Need advice-Opensuse host network ok - guest cannot reach outside world

[ers_capn_kwick]

Background: OpenSuSE 42.2 (call it Serv1 with a static IP) serving as VBox host (running VBox 5.1.18_SUSE r114002) (as installed from the OpenSuSE repositories).
I can ping in and out from Serv1 and can access Serv1 from other hosts.
Output from "ip addr show" for Serv1:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:bf:0f:b1 brd ff:ff:ff:ff:ff:ff
inet 10.2.18.1/16 brd 10.2.255.255 scope global eth0
valid_lft forever preferred_lft forever

I have a "canned" Oracle/Peopesoft appliance running in the guest in Bridged mode to Serv1 host adapter eth0 (call it Serv2 with IP 10.2.18.2). It boots up just fine, I can logon to through the character mode console (no GUI) just fine.
I can ping from the guest (Serv2) to the host (Serv1) just fine. The reverse is also true (Serv1 -> Serv2 ping is good).
But.....
For the life of me I cannot get the guest (Serv2) to ping any host in the rest of our network nor can any other host in our network ping Serv2.
I've completely turned off the firewall on Serv1. No go.
I've verified that the default gateway for both Serv1 and Serv2 reference the same network equipment IP address.
I've verified that the MAC address that Serv2 shows from "ip addr show" matches the MAC address in the Settings -> Network -> Advanced in VBox.
The output from "VBoxManage showvminfo --detailed" cut down to just the NIC is:
NIC 1: MAC: 080027601F37, Attachment: Bridged Interface 'eth0', Cable connected: on, Trace: off (file: none), Type: Am79C973, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: allow-all, Bandwidth group: none

I'm pretty much at a loss as to what might be happening with the guest (Serv2) as to why it can reach the host but nothing else. I could understand it if the VBox network settings had "Host-only" but I'm running in Bridged mode.

[Perryg]

Is the guest using the same address range and subnet? What about the gateway. Other than one of them being incorrect you need to look and see if proper ports are open as IIRC most are blocked by default in suse.

[ers_capn_kwick]

Same address range and subnet? yes, we are using a 10.2.0.0 subnet.
As for ports being open, as I had stated, I've turned off / disabled the firewall on Serv1 (the VBox host) so it should be passing everything straight through.

[Perryg]

Your post says

• inet 10.2.18.1/16 brd 10.2.255.255 scope global eth0

But you say the lan uses

• 10.2.0.0 subnet

They don't match to me. Not staying that you can't use it this way but you will need to setup iprules for routing to do so.

Post the following from the host terminal

• vboxmanage list bridgedifs

then post

• the exact ip subnet and gateway you used for the guest.

[ers_capn_kwick]

From Serv1

Code: Select all

VBoxManage list bridgedifs
Name:            eth0
GUID:            30687465-0000-4000-8000-005056bf0fb1
DHCP:            Disabled
IPAddress:       10.2.18.1
NetworkMask:     255.255.0.0
IPV6Address:
IPV6NetworkMaskPrefixLength: 0
HardwareAddress: 00:50:56:bf:0f:b1
MediumType:      Ethernet
Status:          Up
VBoxNetworkName: HostInterfaceNetworking-eth0

From Serv1

Code: Select all

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.2.1.254      0.0.0.0         UG        0 0          0 eth0
10.2.0.0        0.0.0.0         255.255.0.0     U         0 0          0 eth0

From Serv2

Code: Select all

ifconfig
eth0      Link encap:Ethernet   HWaddr 08:00:27:60:1F:37
          inet addr:10.2.18.2   Bcast:10.2.255.255  Mask:255:255:0:0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:2774 errors:47 dropped:0 overruns:0 frame:0
          TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:177468      TX bytes:2635
          Interrupt:19  Base address:0xd020

From Serv2

Code: Select all

ip addr show
2: eth0:  <BROADCAST,MULTICAST,UP,LOWER_UP> mtu:1500 qdisc pfifo_fast qlen 1000
    link/ether 08:00:27:60:1f:37 brd ff:ff:ff:ff:ff:ff
    inet 10.2.18.2/16 brd 10.2.255.255 scope global eth0Serv2  netstat -rn

From Serv2

Code: Select all

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.2.1.254      0.0.0.0         UG        0 0          0 eth0
10.2.0.0        0.0.0.0         255.255.0.0     U         0 0          0 eth0

The "VBoxNetworkName: HostInterfaceNetworking-eth0" is the first time that I'm seeing that (but then everything up to this point has been going through the GUI for VBox). Does that do what I'm suspecting in making it a "host-only" network? If so, I'm unclear about how to fix that.

[Perryg]

The "VBoxNetworkName: HostInterfaceNetworking-eth0" is the first time that I'm seeing that (but then everything up to this point has been going through the GUI for VBox). Does that do what I'm suspecting in making it a "host-only" network?

No that is just the associated name to your interface on the host. Host-only is called something else but if you were actually using the host-only nothing else but the host and guest would work without an additional adapter added to get some place outside that environment.

From what I see so far the host and guests are within a reasonable range but that still does not tell me how you are going to talk with the LAN if as you say it is on a different address. If this is on a corporate lan you might want to talk to the lan administrator to figure this out. VirtualBox gives you a hardware interface ( bridge ) and resembles a real network adapter. Configurations are the main reason for failure.

[ers_capn_kwick]

I had not mentioned all of our environment when doing the initial diagnosis since we were experimenting with a "not officially supported" setup.

Our setup is vSphere 5.5 running Win 2012 R2 VM (with version 10 hardware (which allows virtual on virtual)) running VirtualBox running an Oracle/Linux appliance.

The resolution: after doing some packet captures using Wireshark on a working physical Win 7 host and our Win 2012 host, we realized that there was something fundamental that we were missing at the network level.

After checking the blog at http://www.virtuallyghetto.com/ on nested virtualization, we determined that we had to create a separate port group for our Win 2012/VBox host that had the following enabled:
promiscuous mode
forged transmits

Once that was set up, our Oracle/Linux guest was able to communicate with other servers/hosts as we intended.