port-forwarding - I can access the host's http server, but I cannot access the vm's http server

[MrBurns]

Using port-forwarding, I can access the host's http server, but I cannot access the vm's http server.
I have been using Virtualbox and port-forwarding to vms for many years. I am familiar with the issues at hand.
Just the same, port-forwarding is suddenly no longer working for me and I am stumped.
I have four systems that I have tested this on. Three Windows 10-11 and one Ubuntu 22.04. They all share the same problem.

to reproduce the issue i do the following...

install Virtualbox 7.0.14 (tried 7.0.12 too)
create a vm with ubuntu.com file: ubuntu-22.04.4-live-server-amd64.iso
when prompted to reboot i instead do an acpi shutdown, then select the vm's networking and add a second interface as bridged to my host interface that is hardwire connected to the router

I have two ips i am using
host: 10.0.0.17
vm: 10.0.0.18


router configuration...

port-forward port 8017 to host's ip(10.0.0.17) and port 8018 to vm's ip(10.0.0.18)

Server Name External Port Start External Port End Protocol Internal Port Start Internal Port End Server IP Address WAN Interface Remove
Web Server (HTTP) 8017 8017 TCP 8017 8017 10.0.0.17 ppp1.1
Web Server (HTTP) 8018 8018 TCP 8018 8018 10.0.0.18 ppp1.1


host configuration...

on the host i am using wsl1 rather than wsl2. wsl1 shares the host's interfaces with Windows

host> ipconfig /all
Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Lenovo USB2.0 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-B6-5A-76-8B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::32c:781c:d20d:e795%36(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 604000438
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-BE-89-31-4C-79-6E-88-12-A1
DNS Servers . . . . . . . . . . . : 1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled


host cmd(admin)> netsh advfirewall firewall add rule name="ALLOW TCP PORT 80" dir=in action=allow protocol=TCP localport=80

# in actuallity, i disabled the firewall

host wsl1> echo '<HTML><BODY>Hello, World!</BODY></HTML>' > index.html

host wsl1> python3 -m http.server --bind 10.0.0.17 8017


vm configuration...

vm> sudo ip address add 10.0.0.18/24 dev enp0s8
vm> sudo ip link set up dev enp0s8
vm> sudo ufw status
inactive

vm> echo '<HTML><BODY>Hello, World!</BODY></HTML>' > index.html

vm> python3 -m http.server --bind 10.0.0.18 8018


host http test...

fetch http://<my WAN IP>:8017/index.html via remote site: https://www.dotcom-tools.com/web-servers-test

Location
Date
Time
Duration
Status
Montreal
03/01/2024
10:32:49 AM
53 ms
OK


vm http test...

fetch http://<my WAN IP>:8018/index.html via remote site: https://www.dotcom-tools.com/web-servers-test

Location
Date
Time
Duration
Status
Montreal
03/01/2024
10:34:39 AM
21.01 s
TCP

FAIL!!!

Similar results from using https://mxtoolbox.com/SuperTool.aspx

vm> sudo tcpdump -i enp0s8 port 8018

15:58:35:507519 IP 18.209.86.113.51835 > iso.8018: Flags [SEW], seq 1251914873, win 64240, options [mss 1452,nop,wscale 8,nop,nop,sack[OK], length 0
...

I am stumped! Any suggestions would be appreciated!

kendal

[fth0]

If you have two or more active network interfaces in the VM, I'd suggest to check the routing table of the guest OS, especially the metrics (e.g. ip route or route -n), because it could happen that the TCP SYN/ACK goes over another network interface. Alternatively, use tcpdump to capture on all network interfaces simultaneously.

[MrBurns]

If you have two or more active network interfaces in the VM, I'd suggest to check the routing table of the guest OS, especially the metrics (e.g. ip route or route -n), because it could happen that the TCP SYN/ACK goes over another network interface. Alternatively, use tcpdump to capture on all network interfaces simultaneously.

Thanks for your comment! It started me looking into my routing, and that was key. I had requests coming in one interface and out another.

For anyone interested, this command was key...

sudo tcpdump -i any port 443

I could see more than one interface responding to a remote query when it should only be the one interface responding.

Fiddling with netplan configuration and metrics solved matters.

[fth0]

You're welcome, and thanks for reporting back!