Multiple network problem

[wfeather]

I have two non-routeable networks, one internally at 10.0.0.n and another in the DMZ at 192.168.0.n

The Debian VBox host in the DMZ needs to get data from a SCO server on the internal network via an ODBC driver that only works on Windows (real Windows, WINE doesn't work). I set up a Virtual Box machine inside the Debian web server, loaded Windows 2000 Server on it and connected it to a 2nd network card configured to talk to the internal 10.0.0.n network.
The idea is to have the web server run, via SSH, a PHP CLI program on the Virtual Box Windows machine that will run its ODBC driver to get data from the SCO server on the internal network to update the database back on the DMZ web server.

The Debian web server first network card is 192.168.0.9
The Debian web server second network card is 10.0.0.145
The SCO box is at 10.0.0.25
The Virtual Box Windows 2000 machine with ODBC driver must be somewhere on the 10.0.0.n network

Everything pings properly but I can't get an SSH connection to work from the host at 192.168.0.9 to the Virtual Box Windows 2000 machine. I think I have the firewall configured properly - I'm allowing both ping and SSH between the internal and DMZ networks and ping works fine. I've tried port forwarding as per the VBox instructions but either get a 'connection refused' error or only get as far as the 10.0.0.145 interface. This all works if I use a stand-alone Windows box - it's only when I try it with virtual Windows that I' messing up. Comments?

[Sasquatch]

Are you sure you have the proper programs installed on the Windows VM to accept SSH? By default, it doesn't have any SSH options. Windows never heard of that.

[wfeather]

I'm using FreeSSH on Windows configured to accept connections on 10.* and 192.* (FreeSSH allows wildcards) which I can hit successfully via Windows localhost and again, all works well when I try this on a physically separate machine - it's only when I try to do this virtually. Maybe I'm missing something basic like just setting up a static ip on Virtual Box?

[vbox4me2]

Use tracert or a port scanner from both ends and go route by route to locate where it blocks or goes into outer space.

[wfeather]

I can get to the 2nd (internal network) card (eth1) at 10.0.0.145 and run SSH there. I tried setting up the Windows instance with a static IP of 10.0.0.147 and could ping it but couldn't reach it with SSH. I then tried setting Windows up as NAT and port forwarding with the following commands:

VBoxManage setextradata "Linux Guest" "VBoxInternal/Devices/pcnet/1/LUN#0/Config/guestssh/Protocol" TCP
VBoxManage setextradata "Linux Guest" "VBoxInternal/Devices/pcnet/1/LUN#0/Config/guestssh/GuestPort" 22
VBoxManage setextradata "Linux Guest" "VBoxInternal/Devices/pcnet/1/LUN#0/Config/guestssh/HostPort" 2222
^
Note I used 1 instead of 0 as this is for eth1. That gave me 'connection refused' and netstat did not show an open port at 2222 on the host. I tried setting up SSH on the host at 2222 and could hit it fine there but still wasn't being redirected to the VM. After tearing my hair and ripping my clothing I then tried this forum. What am I doing wrong?

[wfeather]

Sorry, I didn't mean "Linux Guest" - yes I did use the name of my VM.

[vbox4me2]

Just a thought, isnt there something with debian and ports below 1024/firewalled?

[Sasquatch]

Just a thought, isnt there something with debian and ports below 1024/firewalled?

It's about ports below 1024 that cannot be opened by non-root users because they are known ports. This is with Windows too, but as you run as Admin by default, you don't notice it.

wfeather, did you try the portscan/traceroute yet?

[wfeather]

Sasquatch,

I'm not sure what to look for. eth0 works fine, eth1 works fine, if I set the Windows VM to a static IP on the eth1 network it pings fine and SSH works fine on Windows localhost.

Okay, I thought that if I set up the Windows VM with a static IP and used Host Networking that the Windows static IP would appear to the network as directly connected. My LAN tool shows it does appear to be with the SSH port 22 open. Ping works, SSH just hangs. Of course, that Windows static IP is *not* directly on the network, it's really behind eth1 which appears to be blocking the SSH. Thus the port forwarding I tried. Perhaps reverse port forwarding is what I need but that's beyond my skill level at the moment.

[vbox4me2]

You may need additional routing rules on the point in between(eth0/eht1) and at the endpoint, ping sometimes works while other protocols don't, icmp can behave strangely compared to conventional routing.
But first establish to where the paths reach like mentioned before.

[Sasquatch]

Just out of the blue, are you sure all your NICs have an active link on them? If there is no cable connected to it, any routing to it will fail, because it's shut down by the Host.

[wfeather]

Yeah, I can ping it and SSH via the internal network as far as the Debian machine. Apparently, I need to get the port forwarding working. Tell me if I'm doing it wrong, please:

1) set the 2nd network card to a static IP on the internal network - done, I can ping it
2) set the Windows VM connection 2 to NAT (connection 1 being also NAT but on the DMZ network) - done, it's visible on the network
3) set up port forwarding using the following 3 commands with 0 changed to 1 for eth1

VBoxManage setextradata "<myVMname>" "VBoxInternal/Devices/pcnet/1/LUN#0/Config/guestssh/Protocol" TCP
VBoxManage setextradata "<myVMname>" "VBoxInternal/Devices/pcnet/1/LUN#0/Config/guestssh/GuestPort" 22
VBoxManage setextradata "<myVMname>" "VBoxInternal/Devices/pcnet/1/LUN#0/Config/guestssh/HostPort" 2222

4) reboot - done
5) check with getextradata to make sure my additions are actually there - done
6) check with netstat to make sure 2222 is listening - fails
7) cry

[vbox4me2]

If the Host is not listening then that needs to be sorted first, are you sure 2222 is not firewalled?

[dros]

Code: Select all

nmap -P0 IP_ADRESS_HERE -p port_to_scan here 

should help to determine if port is reachable

[wfeather]

Not firewalled. I also tried setting SSH manually to 2222 at /etc/services, /etc/ssh/ssh_config and /etc/ssh/sshd_config. SSH worked on 2222 then (and no longer on 22) but only on the host - It never tried getting to the VM.