Page 1 of 1

how to debug port forwarding not working?

Posted: 27. Aug 2009, 11:51
by stephanecharette
Looking for suggestions to debug port forwarding not working. Here are the commands I ran as per the manual:

VBoxManage setextradata "Ubuntu Dev VM" "VBoxInternal/Devices/e1000/0/LUN#0/Config/guestssh/Protocol" TCP
VBoxManage setextradata "Ubuntu Dev VM" "VBoxInternal/Devices/e1000/0/LUN#0/Config/guestssh/GuestPort" 22
VBoxManage setextradata "Ubuntu Dev VM" "VBoxInternal/Devices/e1000/0/LUN#0/Config/guestssh/HostPort" 2222

(Guest is configured with a single e1000 NIC.)

I can see the 3 entries in ~/.VirtualBox/Machines/Ubuntu Dev VM/Ubuntu Dev VM.xml

And when I start the guest, my host is now listening on port 2222:

$ netstat -nl | grep 2222
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN

But when I try to ssh to port 2222, it sits there for a long time before it eventually tells me "Connection closed by remote host". Within the guest, I can "ssh localhost" and it works fine, so I know sshd is listening on port 22.

How to debug? Are there log files I can enable/check anywhere to see what is happening? (I really wish port forwarding was in the GUI versus making us run these arcane XML-node commands!)

(Guest is Ubuntu 9.04-64bit, host is also Ubuntu 9.04-64bit, virtualbox is 3.0.4, and guest additions are installed.)

Re: how to debug port forwarding not working?

Posted: 27. Aug 2009, 12:08
by vbox4me2
Firewall? use agreeIPscanner, it can query (port)services as well.

Re: how to debug port forwarding not working?

Posted: 27. Aug 2009, 12:30
by Sasquatch
I don't think a firewall is the problem, Ubuntu doesn't use one by default, or it's not that strict and netstat shows it's listening on the port (with a firewall, you wouldn't see that). Only thing that I can think of, is that the NIC is not in NAT mode. You should know by now what to give others to be able to help you, so what's the Guest network settings. I'm sure you set it to NAT properly, but we can never be too sure.

Re: how to debug port forwarding not working?

Posted: 27. Aug 2009, 12:34
by stephanecharette
Ha! Figured it out with the use of Wireshark. Or rather, I see the problem though I don't yet know why nor how to solve it.

HOST: Wireshark shows the standard SYN, SYN+ACK, ACK handshake when I try to ssh to port 2222, so I know the host listening on that port is accepting the inbound ssh connection.

GUEST: Wireshark shows an incoming SYN packet to the wrong IP!? My guest is using 10.0.2.99 (static IP) but the incoming SYN packet is destined to 10.0.2.15 port 22. Do I _have_ to use 10.0.2.15, or is there a way to change that? I assume there is a setting in the XML file to tell VirtualBox what IP address a guest is using?

I see the following node in the VM's xml definition, but it doesn't look like it has the effect I would have assumed:

<GuestProperty name="/VirtualBox/GuestInfo/Net/0/V4/IP" value="10.0.2.99" timestamp="1251366812717867000" flags=""/>

Anyone know how to get VirtualBox to do the port forwarding to the right IP address?

Re: how to debug port forwarding not working?

Posted: 27. Aug 2009, 12:59
by vbox4me2
stephanecharette wrote:Do I _have_ to use 10.0.2.15, or is there a way to change that?
Yes you have to, its default NAT behaviour, I think you can change it, never looked into how, rtfm :D

Re: how to debug port forwarding not working?

Posted: 27. Aug 2009, 13:29
by stephanecharette
Section 9.12 discusses some fine-tuning parameters for guests using NAT. But while it seems I can select a different network, it doesn't look like I can specify any arbitrary address within the network. I've changed the guest to hard-code 10.0.2.15 as my IP address. Port forwarding now seems to work.

Re: how to debug port forwarding not working?

Posted: 27. Aug 2009, 14:40
by Sasquatch
With NAT, you must use DHCP. If you change the range through additional Guest properties, then those changes are reflected in the DHCP server too, thus giving your Guest a different IP, the one you set through those properties.

Re: how to debug port forwarding not working?

Posted: 13. Nov 2009, 16:11
by didiervdp
Hi!

I have encountered the same problem but I have modify the nat network before even start the Guest... :(

If I well understand, it's not possible to configure a guest with a fixed IP on a different NAT network and play with Port Forwarding ??
Shouldn't be consider has a bug or at least a missing feature ? :)

Host: openSuSE 11.1
Guest: SLES 11

Didier

Re: how to debug port forwarding not working?

Posted: 13. Nov 2009, 21:32
by Sasquatch
didiervdp wrote:Hi!

I have encountered the same problem but I have modify the nat network before even start the Guest... :(

If I well understand, it's not possible to configure a guest with a fixed IP on a different NAT network and play with Port Forwarding ??
Shouldn't be consider has a bug or at least a missing feature ? :)

Host: openSuSE 11.1
Guest: SLES 11

Didier
Could you explain that some more?

Re: how to debug port forwarding not working?

Posted: 13. Nov 2009, 21:40
by vbox4me2
didiervdp wrote:If I well understand, it's not possible to configure a guest with a fixed IP on a different NAT network and play with Port Forwarding ??
For the sake of argument no its not possible, each NAT VM is tied to one set of IP values, all the same for each VM.
Port forwarding from the Host is based on 'named' VM's at one end and this fixed NAT IP on the other.

Re: how to debug port forwarding not working?

Posted: 14. Nov 2009, 01:53
by MarkCranness
Reading the code leads me to suggest you try this (as well also as setting Protocol/GuestPort/HostPort as usual):

Code: Select all

VBoxManage setextradata "<VMName>" 
       "VBoxInternal/Devices/e1000/0/LUN#0/Config/guestssh/GuestIP" "10.0.2.99"
(Sorry, you don't give an example of what guest IP you want, or your interface type e1000 or pcnet, so I've used the OP's example.)

Re: how to debug port forwarding not working?

Posted: 16. Nov 2009, 12:37
by didiervdp
vbox4me2 wrote: For the sake of argument no its not possible, each NAT VM is tied to one set of IP values, all the same for each VM.
Port forwarding from the Host is based on 'named' VM's at one end and this fixed NAT IP on the other.
I have notice that. I have started 2 VM with the same IP and there was no conflict. So it's not possible to have 2 VM with NAT with a fixed IP that see each other (ie: 2 LDAP servers with replication).

For that environment, I should use bridged network, shouldn't I ?

Re: how to debug port forwarding not working?

Posted: 17. Nov 2009, 01:24
by MarkCranness
didiervdp wrote:So it's not possible to have 2 VM with NAT with a fixed IP that see each other (ie: 2 LDAP servers with replication).
That is possible with Internal networking (section 6.6 of the user manual) or Host-only networking (section 6.7 of the user manual), but in those modes the VMs cannot see other PCs on your lan and cannot see the internet (and visa versa).
didiervdp wrote:For that environment, I should use bridged network, shouldn't I ?
That would probably be best. Each VM will have it's own IP (assigned by DHCP on your LAN, or set static). They will be able to see each other and also connect to the internet.