Virtualbox NAT network not connecting to the Internet

Discussions related to using VirtualBox on Linux hosts.
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Virtualbox NAT network not connecting to the Internet

Post by jrkul »

I am using Virtualbox 5.1.4 on Ubuntu 14.04 LTS.
I installed Ubuntu Server 16.04.3 in two Virtualbox virtual machines, and then I created a NAT network and a DHCP server with the following commands from the host machine:

$ vboxmanage natnetwork add --netname testlab --network "10.10.10.0/24" --enable
$ vboxmanage dhcpserver add --netname testlab --ip 10.10.10.1 --netmask 255.255.255.0 --lowerip 10.10.10.2 --upperip 10.10.10.12 --enable

I configured the Network setting of each virtual machine to use the Adapter 1 attached to 'Nat Network' testlab.

The two virtual machines can ping each other with these settings, but they cannot access the Internet. If I ping 8.8.8.8, I have a 100% packet loss and I am unable to install any package:

$ apt-get update && apt-get upgrade
Temporary failure resolving ‘gb.archive.ubuntu.com’

Both have an empty /etc/resolv.conf and the same /etc/hosts files.

I need to have them connected to each other and the Internet for testing purposes. One should act as a server, the second one as a client, and the machine acting as a server should be connected to the Internet.

I have no idea why the two servers cannot connect to the internet as Virtualbox NAT Network. Any ideas?
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

Post the guests log file ( as an attachment ). Right click on the guest in the Main Manager then click show log. Save and post as an attachment. Compress if it is too large to post.

As well as the following from the hosts terminal

Code: Select all

vboxmanage showvminfo <vm name> | grep NIC
Replace <vm name> with the actual name of the guest.
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

I attached the Vbox.log files as suggested.
Below are the two outputs of vboxmanage showvminfo <vm name> | grep NIC

Code: Select all

jrkul@ubuntu:~ $ vboxmanage showvminfo "Ubuntu 16.04.3 server" | grep NIC
NIC 1:           MAC: 080027A42039, Attachment: NAT Network 'testlab', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 2:           disabled
NIC 3:           disabled
NIC 4:           disabled
NIC 5:           disabled
NIC 6:           disabled
NIC 7:           disabled
NIC 8:           disabled

Code: Select all

jrkul@ubuntu:~ $ vboxmanage showvminfo "Ubuntu 16.04.3" | grep NIC
NIC 1:           MAC: 0800274783FF, Attachment: NAT Network 'testlab', Cable connected: on, Trace: off (file: none), Type: 82540EM, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny, Bandwidth group: none
NIC 2:           disabled
NIC 3:           disabled
NIC 4:           disabled
NIC 5:           disabled
NIC 6:           disabled
NIC 7:           disabled
NIC 8:           disabled
Attachments
Ubuntu 16.04.3-2017-09-19-14-37-44.log
Secondary server
(101.11 KiB) Downloaded 35 times
Ubuntu 16.04.3 server-2017-09-19-14-37-57.log
Main server
(101.95 KiB) Downloaded 19 times
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

So far so good. Now post the results of these.

Host terminal:

Code: Select all

vboxmanage list natnets
Guests terminal/s:

Code: Select all

1) ifconfig -a
2) traceroute 8.8.8.8
Note: I am not all that interested in the results once it reaches the Internet, just the ones from within. Use Crtl-c to stop the trace one it reaches the internet.
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

I needed time because I could not copy and past from guest to host.
On the host's side:

Code: Select all

$ vboxmanage list natnets
NetworkName:    testlab
IP:             10.10.10.1
Network:        10.10.10.0/24
IPv6 Enabled:   No
IPv6 Prefix:    fd17:625c:f037:2::/64
DHCP Enabled:   Yes
Enabled:        Yes
loopback mappings (ipv4)
        127.0.0.1=2

From Virtualbox machine Ubuntu 16.04.3 server:

Code: Select all

$ ifconfig -a
enp0s3    Link encap:Ethernet   HWaddr  08:00:27:a4:20:39
               inet addr:10.10.10.2  Bcast:10.10.10.255  Mask:255.255.255.0
               inet6 addr: fe80::a00:27ff:fea4:2039/64 Scope:Link
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:6 errors:0 dropped:0 overruns:0 frame:0
               TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:1000
               RX bytes:3044 (3.0 KB)  TX bytes:1332 (1.3 KB)

lo             Link encap:Local Loopback
                inet addr:127.0.0.1  Mask:255.0.0.0
                inet6 addr: ::1/128 Scope:Host
                UP LOOPBACK RUNNING  MTU:65536  Metric:1
                RX packets:1296 errors:0 dropped:0 overruns:0 frame:0
                TX packets:1296 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:1
                RX bytes:96272 (96.2 KB)  TX bytes:96272 (96.2 KB)

Code: Select all

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1 * * *
 2 * * *
 3 * * *
 4 * * *
 5 * * *
 6 * * *
 7 * * *
...
28 * * *
29 * * *
30 * * *

From Virtualbox machine Ubuntu 16.04.3:

Code: Select all

$ ifconfig -a
enp0s3    Link encap:Ethernet   HWaddr  08:00:27:47:83:ff
               inet addr:10.10.10.3  Bcast:10.10.10.255  Mask:255.255.255.0
               inet6 addr: fe80::a00:27ff:fe47:83ff/64 Scope:Link
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:18 errors:0 dropped:0 overruns:0 frame:0
               TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:1000
               RX bytes:6414 (6.4 KB)  TX bytes:2892 (2.8 KB)

lo             Link encap:Local Loopback
                inet addr:127.0.0.1  Mask:255.0.0.0
                inet6 addr: ::1/128 Scope:Host
                UP LOOPBACK RUNNING  MTU:65536  Metric:1
                RX packets:9024 errors:0 dropped:0 overruns:0 frame:0
                TX packets:9024 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:1
                RX bytes:668992 (668.9 KB)  TX bytes:66892 (668.9 KB)

Output of traceroute is the same in both servers.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

The traceroute never reaches the host 10.10.10.1 so something must be stopping it. I would look at firewalls first. It might be worth your while to update to the newest release of VirtualBox as well. I have tested this again today on a Ubuntu 16.04 server guest and Linux host so I know it works in theory.
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

Both OS are freshly installed, so there are no set rules in iptables. Default policies for all chains are ACCEPT all packets.
If you think it is better to install the latest version of Virtualbox I will do it and try again.
I will be back to share my experience.
I would be grateful if you could suggest me documentation on updating Virtualbox and preserving NAT network and a DHCP server.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

Simply install the latest release. All settings and guest will remain. I would also suggest a reboot of the host just to make sure all caches are cleared then see if you can traceroute from the guest/s and reach the host.

One other thing I just thought about and wanted to ask. When you created the NatNetwork you didn't use a subnet that was already available to the host did you. This would cause a storm and that would stop the stack from working properly.
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

My host is a simple Ubuntu workstation, installed with the default settings.
So, as far as I know, the network "10.10.10.0/24" belongs only to Virtualbox.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

Easy enough to verify. Just run ifconfig -a in the host terminal and make sure that the 10.10.10.* address does not show up. Let me know what happens after you upgrade.
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

I verified in the host terminal: 10.10.10.* address is not there, it only belongs to Virtualbox natnetwork.
Made the upgrade to 5.1.28 , restarted the host machine but nothing has changed: still both virtual machines see each other but not the outside world.
ping to 8.8.8.8 has still 100% packet loss.

Code: Select all

$ nslookup google.com
;; connection timed out; no servers could be reached
Taken alone, both machines, with network settings attached to NAT, can connect to the Internet.
However, when they are in a NAT network, they do not see the Internet.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

I am at a total loss as to why this is not working. I have verified everything you have posted and tested it twice locally and by all indications it should be working. This leave it with the host. Are you sure there is nothing like a firewall or corp. policy that might be blocking this?
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

I am at home, and on my host machine I have the following firewall rules:

Code: Select all

$ sudo iptables -L
[sudo] password for jrkul: 
Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere            

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
ufw-user-input  all  --  anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere            

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere            

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  192.168.0.102        anywhere            

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination         


If it can be of any help, these are the steps I followed so far.
First I created the two virtual machines with the Ubuntu servers.
Then I created the dhcp server with the following command:

Code: Select all

$ vboxmanage dhcpserver add --netname testlab --ip 10.10.10.1 --netmask 255.255.255.0 --lowerip 10.10.10.2 --upperip 10.10.10.12 --enable
After that I tested my servers with Adapter 1 attached to Internal Network.
Then I created the natnetwork with:

Code: Select all

$ vboxmanage natnetwork add --netname testlab --network "10.10.10.0/24" --enable
Finally I tested my servers with adapter 1 attached to NAT Network
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Virtualbox NAT network not connecting to the Internet

Post by Perryg »

Would you stop the firewall and see if it makes any difference?
jrkul
Posts: 18
Joined: 23. Aug 2016, 16:44

Re: Virtualbox NAT network not connecting to the Internet

Post by jrkul »

I tried with:

Code: Select all

$ sudo ufw disable
Firewall stopped and disabled on system startup
I am still experiencing the same problems.
I suppose that with 'sudo ufw disable' my firewall is disabled, even though iptables -L has output:

Code: Select all

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination     
Post Reply