Can't ping to/from guest with bridged networking

[rgc]

I'm running a 32-bit Debian 8 guest (512MB RAM) within a 32-bit Ubuntu 16.10 host (2GB RAM) on an old Compaq nx6110 laptop (later-model Pentium M processor, one wired NIC, disabled wireless NIC). The laptop is connected via its wired NIC to my Internet router/switch, which also serves DHCP and DNS. I'm aiming to build an OpenVPN server on the Debian VM (because the router doesn't provide this), but first of all I need to get it to show up on my home LAN.

In the default NAT mode, VirtualBox happily assigns the default IPv4 address 10.0.2.15 to eth0, along with an IPv6 address. I can traceroute all the way out to Internet servers quite happily. But NAT isn't going to work for this VM, because I need my router to be able to forward packets received from Internet VPN clients. Reading the guest NIC choices, "Bridged Adapter" with a static IP seems to be what I need. But when I try to set that up I can't ping to or from the VM (i.e. destination unreachable pinging to/from the physical machines on the same subnet). Here are the config details:

IPs:
Router: 192.168.0.1
Host (Ubuntu): 192.168.0.105 (DHCP)
Guest (Debian): 192.168.0.99 (static)

Netmask: 255.255.255.0 (on all)

The router is set to issue DHCP leases for the range 192.168.0.100-199. I have tried with an without an address reservation on the router for the VM's static IP. I also tried to let the VM obtain a DHCP address, but it didn't pick one up. Oh, and I added the following to /etc/network/interfaces on the Debian VM:

Code: Select all

auto eth0
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0

Any suggestions for tests or config changes are welcome. Let me know if you need additional data.

[Martin]

Did you check if the Ubuntu host has the firewall service active? In many cases this blocks bridged networking.

[rgc]

Good idea. I checked but it's not running:

Code: Select all

user@host:~$ sudo ufw status verbose
Status: inactive

Anything else I can check? Does VirtualBox provide a way to examine the packet traffic coming from a particular VM?

[socratis]

I also tried to let the VM obtain a DHCP address, but it didn't pick one up.

That's the part that worries me. Check your router's configuration. If you want to be testing things, just boot the VM from a Live CD/DVD, with only one Bridged interface. They're pre-configured to work right out of the box, without messing with configuration files.

If that doesn't work, again, check your router's configuration. Something is not right.

If it works, just copy the configuration from the Live CD to the VM. Done.

[rgc]

If you want to be testing things, just boot the VM from a Live CD/DVD, with only one Bridged interface. They're pre-configured to work right out of the box, without messing with configuration files.

Thanks. That does sound like a good way to eliminate a lot of confounding variables. I'll give that a try.

If that doesn't work, again, check your router's configuration. Something is not right.

That would surprise me. It's a pretty vanilla TP-Link wifi router config that happily does DHCP for every other device I have. The other factor could be the configuration of the Ubuntu host, but that is also freshly built.

If it works, just copy the configuration from the Live CD to the VM. Done.

It sounds like that's where I'm headed.

[rgc]

OK, so I booted the VM from a Knoppix LiveCD iso. In the default, single-NIC-with-NAT configuration. I get an IPv4 address and can traceroute to Internet machines.

Once I switch that to a single NIC using the Bridged Adapter setting and restart Knoppix, I'm back to essentially the same situation as with the Debian VM build I tried earlier. Only an IPv6 address gets assigned to the guest and I cannot ping any other host. Here is the network settings page from VirtualBox using the Bridged Adapter settings:

Bridged Adapter settings for a Knoppix guest

guest_network_settings_lo.png (91 KiB) Viewed 14865 times

and here are the results of ifconfig from the Knoppix guest booted in this configuration:

Results of ifconfig from guest booted with Bridged Adapter settings

no_ipv4_assigned_to_guest_lo.png (62.52 KiB) Viewed 14865 times

Any time I try to ping an IPv4 address, I get Network is unreachable. I'm thinking that VirtualBox isn't setting up the virtual NIC properly (probably because I'm missing some key configuration), but where should I look?

[socratis]

I'm thinking that VirtualBox isn't setting up the virtual NIC properly (probably because I'm missing some key configuration), but where should I look?

• You're not missing any configuration, because there isn't any.
• VirtualBox sets up the NIC just fine, otherwise you wouldn't see it in your guest.
• There is somewhere a problem with either your host's network stack/firewall or your router's DHCP server/filters.
• Check your host's and your router's logs.

[rgc]

• Check your host's and your router's logs.

Progress, of a sort. I looked at my router's logs and I see regular entries like the following:

Code: Select all

197	Jan 18 11:44:51	DHCP	INFO	DHCPS:Send OFFER with ip 192.168.0.99
196	Jan 18 11:44:50	DHCP	INFO	DHCPS:Recv DISCOVER from 08:00:27:1A:34:21
195	Jan 18 11:44:41	DHCP	INFO	DHCPS:Send OFFER with ip 192.168.0.99
194	Jan 18 11:44:40	DHCP	INFO	DHCPS:Recv DISCOVER from 08:00:27:1A:34:21
193	Jan 18 11:44:27	DHCP	INFO	DHCPS:Send OFFER with ip 192.168.0.99
192	Jan 18 11:44:26	DHCP	INFO	DHCPS:Recv DISCOVER from 08:00:27:1A:34:21

That MAC address is the one assigned to eth0 on the guest. The router has an IP reservation of 192.168.0.99 for that MAC address and appears to be correctly sending out the OFFER response. So the DHCP DISCOVER packet is successfully making it along this route: [guest eth0] > [host eth0] > [router]. But it seems like the OFFER packet isn't making it back to the guest, or is not being processed correctly when it reaches the guest. I'll take a look at the host logs next...

[rgc]

OK, I guess I need some help to figure out how to get what I need from the Ubuntu host logs. Here's what I see in /var/log/syslog after I boot the Knoppix guest, which is still set to request a DHCP address in bridged mode.

Code: Select all

Jan 20 13:00:51 nx6110 kernel: [89028.524898] vboxdrv: f9480020 VMMR0.r0
Jan 20 13:00:52 nx6110 kernel: [89029.537875] vboxdrv: f977d020 VBoxDDR0.r0
Jan 20 13:00:52 nx6110 kernel: [89029.670476] VBoxNetFlt: attached to 'eth0' / 00:12:79:59:c9:48
Jan 20 13:00:52 nx6110 kernel: [89029.830571] device eth0 entered promiscuous mode

So... there's not very much being logged. It's encouraging that VirtualBox is putting eth0 in promiscuous mode. I assume this is because it needs to accept packets for the guest's IP address in addition to its own. Oh, and 00:12:79:59:c9:48 is definitely the MAC address for the host's NIC. Beyond that, I don't see much of use. How do I increase the network logging so that I can see DHCP packets sent and received? Or am I going to need Wireshark for that?

[rgc]

OK, now there's more in syslog, but I don't think it's related to the guest VM. Just looks like a DHCP lease renew by the host (at 192.168.0.105), and some miscellaneous low-level errors.

Code: Select all

Jan 20 13:00:52 nx6110 unity-panel-ser[3284]: menus_destroyed: assertion 'IS_WINDOW_MENU(wm)' failed
Jan 20 13:12:55 nx6110 dhclient[1651]: DHCPREQUEST of 192.168.0.105 on eth0 to 192.168.0.1 port 67 (xid=0x45a963f1)
Jan 20 13:12:55 nx6110 dhclient[1651]: DHCPACK of 192.168.0.105 from 192.168.0.1
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2026]   address 192.168.0.105
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2036]   plen 24 (255.255.255.0)
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2112]   gateway 192.168.0.1
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2153]   server identifier 192.168.0.1
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2159]   lease time 7200
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2164]   nameserver '192.168.0.1'
Jan 20 13:12:56 nx6110 NetworkManager[1186]: <info>  [1484946776.2169] dhcp4 (eth0): state changed bound -> bound
Jan 20 13:12:56 nx6110 dbus[1127]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jan 20 13:12:56 nx6110 systemd[1]: Starting Network Manager Script Dispatcher Service...
Jan 20 13:12:56 nx6110 dhclient[1651]: bound to 192.168.0.105 -- renewal in 3109 seconds.
Jan 20 13:12:56 nx6110 dbus[1127]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 20 13:12:56 nx6110 systemd[1]: Started Network Manager Script Dispatcher Service.
Jan 20 13:12:56 nx6110 nm-dispatcher: req:1 'dhcp4-change' [eth0]: new request (1 scripts)
Jan 20 13:12:56 nx6110 nm-dispatcher: req:1 'dhcp4-change' [eth0]: start running ordered scripts...
Jan 20 13:14:17 nx6110 gnome-session[3114]: gnome-session-binary[3114]: GLib-GIO-CRITICAL: g_dbus_connection_call_internal: assertion 'object_path != NULL && g_variant_is_object_path (object_path)' failed
Jan 20 13:14:17 nx6110 gnome-session-binary[3114]: GLib-GIO-CRITICAL: g_dbus_connection_call_internal: assertion 'object_path != NULL && g_variant_is_object_path (object_path)' failed
Jan 20 13:14:28 nx6110 unity-settings-[3104]: failed to turn the kbd backlight off: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface 'org.freedesktop.UPower.KbdBacklight' on object at path /org/freedesktop/UPower/KbdBacklight
Jan 20 13:17:01 nx6110 CRON[12857]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Jan 20 13:20:07 nx6110 evolution-sourc[3425]: secret_service_search_sync: must specify at least one attribute to match
Jan 20 13:23:02 nx6110 gnome-session[3114]: gnome-session-binary[3114]: GLib-GIO-CRITICAL: g_dbus_connection_call_internal: assertion 'object_path != NULL && g_variant_is_object_path (object_path)' failed
Jan 20 13:23:02 nx6110 gnome-session-binary[3114]: GLib-GIO-CRITICAL: g_dbus_connection_call_internal: assertion 'object_path != NULL && g_variant_is_object_path (object_path)' failed
Jan 20 13:23:02 nx6110 unity-panel-ser[3284]: menus_destroyed: assertion 'IS_WINDOW_MENU(wm)' failed