[SOLVED] Port forwarding localhost:8080-->80 ?

[chni]

Hello,

My computer is a client in an unsecure network and -- as typical for Linux PCs -- has no firewall. So: Is there a way to make it listen on 127.0.0.1:8080 instead of *:8080 in order to forward HTTP requests to the guest or what else may I do to prevent access from outside? (Firestarter/Iptables is not an option)

Edit:  requirement: access from host to guest web server (port 80); network settings currently NAT I would be glad about an answer. Greetings Chris

[Hachiman]

I am not sure about securing your computer, but to configure port forwarding you need do following steps:
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/Protocol" TCP
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/GuestPort" 80
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/HostPort" 8080

web here could be changed with any other uniq in term of your port forwarding configuration
pcnet here could be replaced e1000 depending on network card you've configured for your VM.

Please Note: VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/{Protocol,GuestPort,HostPort} is case sensitive

[chni]

I am not sure about securing your computer, [...]

My computer is secure as long as I don't use VirtualBox (in particular: the port forwarding feature of VirtualBox).

Stating ...Protocol TCP, ...GuestPort 80 and HostPort 8080 is what I did. But as stated in the thread title, my computer must not listen on any address but rather localhost, or else anybody outside might access my virtual machine's web server. That may not be a problem inside a company's intranet LAN, but in my university's WLAN it is -- for sure.

Maybe the netstat command shows my concern more clearly to everybody:
cn@r65:~$ sudo netstat -nap | grep tcp
[sudo] password for cn:
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5149/cupsd

cupsd, the printer service, does the right thing, VirtualBox not. What I need is:
tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 16430/VirtualBox

If this is not possible, please suggest a workaround.

@Mr-Biscuit: linuxquestions.org is definitely not a place to ask this question...

Greetings
Chris

[Sasquatch]

If you want to be 100% certain that the traffic can only go from the Host to the Guest, you have to use Host Interface with a TAP interface. Set the VM to use HIF as extra NIC. Install the UML-Utilities package and use Tunctl to create a virtual interface. Select that as HIF, give it a static IP on both the Host and Guest and you can access the VM webserver like any other website. Just use it's IP address, or add it to the /etc/hosts file.

[chni]

If you want to be 100% certain that the traffic can only go from the Host to the Guest, you have to use Host Interface with a TAP interface. Set the VM to use HIF as extra NIC. Install the UML-Utilities package and use Tunctl to create a virtual interface. Select that as HIF, give it a static IP on both the Host and Guest and you can access the VM webserver like any other website. Just use it's IP address, or add it to the /etc/hosts file.

Thank you very much for your suggestion. This sounds pretty straight-forward. But do I really need uml-utilities to create a virtual interface?

I will post in this thread whether I was successful with your solution.

Greetings and thanks again
Chris

[Sasquatch]

Yes, you need that package. The command tunctl is supplied with that package. And you need that command to create the TAP interface.

[chni]

Using tunctl the setup is really easy. @Sasquatch: many thanks again.

If somebody wants to know how:

Code: Select all

tunctl -u username

that's it, then just assign an IP address to tap0 and make sure that /dev/net/tun is writable for VirtualBox.

I set the host's address for tap0 to 192.168.0.1 and the virtual machine's address for eth0 to 192.168.0.2.
Then I configured the host as a router (ip_forward=1 and iptables MASQUERADE) in order to allow the virtual machine access to the internet via eth0. It uses 192.168.0.1 as default gateway.

Everything works as desired.

Greetings and best wishes
Chris