NAT Network and RHEL 7 network setup
NAT Network and RHEL 7 network setup
Dear VB forum.
I am not a novice but seem to be missing something basic with NAT Network configuration and RHEL/CentOS 7. I have set up a "NAT Network" called NatNetwork (198.168.4.0/24) and 2 CentOS 7 clients configured with their Adapter 1 using NATnetwork with IP address provided by VB with DHCP. The CentOS 7 clients can ping the internet (8.8.8.8) but not each other. Firewall is disabled.
From my understanding this configuration without any other alterations is supposed to allow the 2 CentOS clients to contact each other as well as the internet.
What is not configured correctly?
The following is my configuration:
VB version: 6.0.10 r 132072 (Qt5.6.2)
Attached is the output from:
- ip route show
- ip a
I am not a novice but seem to be missing something basic with NAT Network configuration and RHEL/CentOS 7. I have set up a "NAT Network" called NatNetwork (198.168.4.0/24) and 2 CentOS 7 clients configured with their Adapter 1 using NATnetwork with IP address provided by VB with DHCP. The CentOS 7 clients can ping the internet (8.8.8.8) but not each other. Firewall is disabled.
From my understanding this configuration without any other alterations is supposed to allow the 2 CentOS clients to contact each other as well as the internet.
What is not configured correctly?
The following is my configuration:
VB version: 6.0.10 r 132072 (Qt5.6.2)
Attached is the output from:
- ip route show
- ip a
- Attachments
-
- # ip route show
# ip a - Capture.PNG (19.63 KiB) Viewed 6400 times
- # ip route show
-
- Volunteer
- Posts: 2560
- Joined: 30. May 2007, 18:05
- Primary OS: Fedora other
- VBox Version: PUEL
- Guest OSses: XP, Win7, Win10, Linux, OS/2
Re: NAT Network and RHEL 7 network setup
How did you create the two centos clients?
Do they have different MAC addresses?
Do they have different MAC addresses?
Re: NAT Network and RHEL 7 network setup
The CentOS clients were build from scratch (i.e. new VM and install from CentOS minimal ISO)
Server1: 08:00:27:e8:35:1b
Server2: 08:00:27:58:f2:27
I wouldn't have expected the same MAC addresses ...
Server1: 08:00:27:e8:35:1b
Server2: 08:00:27:58:f2:27
I wouldn't have expected the same MAC addresses ...
-
- Site Moderator
- Posts: 39156
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: NAT Network and RHEL 7 network setup
To clarify, both CentOS guests were each built from scratch? You didn't build one and then clone it (which is the obvious move IMO)?
Yes, two CentOS guests configured to be on the same NAT network ought to be able to ping each other, unless ICMP has been disabled in them.
Can you show the results of "ifconfig -a" for both VMs?
Yes, two CentOS guests configured to be on the same NAT network ought to be able to ping each other, unless ICMP has been disabled in them.
Can you show the results of "ifconfig -a" for both VMs?
Re: NAT Network and RHEL 7 network setup
I've been trying to figure out why this doesn't work for some time so I built the simplest case - 2 CentOS clients from scratch each receiving their IP information over DHCP without any intervention from me. Both of the CentOS clients are configured to use the same NAT Networking.
From my understanding - this should just work (but it doesn't).
Eddy
From my understanding - this should just work (but it doesn't).
Eddy
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: NAT Network and RHEL 7 network setup
This *does* work for a bunch of clients that I have, and so does for a lot of people.EddyR wrote:From my understanding - this should just work (but it doesn't).
Besides the info that mpack asked for ("ifconfig -a" for both, from within the guests), I'd like to see also the output from your host of the commands:
VBoxManage list dhcpservers VBoxManage list natnetworks
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: NAT Network and RHEL 7 network setup
Below is what you asked for. All of the values should be default except for the IP for the "NAT Network" which I defined.
[root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1686 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_Ift forever preferred_Ift forever inet6 ::1/128 scope host valid_Ift forever preferred_Ift forever 2: enp@s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e8:35:1b brd ff:ff:ff:ff:ff:ff inet 198.168.4.23/24 brd 198.168.4.255 scope global noprefixroute dynamic enpés3 valid_Ift 840sec preferred_Ift 840sec inet6 fe00::d66a:f810:59b1:eab9/64 scope link noprefixroute valid_Ift forever preferred_Ift forever
[root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1686 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_Ift forever preferred_Ift forever inet6 ::1/128 scope host valid_Ift forever preferred_Ift forever 2: enp@s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:58:f2:27 brd ff:ff:ff:ff:ff:ff inet 198.168.4.24/24 brd 198.168.4.255 scope global noprefixroute dynamic enpés3 valid_Ift 119@sec preferred_Ift 119@sec inet6 fe00::970b:4167:97bd:c475/64 scope link noprefixroute valid_Ift forever preferred_Ift forever
C:\Program Files\Oracle\VirtualBox>VBoxManage list dhcpservers NetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter IP: 192.168.56.100 NetworkMask: 255.255.255.0 lowerIPAddress: 192.168.56.101 upperIPAddress: 192.168.56.254 Enabled: Yes Global options: 1:255.255.255.0 NetworkName: NatNetwork IP: 198.168.4.3 NetworkMask: 255.255.255.0 lowerIPAddress: 198.168.4.4 upperIPAddress: 198.168.4.254 Enabled: Yes Global options: 1:255.255.255.0 3:198.168.4.1 6:10.100.0.50 10.100.0.99 10.100.0.100 15:bynet.co.il
C:\Program Files\Oracle\VirtualBox>VBoxManage list natnetworks NetworkName: NatNetwork IP: 198.168.4.1 Network: 198.168.4.0/24 IPv6 Enabled: No IPv6 Prefix: fd17:625c:f037:2::/64 DHCP Enabled: Yes Enabled: Yes loopback mappings (ipv4) 127.0.0.1=2
Last edited by socratis on 24. Jul 2019, 09:49, edited 2 times in total.
Reason: Fixed formatting.
Reason: Fixed formatting.
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: NAT Network and RHEL 7 network setup
I took the liberty of highlighting the important parts in the output of your commands, hope you don't mind
Just for reference, here's a similar setup with my custom "VBoxNATservice" network option between a Mint19 and a Fedora29 clients. I "trimmed" the output for brevity, not for obfuscation, you don't care for all my 4 networking options :
- The two guests have indeed different MACs.
- The two guests have indeed different IPs, from the correct NATnetwork range.
- Everything looks normal, host and guests.
Just for reference, here's a similar setup with my custom "VBoxNATservice" network option between a Mint19 and a Fedora29 clients. I "trimmed" the output for brevity, not for obfuscation, you don't care for all my 4 networking options :
socratis@VB-Mint-19:~$ ip a 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 08:00:27:15:c6:f7 brd ff:ff:ff:ff:ff:ff inet 192.168.40.107/24 brd 192.168.40.255 scope global dynamic noprefixroute enp0s9 valid_lft 1149sec preferred_lft 1149sec
[socratis@vb-fedora-29-localdomain ~]$ ip a 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 08:00:27:2363 brd ff:ff:ff:ff:ff:ff inet 192.168.40.146/24 brd 192.168.40.255 scope global dynamic noprefixroute enp0s9 valid_lft 980sec preferred_lft 980sec
$ VBoxManage list dhcpservers NetworkName: VBoxNATservice IP: 192.168.40.100 NetworkMask: 255.255.255.0 lowerIPAddress: 192.168.40.101 upperIPAddress: 192.168.40.254 Enabled: Yes Global options: 1:255.255.255.0 3:192.168.40.1 6:1.1.1.1 15:SGK
and finally pinging Mint19 from Fedora29:$ VBoxManage list natnetworks NetworkName: VBoxNATservice IP: 192.168.40.1 Network: 192.168.40.0/24 IPv6 Enabled: Yes IPv6 Prefix: fd17:625c:f037:a828::/64 DHCP Enabled: Yes Enabled: Yes loopback mappings (ipv4) 127.0.0.1=2
and vice versa, pinging Fedora29 from Mint19:[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 192.168.40.107 PING 192.168.40.107 (192.168.40.107) 56(84) bytes of data. 64 bytes from 192.168.40.107: icmp_seq=1 ttl=64 time=0.554 ms 64 bytes from 192.168.40.107: icmp_seq=2 ttl=64 time=0.306 ms 64 bytes from 192.168.40.107: icmp_seq=3 ttl=64 time=0.380 ms 64 bytes from 192.168.40.107: icmp_seq=4 ttl=64 time=0.345 ms --- 192.168.40.107 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 102ms rtt min/avg/max/mdev = 0.306/0.396/0.554/0.095 ms
socratis@VB-Mint-19:~$ ping -c 4 192.168.40.146 PING 192.168.40.146 (192.168.40.146) 56(84) bytes of data. 64 bytes from 192.168.40.146: icmp_seq=1 ttl=64 time=0.256 ms 64 bytes from 192.168.40.146: icmp_seq=2 ttl=64 time=0.624 ms 64 bytes from 192.168.40.146: icmp_seq=3 ttl=64 time=0.284 ms 64 bytes from 192.168.40.146: icmp_seq=4 ttl=64 time=0.602 ms --- 192.168.40.146 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3064ms rtt min/avg/max/mdev = 0.256/0.441/0.624/0.173 ms
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: NAT Network and RHEL 7 network setup
So I see that in your environment it works yet mine it doesn't.
Could you point out where you might think the issue/differences might be?
Shouldn't I be able to ping the gateway (192.168.4.1)?
Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?
Eddy
Could you point out where you might think the issue/differences might be?
Shouldn't I be able to ping the gateway (192.168.4.1)?
Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?
Eddy
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: NAT Network and RHEL 7 network setup
Already told you:EddyR wrote:Could you point out where you might think the issue/differences might be?
socratis wrote:might be a problem with the guests, not VirtualBox
Sure, if it allows it...EddyR wrote:Shouldn't I be able to ping the gateway (192.168.4.1)?
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 192.168.40.1 PING 192.168.40.1 (192.168.40.1) 56(84) bytes of data. 64 bytes from 192.168.40.1: icmp_seq=1 ttl=255 time=0.128 ms 64 bytes from 192.168.40.1: icmp_seq=2 ttl=255 time=0.198 ms 64 bytes from 192.168.40.1: icmp_seq=3 ttl=255 time=0.299 ms 64 bytes from 192.168.40.1: icmp_seq=4 ttl=255 time=0.439 ms --- 192.168.40.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 51ms rtt min/avg/max/mdev = 0.128/0.266/0.439/0.116 ms
I'm not really sure that pinging a broadcast address should ... ping anything:EddyR wrote:Shouldn't the ping -b 192.168.4.0 (broadcast) return me something?
[socratis@vb-fedora-29-localdomain ~]$ ping -c 4 -b 192.168.40.0 WARNING: pinging broadcast address PING 192.168.40.0 (192.168.40.0) 56(84) bytes of data. --- 192.168.40.0 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 110ms
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Site Moderator
- Posts: 39156
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: NAT Network and RHEL 7 network setup
That would be a no-no in most networking protocols that I'm familiar with. It's a recipe for a cascade condition. Or a DoS attack.socratis wrote:I'm not really sure that pinging a broadcast address should ... ping anything
A discovery function in a network would allow replies to a broadcast message, but there would be safeguards to protect against contention, such as randomly selecting a turnaround delay. I'm not an expect on TCP/IP/UDP networks, but AFAIK ping is not intended to be used that way.
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: NAT Network and RHEL 7 network setup
@socratis
A little bit off topic:
You edited/formatted one of EddyR's posts, and it looks like the result of a bad character recognition program to me, e.g. valid_Ift (with capital I after the underscore), enp@s0, enpés0, and the IPv4 addresses all start with 198 instead of 192.
I verified this in Safari on a macOS host (@home) and in Firefox on a Linux host (@work).
Now I'm curious how this has been achieved.
A little bit off topic:
You edited/formatted one of EddyR's posts, and it looks like the result of a bad character recognition program to me, e.g. valid_Ift (with capital I after the underscore), enp@s0, enpés0, and the IPv4 addresses all start with 198 instead of 192.
I verified this in Safari on a macOS host (@home) and in Firefox on a Linux host (@work).
Now I'm curious how this has been achieved.
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: NAT Network and RHEL 7 network setup
@fth0
You're right! But the only things that I did was:
You're right! But the only things that I did was:
- I did not touch the content at all, I never do, I even leave mistakes intact! These errors/misreadings that you point out were there, in the original post. Just look at the first post and the picture included. Maybe it was 'EddyR' that passed it through an OCR? And that goes for the "valid_lft" and the "enp0s3" part, not the 198.168 part, that's really clear, and there's nothing wrong with that part, even networking wise (I think).
- I just included the output in {quote}{pre} ... {/pre}{/quote} tags to better simulate the Terminal output and I highlighted with {color}{b} ... {/b}{/color} the interesting parts, to have a better focus for the reader.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: NAT Network and RHEL 7 network setup
Thanks for your explanations.
You're most probably right. I've been misled by one of his later posts, in which 'EddyR' used 192.168 himself.socratis wrote:Just look at the first post and the picture included.
It depends. As long as all IPv4 packets with an IPv4 destination address in this range stay limited to the (closed) NAT network, there probably will be no problem. But if (someday) such IPv4 packets reach the router, then the router could do the job it is named after, and route the packets to the Internet, like it or not. Therefore, using private IPv4 addresses in private networks is a common (and simple) precautionary measure in network security.socratis wrote:[...] the 198.168 part, that's really clear, and there's nothing wrong with that part, even networking wise (I think).
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: NAT Network and RHEL 7 network setup
That's a keeper!fth0 wrote:then the router could do the job it is named after, and route the packets to the Internet, like it or not.
Networking question for you: assume that I have two VMs, or even better Computers with public IP addresses (like 198.168.4.x), but in a LAN-like environment, and let's go with the simplest case; Ethernet cable to the router. Wouldn't the fact that they're in the same masked range (255.255.255.0) mean that the packets wouldn't go through the router to the outside world, but the router (knowing the arp table) simply forward the packets to the corresponding destination?
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.