virtualbox.org

[dovydas]

Hi,

I have set apache webserver in debian host with debian guest with virtualbox port forwarding.

Code: Select all   Expand viewCollapse view

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:8888
$ VBoxManage modifyvm "webserver" --natpf1 "guestwww,tcp,,8888,10.0.2.15,80"

Whenever I access my webserver I can see in apache logs that all packets are coming from source IP 10.0.2.2.
So any log analyzing is pretty useless because apache thinks that all visitors are coming from the same source!

Code: Select all   Expand viewCollapse view

10.0.2.2 - - [29/Jul/2011:00:37:18 +0300] "GET / HTTP/1.1" 304 212 "-" "Mozilla/5.0 (X11; U; Linux x86_64; lt; rv:1.9.1.19) Gecko/20110701 Iceweasel/3.5.19 (like Firefox/3.5.19)"
10.0.2.2 - - [29/Jul/2011:00:37:35 +0300] "GET / HTTP/1.1" 200 486 "-" "Opera/9.80 (BlackBerry; Opera Mini/6.24209/25.692; U; en) Presto/2.5.25 Version/10.54"

As you can see in the apache log source IP is always 10.0.2.2. First log line if from browser in the host machine and the second log line is from my mobile blackberry.

How can I get original source IP address back?
Is there a better way to do port forwarding?

[Sasquatch]

When you're doing port forwarding, you will almost always get the source from the router, unless the router keeps the source. VB doesn't keep it. To avoid this, use Bridged instead. See the User Manual - chapter 6 for more information about that. Bridged is not an option if you don't have a router for your internet connection (except for special cases, which this probably isn't).

[dovydas]

I have added a router between my ISP and a host PC and used a virtualbox bridged connection.

Router WAN interface 78.60.X.X
Router LAN interface 192.168.1.1
Host LAN interface 192.168.1.2
Guest interface (bridged with host interface) 192.168.1.3.

Everything works as expected. My apache server can see source IP of incoming packets now.

Thank you Sasquatch for explaining virtualbox limitations.

[Perryg]

Slight correction if you please. It is not a limitation of VirtualBox but a limitation of NAT which is the way it is by design. Bridged works just fine.

[Sasquatch]

It is a combination of the limitation of NAT, along with VB. Routers apparently add something to the network traffic to work around this and show the original source, instead of rewriting the entire flow to make it appear it's coming from one source. This is not done in VB, because it would make it harder to keep the table of which data needs to go where, since all the VMs configured for NAT have the same network config (gateway, IP, etc). On a normal network, this isn't the case because the clients have unique addresses.
Routers add some data, VB doesn't. Or VB rewrites the stream source IP and routers don't. At least something is different.

[boris.samardzija]

This is possible without bridge mode! For some strange reason, the default NAT mode in VirtualBox rewrites original source.

What you want is to switch NAT to transparent mode with

Code: Select all   Expand viewCollapse view

VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly

More info here

http://www.virtualbox.org/manual/ch09.h ... -adv-alias
http://www.virtualbox.org/manual/ch08.html#idp18407536
https://www.virtualbox.org/ticket/6524
https://www.virtualbox.org/ticket/7608