Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Discussions about using Linux guests in VirtualBox.

Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Postby Krafty » 30. May 2019, 08:24

Hello experts, how are you? I was lurking in freenode and someone told me to ask this specific question in here.
It happens that we were given a proposal no one is seeming to figure out (or care) to do.

The initial exercise comprises of:

Create two Virtual Machines:
• Ubuntu 19.04 - as a Server
• Windows 10 - as a Client

Server will have the first NIC as NAT, and it is being assigned an IP number (I will call this NIC1)
Server will also have a secondary NIC as Internal Network and the IPs will be manually configured. (I will call this NIC2)
This setup is to simulate a server that has access to the WAN from NIC/NAT (NIC1), and handle DHCP to clients through NIC/Internal (NIC2).

Client will have only one NIC as Internal Network and all the IP configuration will be fetched from the Server.

So, on Server, the /etc/network/interfaces look like this:

Code: Select all   Expand viewCollapse view
auto lo
iface lo inet loopback

auto enp0s3
iface enp0s3 inet dhcp

auto enp0s8
iface enp0s8 inet static

The DHCP service was successfully configured through /etc/dhcp/dhcpd.conf, reserving IPs of this Internal Network which is handling to Client.
The file /etc/default/isc-dhcp-server has the statement: INTERFACESv4=enp0s8, so that this NIC2 will handle it all.
Remember that our enp0s3 is the NAT (NIC1).

OK. So everything is doing as it is supposed to do. The Windows Client is getting as its IP.
But there is no Internet access in Windows client.

Then it came the part where we were supposed to configure BIND to give Windows a DNS so that it can ping domains.
But this somehow is not working using Internal Adapters.
It works just with the two VMs in Bridge Mode, which is a bit of a hack, considering that we were supposed to follow up the exercise from DHCP.
So, some people just called it a day and changed the two VMs to bridge mode and did the BIND exercise.
But I'm left as the only one trying to figure out how to deliver this, following it up.

On the Client side, the firewall has been disabled.
On the Server side, the file /proc/sys/net/ipv4/ip_forward had its content set from 0 to 1.

Addionally, someone told me to use iptables to "enable the communication" between the machines, but I found it a bit weird since we are talking about two different networks.
The commands here listed were used to set up some rules on Server. The following commands to clean all the rules.

Code: Select all   Expand viewCollapse view
# iptables -F
# iptables -X
# iptables -t nat -X
# iptables -t nat -F

Then, I established the said rules:

Code: Select all   Expand viewCollapse view
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE

These iptables commands were supposed to route the packets from the NIC/NAT.
Doing those, won't allow Windows to get Internet Connection. It simply doesn't work.


Since BIND is listening on enp0s3 (NIC1/NAT) and Windows is living by internal network (enp0s8)- there is no way to tell Windows to listen to for DNS.
Nothing happens if you tell Windows to do it.

SO WHAT TO DO NOW? HOW TO FEED THE INTERNET from enp0s3 to enp0s8, so it will deliver to Windows Client?
I basically need that enp0s3 will communicate to enp0s8. In other words, I need one internal VM to communicate with another internal VM in this setup, if it's possible.

Something tells me that all is lacking is some more configuration to the Linux Server.
At this point, BIND matters no more, because I feel something elemental here is being ignored.

Someone help me to get this Windows machine with DHCP to get the access to the internet from the Linux Server. If it's possible.
No alterations in configurations like "set in bridge mode" or what have you. If it's not possible, with VirtualBox, in the proposed way, just say it.

Thank you for any replies that will lead to a solution.
All credits will be given.
Last edited by Krafty on 8. Nov 2019, 02:10, edited 1 time in total.
Posts: 4
Joined: 30. May 2019, 07:20

Re: Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Postby Krafty » 2. Jun 2019, 23:28

Ok, I was reading some concepts and I think I was overseeing a standard networking thing:
For two different networks to communicate, they need to have a default gateway -- or -- a router.
This can be a virtual or physical machine acting as a router, or a layer 3 hardware device.
So this is my first hint.

I have seen examples of making one NIC routing to another secondary NIC in a Linux system and also have seen examples that they work flawlessly using iptables, but with physical machines. The big question is... why am I not able to do this in VirtualBox? Is there is something wrong with the software? I don't think so. I tried the same with VMware Wkstation Pro and internal cards did not communicate as well. What am I exactly missing?

Well thanks for stopping by and reading this again.
Posts: 4
Joined: 30. May 2019, 07:20

Re: Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Postby scottgus1 » 6. Jun 2019, 16:41

I have had a pfSense guest act as a router between Windows guests and the office network the host was connected to. I Bridged on the WAN side of the pfSense router and internal-networked on the LAN side to the Windows guests, and had full communication. With a pfSense firewall rule I was able to get the entire office private network blocked from the guests while allowing internet through, too.

I didn't try it with NAT on the WAN side, I do remember trying it with NAT on the WAN side once, to see if the internal-networked LAN side could see the office network with no firewall rule, and it could. I never found anything screwy with Internal on the LAN side, communication was good between all the guests and the pfSense guest's web interface.

Unless a glitch has cropped into Virtualbox, which occasionally does happen, I'm going to shoot from the hip and say that if you can ping through the internal network, and get an IP address, and even see a shared folder between the two VMs, then Virtualbox's Internal is working and the issue is the settings in the server guest's OS. At which point you would solve this as if the two guests were real PCs networked together through an unmanaged switch, try hitting the Ubuntu forums, etc.

One thing I do remember is that since the NAT virtual network is on 10.0.2.# IP range and the internal is on 172.16.0.#, you have to bridge the two networks in the server VM's OS somehow to get Internet through the server to the client. How to do so, I haven't the foggiest, sorry, Windows guy here. I have done it in Windows with the Internet Connection Sharing wizard. I don't know if this is where the iptables or the Bind thing comes in...
Site Moderator
Posts: 8012
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Postby Krafty » 7. Jun 2019, 06:23

Dear scottgus1,

Thanks for your input.
Well, with the two VMs on bridge mode, it works. Needs DHCP and DNS from Linux Guest.
I believe you are a right about something wrong with the Linux Guest.
However, I haven't seen a configuration that is able to route the Linux Guest NIC1 to Linux Guest NIC 2, so that it can feed the internet on the 172.16.0.# network.

I have done this same thing on VMware Pro and it did not work.
Posts: 4
Joined: 30. May 2019, 07:20

Re: Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Postby Krafty » 26. Nov 2019, 08:56

  • iptables must be configured to forward traffic from NIC1 to NIC2.
  • DHCP must lease the addresses to NIC2.
  • DHCP configuration must have the DNS server IP that is the IP of NIC1.
  • BIND must be configured with an ACL permitting the NIC1 network, localhosts and localnets.
  • BIND also must be configured to allow-queries, recursion, safeguard forwarders, and it should be only forwarding.
  • VM2 needs no additional configuration.
The common terminology for this setup is BIND as a DNS Caching and Forwarding setup.
Posts: 4
Joined: 30. May 2019, 07:20

Re: Two VMs - DHCP + Internet, using NAT+INT on server - INT only on client

Postby socratis » 26. Nov 2019, 10:46

So, 'Krafty', correct me if I'm wrong, but this has nothing to do with VirtualBox, right? This is simply a matter of configuring the Guests appropriately, no?
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Site Moderator
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Return to Linux Guests

Who is online

Users browsing this forum: No registered users and 9 guests