[SOLVED] Port forwarding localhost:8080-->80 ?

Discussions related to using VirtualBox on Linux hosts.
Post Reply
chni
Posts: 4
Joined: 4. Mar 2009, 00:41
Location: Wien, Österreich

[SOLVED] Port forwarding localhost:8080-->80 ?

Post by chni »

Hello,

My computer is a client in an unsecure network and -- as typical for Linux PCs -- has no firewall. So: Is there a way to make it listen on 127.0.0.1:8080 instead of *:8080 in order to forward HTTP requests to the guest or what else may I do to prevent access from outside? (Firestarter/Iptables is not an option)
 Edit:  requirement: access from host to guest web server (port 80); network settings currently NAT

I would be glad about an answer.

Greetings
Chris 
Last edited by chni on 6. Mar 2009, 23:21, edited 1 time in total.
Hachiman
Posts: 94
Joined: 18. Dec 2008, 21:04
Primary OS: Mac OS X other
VBox Version: VirtualBox+Oracle ExtPack
Guest OSses: Linux, Solaris, NetBSD

Re: Port forwarding localhost:8080-->80 ?

Post by Hachiman »

I am not sure about securing your computer, but to configure port forwarding you need do following steps:
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/Protocol" TCP
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/GuestPort" 80
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/HostPort" 8080

web here could be changed with any other uniq in term of your port forwarding configuration
pcnet here could be replaced e1000 depending on network card you've configured for your VM.

Please Note: VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/{Protocol,GuestPort,HostPort} is case sensitive
--
Kind regards
Sr. Software Engineer
Oracle Corporation
Vasily Levchenko

PS. Happy VBoxing.
chni
Posts: 4
Joined: 4. Mar 2009, 00:41
Location: Wien, Österreich

Re: Port forwarding localhost:8080-->80 ?

Post by chni »

Hachiman wrote:I am not sure about securing your computer, [...]
My computer is secure as long as I don't use VirtualBox (in particular: the port forwarding feature of VirtualBox).

Stating ...Protocol TCP, ...GuestPort 80 and HostPort 8080 is what I did. But as stated in the thread title, my computer must not listen on any address but rather localhost, or else anybody outside might access my virtual machine's web server. That may not be a problem inside a company's intranet LAN, but in my university's WLAN it is -- for sure.

Maybe the netstat command shows my concern more clearly to everybody:
cn@r65:~$ sudo netstat -nap | grep tcp
[sudo] password for cn:
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5149/cupsd

cupsd, the printer service, does the right thing, VirtualBox not. What I need is:
tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 16430/VirtualBox

If this is not possible, please suggest a workaround.

@Mr-Biscuit: linuxquestions.org is definitely not a place to ask this question...

Greetings
Chris
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: VirtualBox+Oracle ExtPack
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: Port forwarding localhost:8080-->80 ?

Post by Sasquatch »

If you want to be 100% certain that the traffic can only go from the Host to the Guest, you have to use Host Interface with a TAP interface. Set the VM to use HIF as extra NIC. Install the UML-Utilities package and use Tunctl to create a virtual interface. Select that as HIF, give it a static IP on both the Host and Guest and you can access the VM webserver like any other website. Just use it's IP address, or add it to the /etc/hosts file.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
chni
Posts: 4
Joined: 4. Mar 2009, 00:41
Location: Wien, Österreich

Re: Port forwarding localhost:8080-->80 ?

Post by chni »

Sasquatch wrote:If you want to be 100% certain that the traffic can only go from the Host to the Guest, you have to use Host Interface with a TAP interface. Set the VM to use HIF as extra NIC. Install the UML-Utilities package and use Tunctl to create a virtual interface. Select that as HIF, give it a static IP on both the Host and Guest and you can access the VM webserver like any other website. Just use it's IP address, or add it to the /etc/hosts file.
Thank you very much for your suggestion. This sounds pretty straight-forward. But do I really need uml-utilities to create a virtual interface?

I will post in this thread whether I was successful with your solution.

Greetings and thanks again
Chris
Sasquatch
Volunteer
Posts: 17798
Joined: 17. Mar 2008, 13:41
Primary OS: Debian other
VBox Version: VirtualBox+Oracle ExtPack
Guest OSses: Windows XP, Windows 7, Linux
Location: /dev/random

Re: Port forwarding localhost:8080-->80 ?

Post by Sasquatch »

Yes, you need that package. The command tunctl is supplied with that package. And you need that command to create the TAP interface.
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org

Retired from this Forum since OSSO introduction.
chni
Posts: 4
Joined: 4. Mar 2009, 00:41
Location: Wien, Österreich

Re: Port forwarding localhost:8080-->80 ?

Post by chni »

Using tunctl the setup is really easy. @Sasquatch: many thanks again.

If somebody wants to know how:

Code: Select all

tunctl -u username
that's it, then just assign an IP address to tap0 and make sure that /dev/net/tun is writable for VirtualBox.

I set the host's address for tap0 to 192.168.0.1 and the virtual machine's address for eth0 to 192.168.0.2.
Then I configured the host as a router (ip_forward=1 and iptables MASQUERADE) in order to allow the virtual machine access to the internet via eth0. It uses 192.168.0.1 as default gateway.

Everything works as desired.

Greetings and best wishes
Chris
Post Reply