Trouble with 2.1.4 & bridged networking gateway problem

[malachii]

Hi guys,

I've been able to get a bridged networking setup on my local network testbed, and it's fine, however when I try to get this running on my remote dedicated server (hosted), I have configuration problems that are a little beyond me, and they (the hosting company) do not provide "official support" for VM environments, though I'm sure it's possible.

I'm hosting with VirtualBox 2.1.4 OSE on Ubuntu 9.04, and trying to configure a debian (lenny) guest. Using NAT configuration, everything's good, but obviously that doesn't work for what I want (web server in VM guest, etc).

Basically, it doesn't seem to have network access because when connecting to the apt repository it fails.

My provider has given me the following network configuration (from /etc/network/interfaces). The oddball thing to me is that I have a primary IP, and my "secondary" IPs are not sequential with the first/primary one, so the gateway doesn't work for them. At least that's my current understanding.

Hosting company's provided network configuration (/etc/network/interfaces):

Code: Select all

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
         address 174.142.53.123
         netmask 255.255.255.224
         gateway 174.142.53.97

auto eth0:0
iface eth0:0 inet static
         address 174.142.56.249
         netmask 255.255.255.248

auto eth0:1
iface eth0:1 inet static
         address 174.142.56.250
         netmask 255.255.255.248

auto eth0:2
iface eth0:2 inet static
         address 174.142.56.251
         netmask 255.255.255.248

auto eth0:3
iface eth0:3 inet static
         address 174.142.56.252
         netmask 255.255.255.248

auto eth0:4
iface eth0:4 inet static
         address 174.142.56.253
         netmask 255.255.255.248

auto eth0:5
iface eth0:5 inet static
         address 174.142.56.254
         netmask 255.255.255.248

The resulting ifconfig:

Code: Select all

eth0      Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.53.123  Bcast:174.142.53.127  Mask:255.255.255.224
          inet6 addr: fe80::21b:21ff:fe32:8fb3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:111 errors:0 dropped:0 overruns:0 frame:0
          TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:10612 (10.6 KB)  TX bytes:12816 (12.8 KB)

eth0:0    Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.56.249  Bcast:174.142.56.255  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:1    Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.56.250  Bcast:174.142.56.255  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:2    Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.56.251  Bcast:174.142.56.255  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:3    Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.56.252  Bcast:174.142.56.255  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:4    Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.56.253  Bcast:174.142.56.255  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:5    Link encap:Ethernet  HWaddr 00:1b:21:32:8f:b3
          inet addr:174.142.56.254  Bcast:174.142.56.255  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:208 (208.0 B)  TX bytes:208 (208.0 B)

I have apache configured on this host machine, and I confirmed that all these IP addresses do load the default apache page from an external location. So they "work".

Now I found a "helpful" forum post by I believe one of their mods (hosting company), that explains how to get things working in VMWare with bridged networking on their systems, so I took a shot at some of the things they suggest.

I'll quote their post here:

Code: Select all

The problem

Additional IPs at iWeb are not provided with an additional gateway so customers using VMWare or other virtualization tools might be wondering how they can use the additional IPs to create new Guest OS or Virtual Machines. It can be done by configuring VMWare to bridge connection to eth0.

1. Configure your first additional IP XX.XX.XX.1 as a secondary IP on eth0:0 
2. Enable IP forwarding to route VM traffic (IP forwarding can be enabled by adding net.ipv4.ip_forward = 1 to /etc/sysctl.conf)
3. In VMWare make sure that your VM uses the bridge connection to eth0.
4. Configure your VM with one of your remaining 5 additional IPs.
5. The netmask is 255.255.255.248 (If you have been provded with 6 IPs)
6. The gateway is XX.XX.XX.1

Example with actual IPs:

Primary Host IP:
72.55.144.123

Secondary IPs:
72.55.155.169
72.55.155.170
72.55.155.171
72.55.155.172
72.55.155.173
72.55.155.174 

1. Configure the ip 72.55.155.169 as a secondary IP on eth0:0
2. Enable IP forwarding to route VM traffic
3. Make sure that your VM uses the bridge connection to eth0
4. Configure your VM with one of the available IPs (.170, .171, .172, .173 or .174)
4. Use 255.255.255.248 as the Netmask.
5. Use 72.55.155.169 as the gateway.

You'll notice that they already configured my eth0:0 as per their forum post's suggestions (along with the rest of the secondary IPs as well). As I pointed out, the gateway they gave me is for my primary IP, and won't work with the secondary IPs. So I think they want me to configure the first of the secondary IPs as some kind of gateway. So I proceeded to do the forwarding as per their suggestions:

Code: Select all

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

I don't know how to verify that these settings are "working". Just in case, I rebooted the computer to ensure they took hold.

Now let's go through my VM configuration. There's a bunch of screenshots to walk you through what I've done. I hope that by documenting this, somebody might be able to help.

First I configure VirtualBox to use eth0 and bridged networking. I'm selecting "eth0" in VirtualBox configuration when in bridging mode, not the odd "virbr0" that appears in VirtulBox's list (I tried with it in one of my several unsuccessful attempts though, and no dice).



Then it fails DHCP as expected, and I enter a manual IP address (I use the second 'additional' IP address as per the forum post):



Then I enter the netmask provided by my hosting company (255.255.255.248):



Then I enter the gateway as indicated by the forum post, using the IP bound to eth0:0 (174.142.56.249):



Then it asks for DNS. As for the DNS server selection in my debian guest, I wasn't sure what to put in. It came up with a default of the gateway IP address. I checked by /etc/resolv.conf file and found the following values (I assume configured by my hosting company at setup time):

Code: Select all

search privatedns.com
nameserver 209.172.41.200
nameserver 209.172.41.202

In this case, with my host being the "gateway" I believe, I'm not sure if that default applies. I decided to keep it as the first entry, and used the first of the name servers my host uses above. Maybe there's a mistake here.



My first bad sign: the next step is to get the time server time, and this took much longer than "usual" which to me is a sign that networking is not working right.

After this, I partitioned the disks, and waited while it "installed the base system". Then typed in my username and passwords as requested.

The next step is the real problem. I selected a mirror for apt, then waited a long time stuck at 37% ("scanning the mirror").



Then, horrors, I get the red screen of death telling me that apt cannot connect:



I tried another mirror, but the same thing happens. I'm sure something's wrong with the networking.

I have no idea what else to do. Can anybody help? I've done my best to document my situation.

Thanks,

Mal.

[malachii]

Nobody has any ideas?

An alternative - if (like apache) there was a way for me to bind specific ports on specific IPs when configuring NAT, I could use NAT.

Is this possible?

Thanks,

Greg.

[vbox4me2]

I would try a simple bartPE with windows home/knoppix or something alike, then start with simple IP configuration and ping the gateway until it responds fiddling with ip settings to get one working.

[malachii]

I guess I'll have to try that. The basic networking problem is a little beyond me (just a little though). Basically the whole problem can be summed up like this:

1. My hosting company gives me a primary IP, with gateway/netmask info, and that IP works great for everything I need basically.
2. The secondary IPs are in a different range, and I cannot use the gateway provided. This makes bridging not work.
3. Somehow, through the use of packet forwarding (which I think I have done based on the above post), I can setup a gateway with one of the secondary IPs, and use this for the VM.

I cannot seem to get step 3 working to the best of my knowledge. Assume I use a knoppix VM in bridge mode, should I just PING the gateway IP? I'll try that now...

[vbox4me2]

Hmm well if you only have 1 ip set with 1 gateway, bridging is not going to work as such. You can try using a zero ending mask and the same gateway for the other range or as you have discovered use the Host as router.

Personally I would set up 1 Guest as router(or the Host) with the other Guests as NAT clients(even though bridged), much the same way VBox uses NAT, but VBox nat has its limits while a more professional software nat will give you more flexibility which port range and protocol get to which Guest. VBox nat changes requires Guest reboot while this alternative software nat solution allowes instant changes.

[malachii]

Well, the hosting company thinks that the solution should work:

Additional IPs at iWeb are not provided with an additional gateway so customers using VMWare or other virtualization tools might be wondering how they can use the additional IPs to create new Guest OS or Virtual Machines. It can be done by configuring VMWare to bridge connection to eth0.

and I followed their (vmware based ) forum-post instructions:

1. Configure your first additional IP XX.XX.XX.1 as a secondary IP on eth0:0
2. Enable IP forwarding to route VM traffic (IP forwarding can be enabled by adding net.ipv4.ip_forward = 1 to /etc/sysctl.conf)
3. In VMWare make sure that your VM uses the bridge connection to eth0.
4. Configure your VM with one of your remaining 5 additional IPs.
5. The netmask is 255.255.255.248 (If you have been provded with 6 IPs)
6. The gateway is XX.XX.XX.1

Now it didn't exactly work, but I've gotten a little progress. I continued the debian install without APT updating, and played with pinging the gateway IP, and I can ping it. I can also ping the primary IP of the machine. But I cannot ping any other machine than my own.

Does this mean that at least the "bridging" is working if I can boot up the VM on a secondary IP and ping the "gateway" IP?

It seems to me that forwarding/gateway action is not working?

The only thing done for the "gateway ip" is connect it in network/interfaces, and add forwarding as per the above instructions. On my host machine I do:

Code: Select all

root@starbuck:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

It seems to be properly configured to me. I don't know much about gateways. So let me be specific about my network setup. I have 3 IP addresses, one primary, and 2 secondaries. The primary has a gateway, and is eth0. The host works fine with this setup and has dandy internet access. The VM's on the secondaries do not.

primary: 174.142.53.123 ('real' gateway 174.142.53.97)
secondary1: 174.142.56.249 (my 'gateway' for the VMs - the only secondary IP that is bound in the hosts network/interfaces)
secondary2: 174.142.56.250 (not bound in the host, and the IP given to the debian guest).

Any other ideas? Could it be the routing on the host machine preventing things from working right (iptables)? Not even sure what info you would need to help with that...

Thanks!

[malachii]

Well no idea if this is progress, but I was playing around with the debian VM, and configured it's gateway to be the machine's primary IP. I set it's netmask to 255.255.0.0 to allow this. Now I can ping any IP on an external network (I can't tell if those remote machines are getting the ping or not though)

Not sure if it's actually "working" though (typed in):

Code: Select all

debian:# ping 207.99.120.147 (machine on external network)
PING 207.99.120.148 (207.99.120.147) 56(84) bytes of data.
From 174.142.56.249: icmp_seq=1 Redirect Host(New nexthop: 174.142.53.97).
... again, again, again.

But I cannot tracert, wget, or anything else. Just ping. Ideas?

[malachii]

HOT DAMN!

It's working. I had to set IPTABLES on the host machine to default allow. Before it wasn't loading at all, or it was configured wrong with restrictive firewall settings. Now I have to figure out how to keep both (a firewall configured on the host - AND have my 'persona' gateway working as well).

Any tips?

(thanks so far!)

[miki]

hi, sorry to be a bother

I found my issue on the posts, but had to register, and it took a good hour to confirm my entry - I lost the original post and can't find it. Can you help me?

Running ubuntu-Jaunty, just uploaded 2.2 (after I removed 2.1 entire and the added rm command on the terminal).

Everything works great, except I cannot go online - the network card, when I activate it, crashes the program everytime, AND, no matter what I set in settings each time after the crash, it will crash again if I set the card to 'active' in the vm. HELP!

PS: 2.1 was awesome and worked in every cat, what happened?

ME: HP pavilion, AMD Turion64 x2, jaunty and VB for AMD64, 1GB (jaunty works well so far, it has to be VB?)