VM's ability to access the internet. The Virtualbox network is working, and the trouble may be configuration issues in the office LAN.

Note please that if your office LAN is not behind a router, and you have public IP addresses coming directly to the PCs instead of private IP addresses from the router, we might need a forum network guru to help out. I don't grok internet-direct-to-PC networks yet, only behind-router networks...
Nestom wrote:there seems to be an issue with all IP addresses ending with .2 (1.1.1.2 and 1.0.0.2 affected).
If your example IP addresses are PCs inside your office LAN, then your LAN is misconfigured. These IPs are public internet IPs that should not be behind a router. I tried http://1.0.0.2 on the internet and got a Cloudflare DNS error website. http://1.1.1.2 went to a Cloudflare service website.

Please post the VM's .vbox file, unobfuscated, zipped, using the forum's Upload Attachment tab, so we can see what its configuration is. Also, please provide the output of 'ifconfig' or 'ip address' from within the VM, also the command output from the host.
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

Hum... It worked briefly but don't work again... Vagrant may not be totally out of the way as I can more easily reproduce the issue with it. I'll make some more tests.
Note please that if your office LAN is not behind a router, and you have public IP addresses coming directly to the PCs instead of private IP addresses from the router, we might need a forum network guru to help out. I don't grok internet-direct-to-PC networks yet, only behind-router networks...
I am unfortunately in that case. My host computer does have a public IP address.
Nestom wrote:there seems to be an issue with all IP addresses ending with .2 (1.1.1.2 and 1.0.0.2 affected).
If your example IP addresses are PCs inside your office LAN, then your LAN is misconfigured. These IPs are public internet IPs that should not be behind a router. I tried http://1.0.0.2 on the internet and got a Cloudflare DNS error website. http://1.1.1.2 went to a Cloudflare service website.
These example IPs are not in my LAN. If I go to http://1.0.0.2 or http://1.1.1.2 from the host machine, I am also getting cloudflare DNS. Actually my computer is not even in the same LAN as the problematic IP that I noticed first (witch also ends by .2). My organization network consists of multiple LANs.

The "end by .2" thing might be related to the fact that the the default route (ip route show) inside the VM is 10.0.2.2 (the virtual router ip if I'm correct).
Please post the VM's .vbox file, unobfuscated, zipped, using the forum's Upload Attachment tab, so we can see what its configuration is. Also, please provide the output of 'ifconfig' or 'ip address' from within the VM, also the command output from the host.
See attachments.

Thanks again
Attachments
ubuntu-jammy-22.04-cloudimg-20221229.zip
VM vbox file
(1.44 KiB) Downloaded 4 times
VM ip adress config
VM ip adress config
Screenshot from 2023-01-04 16-47-52.png (11.16 KiB) Viewed 3403 times
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

Today I booted the host and started the VM created with Ubuntu cloud image => no issue
Created a new VM from the same Ubuntu cloud image OVA => issue

The issue appears just after the VM is created. That explains why it's more prevalent with vagrant which creates VMs from the ground up.

Using tcptraceroute, I can see the packets not going passed 10.0.2.2 :

Code: Select all

guest$ tcptraceroute 1.1.1.2
Selected device enp0s3, address 10.0.2.15, port 43755 for outgoing packets
Tracing the path to 1.1.1.2 on TCP port 80 (http), 30 hops max
 1  10.0.2.2  0.406 ms  0.524 ms  0.437 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

I tried with Ubuntu 18.04 and 20.04 cloud images, same behavior.
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

I took the liberty to file a bug : https://www.virtualbox.org/ticket/21513
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by fth0 »

FWIW, I could easily reproduce the issue, which indicates that it does not depend on some special property of your setup.

I created a VM in VirtualBox 7.0.6 clicking through the wizard and booted it with a "randomly" selected Linux ISO. Executing "wget 1.1.1.1" over the NAT adapter worked as expected. When executing "wget 1.1.1.2", the TCP-SYN packets didn't reach a Wireshark capture on the host OS, but could be captured in VirtualBox's "nictrace".
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by fth0 »

FWIW, I've identified the bug in the VirtualBox source code and explained it in the ticket. Now we "only" have to wait for a VirtualBox developer who fixes it.
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

@fth0 Thank you !

I'm also hoping this will get fixed soon, I'm impaired by this to test my code since our gitlab forge is on a server with a .2 IP.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by fth0 »

Nestom wrote:I'm impaired by this to test my code since our gitlab forge is on a server with a .2 IP.
Depending on what you really want to do, you could use SSH tunneling as a workaround. Just use a device on the LAN as a SSH jump host, which doesn't have an IPv4 address ending with ".2". ;)
Nestom
Posts: 9
Joined: 3. Jan 2023, 16:09

Re: HTTP working for all ip adresses except one (vagrant + NAT)

Post by Nestom »

Good idea ! Thanks !
Post Reply