Page 1 of 2
Host networking issue - cannot access host from guest
Posted: 19. Feb 2009, 01:51
by marckell
(CentOS 5.2 host, VirtualBox 2.1.4, Windows XP guest)
I have installed Windows XP as the guest OS in my CentOS VirtualBox host. The guest and host both have fixed IP addresses.
In the guest, I have Internet access. I can ping the guest. I can ping the host.
But when I try to connect to a service on the host, the connecting client (i.e. putty, firefox) just hangs.
For example, I run a web server on port 80 on the host, and I'd like to view it with IE on the guest. When I type in the IP address of the host as the URL, it just states "connecting...". It doesn't time out. There is no connection refused message.
I have turned off iptables. I have checked that the services are running. I can connect to other machines on the network.
I have had this setup working under Fedora 9 previously, so I think it might have something to do with CentOS or the RPM I used to install it: VirtualBox-2.1.4_42893_rhel5-1.i386.rpm
Posted: 19. Feb 2009, 03:34
by klingoncowboy4
is virtualbox setup to run networking as a NAT?
to do what you are trying you need to use either "host interface" or "bridge"
Posted: 19. Feb 2009, 03:37
by klingoncowboy4
also can both machines ping each other
Posted: 19. Feb 2009, 19:37
by marckell
I am using host interface networking.
From the guest (XP), I can ping the host (CentOS).
From the host, I cannot ping the guest.
I also discovered that if I do the following from the guest:
telnet <host IP address> 80
and type: GET /index.html, I get an entry in my httpd access file. But there is no response from the host back to the guest. So I guess there's some kind of routing issue? They are both on the same subnet with the same netmask.
Like I said previously, I had this same setup working under Fedora 9 as a host, with the same IP addresses and VirtualBox image. I think this is a pretty common setup. But there must be something at a low-level that's preventing access.
mk
Posted: 20. Feb 2009, 02:55
by marckell
Latest testing:
I set up Wireshark on the Windows XP guest. While telnetting to port 80 from the guest to the host in a DOS prompt, I see the proper source/destination IP addresses in wireshark until the actual response from the HTTP server comes back, and then the destination IP address is modified for that packet.
For example, my source IP is: 10.10.10.44
But the response returns to: 185.124.10.44
or: 216.84.10.44
Basically, it returns a random first two values of my source IP address every time.
So I'm not sure what's occurring with that. Possibly the guest NIC driver is an issue? I'm using the standard AMD PCNET Family adapter.
Posted: 20. Feb 2009, 16:14
by Sasquatch
Check your routing table, run a traceroute to find out which path it takes. Any network diagnostics you can think of.
Posted: 28. Feb 2009, 21:44
by thameema
I have the similar issue. I also did wireshark test. wireshark can see the traffic from host to guest but the guest adapter didn't get it. The random IPs you have mentioned is not that the packets are changed but due to internet traffic to your host machine. Wireshark can see all the traffic on the eth0 eventhough it runs under guest.
Something else must be causing issue... probably not VirtualBox may be CentOS???
Posted: 28. Feb 2009, 21:49
by thameema
The workaround for this issue is:
I have created another interface with NAT and whenever I need to talk to host it will go thru that NAT interface. This way host interface to the world and NAT to host.
Posted: 1. Mar 2009, 07:23
by marckell
Thanks for the workaround tip.
But could you describe in more detail how you set this up? Where do you create the new interface? How do you have both host networking and NAT simultaneously?
Posted: 1. Mar 2009, 07:46
by thameema
I have created the second interface using vbox GUI and set the type to NAT. I am using windows 2003 as my guest.
Once you start the guest (win 2003), if you do ipconfig you will see two interfaces. One with the host interface and second one with DHCP NAT interface. The default gateway is what the host is.
For example, my configuration the NAT interface looks like this:
Code: Select all
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : localdomain
IP Address. . . . . . . . . . . . : 10.0.2.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.2.2
Here 10.0.2.2 is host. To access anything on host you should send to this ip.
I hope this helps.
Posted: 1. Mar 2009, 16:11
by Sasquatch
Note that internet might still go though the NAT interface, instead of the HIF.
Doesn't CentOS use a firewall? Disable that first, then try again.
Posted: 1. Mar 2009, 21:58
by thameema
I tried disabling the firewall on both guest and host but no luck.
Re: Host networking issue - cannot access host from guest
Posted: 2. Mar 2009, 15:14
by vbox@innotronic.net
Same problem. See my comment and network dump on bugtracker ticket #3465
http://www.virtualbox.org/ticket/3465.
Re: Host networking issue - cannot access host from guest
Posted: 2. Mar 2009, 23:35
by marckell
I've added to your bug report. Thanks for starting that.
The workaround does work, but unfortunately my CentOS web server uses 5 aliased IPs that I'd like access to, and the workaround by default only handles one (the primary IP). So I'm still stuck.
I have to agree that this is a CentOS issue (that does not have to do with firewalls; iptables and Windows Firewall are both off), which is surprising considering I switched from Fedora 9 which had no problems.
Re: Host networking issue - cannot access host from guest
Posted: 3. Mar 2009, 00:07
by thameema
Here is another workaround... which works better than the other workaround i have mentioned.
Lets say you have only one interface which is eth0 in your system.
1. Create the first PCnet as host interface and choose this eth0 as your interface in the vm config. Assign the static/dynamic ips and this will work for internet (in/out) traffic.
2. Create a tap0 virtual interface in CentOS. Here is the commands you have to use.
Code: Select all
/usr/sbin/tunctl -t tap0
/sbin/ifconfig tap0 192.168.20.1 netmask 255.255.255.0 up
This will create a tap0 and assign the private IP.
3. Now go to vm config, create another Host interface and choose the newly created tap0 as your interface.
4. Start the vm, assign the following to your tap0 interface which in windows will show as "Local Area Connection 2" .
Code: Select all
IP Address. . . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS . . . . . . . . . . . . . . . . . : 192.168.20.1
5. Now, you will be able to talk to your host from guest via this interface and from host you can talk to 192.168.20.2 if you want to reach the guest.
The above method works and don't forget to open the ports in you host firewall. (you don't need to open any from guest). But as an alternative you can trust all traffic from your guest ip which is 192.168.20.2 in your firewall. Please note that we are not doing any ip forwarding or changing NAT rules in firewall. Those are necessary only if you want to allow the internet traffic to go via this ip. The purpose of tap0 is to communicate with host from guest and vice versa.
To automate things, like if you want to create the tap0 when you start the system, you can put that in your /etc/rc.local as i did.
Code: Select all
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/usr/sbin/tunctl -t tap0
/sbin/ifconfig tap0 192.168.20.1 netmask 255.255.255.0 up
VBoxHeadless -startvm windows2003
Note that i am starting my vm only after creating the tap0 otherwise the vm will not start.
As a side note, if you have problems accessing internet from your guest, it may be possible that your windows guest is having the same metric for both public ip and private ip routes. You may have to reduce the public ip metric to prioritize it. I hope this helps.