Page 1 of 1
[SOLVED] Port forwarding localhost:8080-->80 ?
Posted: 4. Mar 2009, 00:48
by chni
Hello,
My computer is a client in an unsecure network and -- as typical for Linux PCs -- has no firewall. So: Is there a way to make it listen on 127.0.0.1:8080 instead of *:8080 in order to forward HTTP requests to the guest or what else may I do to prevent access from outside? (Firestarter/Iptables is not an option)
Edit: requirement: access from host to guest web server (port 80); network settings currently NAT
I would be glad about an answer.
Greetings
Chris |
Re: Port forwarding localhost:8080-->80 ?
Posted: 5. Mar 2009, 10:10
by Hachiman
I am not sure about securing your computer, but to configure port forwarding you need do following steps:
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/Protocol" TCP
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/GuestPort" 80
#VBoxManage setextradata [vm-name] "VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/HostPort" 8080
web here could be changed with any other uniq in term of your port forwarding configuration
pcnet here could be replaced e1000 depending on network card you've configured for your VM.
Please Note: VBoxInternal/Devices/pcnet/0/LUN#0/Config/web/{Protocol,GuestPort,HostPort} is case sensitive
Re: Port forwarding localhost:8080-->80 ?
Posted: 5. Mar 2009, 15:54
by chni
Hachiman wrote:I am not sure about securing your computer, [...]
My computer
is secure as long as I don't use VirtualBox (in particular: the port forwarding feature of VirtualBox).
Stating ...Protocol TCP, ...GuestPort 80 and HostPort 8080 is what I did. But as stated in the thread title, my computer must not listen on
any address but rather
localhost, or else anybody outside might access my virtual machine's web server. That may not be a problem inside a company's intranet LAN, but in my university's WLAN
it is -- for sure.
Maybe the
netstat command shows my concern more clearly to everybody:
cn@r65:~$ sudo netstat -nap | grep tcp
[sudo] password for cn:
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5149/cupsd
cupsd, the printer service, does the right thing, VirtualBox not. What I need is:
tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN 16430/VirtualBox
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 16430/VirtualBox
If this is not possible, please suggest a workaround.
@Mr-Biscuit: linuxquestions.org is definitely not a place to ask this question...
Greetings
Chris
Re: Port forwarding localhost:8080-->80 ?
Posted: 5. Mar 2009, 23:59
by Sasquatch
If you want to be 100% certain that the traffic can only go from the Host to the Guest, you have to use Host Interface with a TAP interface. Set the VM to use HIF as extra NIC. Install the UML-Utilities package and use Tunctl to create a virtual interface. Select that as HIF, give it a static IP on both the Host and Guest and you can access the VM webserver like any other website. Just use it's IP address, or add it to the /etc/hosts file.
Re: Port forwarding localhost:8080-->80 ?
Posted: 6. Mar 2009, 00:15
by chni
Sasquatch wrote:If you want to be 100% certain that the traffic can only go from the Host to the Guest, you have to use Host Interface with a TAP interface. Set the VM to use HIF as extra NIC. Install the UML-Utilities package and use Tunctl to create a virtual interface. Select that as HIF, give it a static IP on both the Host and Guest and you can access the VM webserver like any other website. Just use it's IP address, or add it to the /etc/hosts file.
Thank you very much for your suggestion. This sounds pretty straight-forward. But do I really need
uml-utilities to create a virtual interface?
I will post in this thread whether I was successful with your solution.
Greetings and thanks again
Chris
Re: Port forwarding localhost:8080-->80 ?
Posted: 6. Mar 2009, 01:21
by Sasquatch
Yes, you need that package. The command tunctl is supplied with that package. And you need that command to create the TAP interface.
Re: Port forwarding localhost:8080-->80 ?
Posted: 6. Mar 2009, 23:21
by chni
Using
tunctl the setup is really easy. @Sasquatch: many thanks again.
If somebody wants to know how:
that's it, then just assign an IP address to tap0 and make sure that /dev/net/tun is writable for VirtualBox.
I set the host's address for tap0 to 192.168.0.1 and the virtual machine's address for eth0 to 192.168.0.2.
Then I configured the host as a router (ip_forward=1 and iptables MASQUERADE) in order to allow the virtual machine access to the internet via eth0. It uses 192.168.0.1 as default gateway.
Everything works as desired.
Greetings and best wishes
Chris