source ip is 10.0.2.2 for all incoming packets

Discussions related to using VirtualBox on Linux hosts.
Post Reply
dovydas
Posts: 7
Joined: 28. Jul 2011, 23:09
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian Squeeze

source ip is 10.0.2.2 for all incoming packets

Post by dovydas »

Hi,

I have set apache webserver in debian host with debian guest with virtualbox port forwarding.

Code: Select all

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:8888
$ VBoxManage modifyvm "webserver" --natpf1 "guestwww,tcp,,8888,10.0.2.15,80"
Whenever I access my webserver I can see in apache logs that all packets are coming from source IP 10.0.2.2.
So any log analyzing is pretty useless because apache thinks that all visitors are coming from the same source!

Code: Select all

10.0.2.2 - - [29/Jul/2011:00:37:18 +0300] "GET / HTTP/1.1" 304 212 "-" "Mozilla/5.0 (X11; U; Linux x86_64; lt; rv:1.9.1.19) Gecko/20110701 Iceweasel/3.5.19 (like Firefox/3.5.19)"
10.0.2.2 - - [29/Jul/2011:00:37:35 +0300] "GET / HTTP/1.1" 200 486 "-" "Opera/9.80 (BlackBerry; Opera Mini/6.24209/25.692; U; en) Presto/2.5.25 Version/10.54"
As you can see in the apache log source IP is always 10.0.2.2. First log line if from browser in the host machine and the second log line is from my mobile blackberry.

How can I get original source IP address back?
Is there a better way to do port forwarding?
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: VirtualBox+Oracle ExtPack
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: source ip is 10.0.2.2 for all incoming packets

Post by Sasquatch »

When you're doing port forwarding, you will almost always get the source from the router, unless the router keeps the source. VB doesn't keep it. To avoid this, use Bridged instead. See the User Manual - chapter 6 for more information about that. Bridged is not an option if you don't have a router for your internet connection (except for special cases, which this probably isn't).
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
dovydas
Posts: 7
Joined: 28. Jul 2011, 23:09
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian Squeeze

Re: source ip is 10.0.2.2 for all incoming packets

Post by dovydas »

I have added a router between my ISP and a host PC and used a virtualbox bridged connection.

Router WAN interface 78.60.X.X
Router LAN interface 192.168.1.1
Host LAN interface 192.168.1.2
Guest interface (bridged with host interface) 192.168.1.3.

Everything works as expected. My apache server can see source IP of incoming packets now.

Thank you Sasquatch for explaining virtualbox limitations.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: source ip is 10.0.2.2 for all incoming packets

Post by Perryg »

Slight correction if you please. It is not a limitation of VirtualBox but a limitation of NAT which is the way it is by design. Bridged works just fine.
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: VirtualBox+Oracle ExtPack
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: source ip is 10.0.2.2 for all incoming packets

Post by Sasquatch »

It is a combination of the limitation of NAT, along with VB. Routers apparently add something to the network traffic to work around this and show the original source, instead of rewriting the entire flow to make it appear it's coming from one source. This is not done in VB, because it would make it harder to keep the table of which data needs to go where, since all the VMs configured for NAT have the same network config (gateway, IP, etc). On a normal network, this isn't the case because the clients have unique addresses.
Routers add some data, VB doesn't. Or VB rewrites the stream source IP and routers don't. At least something is different.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
boris.samardzija
Posts: 2
Joined: 4. Aug 2012, 14:35

Re: source ip is 10.0.2.2 for all incoming packets

Post by boris.samardzija »

This is possible without bridge mode! For some strange reason, the default NAT mode in VirtualBox rewrites original source.

What you want is to switch NAT to transparent mode with

Code: Select all

VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly
More info here

http://www.virtualbox.org/manual/ch09.h ... -adv-alias
http://www.virtualbox.org/manual/ch08.html#idp18407536
https://www.virtualbox.org/ticket/6524
https://www.virtualbox.org/ticket/7608
Post Reply