net.ipv4.ip_forward=1 no longer works

Discussions related to using VirtualBox on Linux hosts.
Post Reply
scottj
Posts: 5
Joined: 15. Jun 2011, 02:47
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: Linux

net.ipv4.ip_forward=1 no longer works

Post by scottj »

I have created a Ubuntu 10.04LTS VM running openvpn. I use this as a VPN server appliance for my clients. I use it on a Ubuntu 10.04LTS host system. Both are x64 based. My VM has stopped forwarding ipv4 on a new host server I built running VBox 4.0.8. The same VM is forwarding ipv4 requests just fine on a server running VBox 4.0.4. Both are running the same version of Ubuntu 10.04LTS. On the VM from the new server I can ping the host system's IP, but no other systems on the network (including the gateway). The host is 10.1.1.20, the VM 10.1.1.220, the GW 10.1.1.1, all using a netmask of 255.255.255.0. cat /proc/sys/net/ipv4/ip_forward shows "1", so I know ip_forward is set correctly.

This appears to be regression from 4.0.4 to 4.0.8. I'm setting up a test system now to allow me to verify this. Do any of you know how I can test what is going wrong in the meantime? I'm not sure where to look. Should I tcpdump on the host NIC, the VM NIC, or ??? and what should I be looking for. Any help would be appreciated. I've been pulling my hair out on this one for the past week.

BTW - I'm using "bridged" networking for the NIC.
scottj
Posts: 5
Joined: 15. Jun 2011, 02:47
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: Linux

Re: net.ipv4.ip_forward=1 no longer works

Post by scottj »

I just realized I didn't explain the configuration very well.

The VM system "can" access other systems on the network just fine. It's the clients that are tunneled via OpenVPN that cannot see anything but the VM's ip. Here is a run-down on the network topology:

GW: 10.1.1.1
Main server/Vbox host: 10.1.1.20
OpenVPN VM: 10.1.1.26
Client tunneled into OpenVPN server (VM): 10.1.1.220

Tunneled system (10.1.1.220) can ping 10.1.1.26 and it's self (10.1.1.220), but nothing else. That includes not being able to ping 10.1.1.20, the VBox host system.

Again, OpenVPN clients that are tunneled on a VM that is hosted on a VBox 4.0.4 system works just fine.
scottj
Posts: 5
Joined: 15. Jun 2011, 02:47
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: Linux

Re: net.ipv4.ip_forward=1 no longer works

Post by scottj »

OK, I was able to test my VPN VM on a different server running VBox 4.0.8 and reproduce that ipv4 forwarding was not happening. I then removed: "virtualbox-4.0_4.0.8-71778~Ubuntu~lucid_amd64.deb" and installed: virtualbox-4.0_4.0.4-70112~Ubuntu~lucid_amd64.deb. There were no modifications to the VM (in fact, it still showed as registered in 'vboxmanage list vms' after the 4.0.4 install).

My VPN VM now works and ipv4 forwarding behaves as it should. Can someone help me define what the bug is so I can submit a bug report?

Thanks!
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: PUEL
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: net.ipv4.ip_forward=1 no longer works

Post by Sasquatch »

Even though I have a good understanding of networking, I have no idea how to exactly pinpoint this problem. What I do know, is that you have to report it in the Bugtracker (separate account needed). If you can, please try 4.0.6 as well, so the team has a smaller window to look for the problem.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
scottj
Posts: 5
Joined: 15. Jun 2011, 02:47
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: Linux

Re: net.ipv4.ip_forward=1 no longer works

Post by scottj »

Thanks Sasquatch. I re-tested using 4.0.6 and it does not work, so the bug was introduced between 4.0.4 and 4.0.6. I'll try to get a bug report submitted when I have another free moment over the next day or so.
lnxadmin
Posts: 2
Joined: 2. Oct 2011, 22:51
Primary OS: Other
VBox Version: PUEL
Guest OSses: All

Re: net.ipv4.ip_forward=1 no longer works

Post by lnxadmin »

Hello Scott,
I appear to be having the same issue with OpenVPN, though I am running 4.1.2 with Debian 6 as both the host and guest. Just wondering if you ever submitted a bug for this? Were you ever able to find a solution (besides reverting to 4.0.4)? Thanks!
lnxadmin
Posts: 2
Joined: 2. Oct 2011, 22:51
Primary OS: Other
VBox Version: PUEL
Guest OSses: All

Re: net.ipv4.ip_forward=1 no longer works

Post by lnxadmin »

Just to follow up should anyone with this problem stumble on this thread. It appears a bug report for this over 4 months ago, but it has not even been assigned at this point. 4.1.4 was released earlier today and I have confirmed the issue is still present.

https://www.virtualbox.org/ticket/8965
tloc
Posts: 1
Joined: 1. Apr 2012, 13:13

Re: net.ipv4.ip_forward=1 no longer works

Post by tloc »

Same problem with 4.1.10. I wonder why the developers are ignoring this problem?
Raltar
Posts: 1
Joined: 7. Aug 2012, 05:00

Re: net.ipv4.ip_forward=1 no longer works

Post by Raltar »

FWIW, I had the same issue with a Ubuntu 12.04 server host, Ubuntu 12.04 server guest in VBoxHeadless setup on VBox 4.1.18.

Since I had a different guest/host combo and more info on the issue, I opened up ticket #10811 <New member, can't post the address>

I suspect this may have been related to the source of the bug: <pretend this is the link to the 4.0 changelog>
"Host-Only & Bridged & Internal Networking: fix for processing promiscuous mode requests by VMs, defaulting to switch behaviour"

If they used a static MAC table for defined guest MAC addresses (I had specified mine statically in the VM definition) and also didn't flood unknown unicast frames to the guest adapters, this issue would be the result.
Dobler
Posts: 2
Joined: 8. Sep 2012, 12:52

Re: net.ipv4.ip_forward=1 no longer works

Post by Dobler »

Using 4.1.20 on Solaris. Still having the same issue. I may try downgrading.
scottj
Posts: 5
Joined: 15. Jun 2011, 02:47
Primary OS: Ubuntu other
VBox Version: PUEL
Guest OSses: Linux

Re: net.ipv4.ip_forward=1 no longer works

Post by scottj »

Dobler wrote:Using 4.1.20 on Solaris. Still having the same issue. I may try downgrading.
OK, to make things more interesting, I have identical VBox environments (4.1.8r75467) running on two host Ubuntu 10.04 LTS x64 systems. I created a new Ubuntu 12.04 server VM and configured it with OpenSWAN, ppp, and xl2ptd and copied it to both servers. On one of the servers, net.ipv4.ip_forward = 1 works as expected. On the second one, it's not forwarding. I have verified that /proc/sys/net/ipv4/ip_forward is set to "1". Are we dealing with an issue with the host's NIC driver (the hardware is different on the 2 servers)? This is most confusing. I don't know where to begin on troubleshooting this. As I stated when I stated this thread, I though it was release specific. Now I'm not so sure. I haven't tried this out on the new 4.2 release yet. I have other servers available and will try to reproduce the problem on them (the existing 2 servers are in production).
Post Reply