Routing via bridged interface? (solved)

[noteirak]

Do you have a route to 172.26.x.x from VM02?

Yes, via 172.26.1.141...

Not via 192.168.2.1?

[H.Z.]

Do you have a route to 172.26.x.x from VM02?

Yes, via 172.26.1.141...

Not via 192.168.2.1?

Not... Why?

The router can communicate with 172.26.1.141. It can't talk to it's inner interface...
Schematically:

router (172.26.1.1) ---- physical connection (wifi) ---- (172.26.1.141) vm1 (192.168.2.1) <--- this NIC is defined as an internal network card.

[noteirak]

my question is about the routes on the VM02 VM, not on your router or any other VM.
But I will re-iterate what I said earlier and will leave it at that, personally - You have some configuration issue, not a Virtualbox issue and this forum is for Virtualbox issues, not for general networking and configuration issue. You would be better helped seeking local support about this.

Maybe BillG can help you better.

[H.Z.]

my question is about the routes on the VM02 VM, not on your router or any other VM.
But I will re-iterate what I said earlier and will leave it at that, personally - You have some configuration issue, not a Virtualbox issue and this forum is for Virtualbox issues, not for general networking and configuration issue. You would be better helped seeking local support about this.

Maybe BillG can help you better.

Sorry, I'm not a native English... (it was an understatement ) and... the time is 03:30AM at here...
In vm2 the default router is the vm1's internal NIC: 192.168.2.1.

So... I have a virtual network which works inside itself. It works from outer networks if the host is a linux box.
And sometimes works sometimes not, if I put it on a windows host.

Originally I thought it can be a bug in Virtualbox driver which run on host.
But now I can get working a vmware player and tried the same thing.
It looks like if it was a windows problem, because with vmware the routing (doesn't) works as with Virtualbox.

[BillG]

How have you configured the routing in the vm? If you have configured it as a NAT router (which is the easiest) you do not need any additional routes. The vms will be able to contact the physical router and the Internet, but you will not be able to ping the machines on your private LAN from the physical LAN or the host OS (because you are on the public side of the NAT).

If you have not configured NAT but simple LAN routing, you will need extra routing, but this extra routing will need to be on your physical Internet router. It will need a route to tell it that the 192.168.x.y subnet can be reached via the internal router. eg

192.168.2.0 255.255.255.0 172.26.1.141

I agree with noteirak that this sounds like a network configuration question rather than a VIrtualBox question. (The only VirtualBox consideration is that you set up the bridged and internal networks correctly). I also agree that ping is almost useless to test network connectivity these days because of built-in personal firewalls.

[BillG]

I see, on re-reading your original post, that you are running Tomato. I presume that this is running on your Internet router. What about the vm router? Do you have some sort of router software running in the vm, or have you simply enabled IP routing? (If neither, it could explain your problems!)

Tomato is a alternative software for hardware routers, so I can't see any application for it in a vm.

[H.Z.]

I see, on re-reading your original post, that you are running Tomato. I presume that this is running on your Internet router. What about the vm router? Do you have some sort of router software running in the vm, or have you simply enabled IP routing? (If neither, it could explain your problems!)

I run Tomato on an Asus RT-N16 hardware. I refer to it as "router". The previously quoted routing table was copied here from Tomato.

And I have a virtual machine, referred as "vm1" - it would be the router between the real LAN, and the virtualized subnet. One of it's interface in bridged mode, for communicating with the real LAN, and the other which type has (was?) set to "internal network" for communicating with virtualized network. The only setting on vm1 to enable routing was: "echo 1 >/proc/sys/net/ipv4/ip_forward" (actually edited /etc/sysctl.conf to make it permanent)

[BillG]

OK. That means that you only have IP forwarding (also called LAN routing) on your vm router. To get the vms behind your vm router to have access to the Internet you will need a static route on the physical router to direct traffic for 192.168.2.0 to the vm router (as mentioned above). The vm can only forward traffic to this network if the packets actually reach it. Without a static route to direct them, they will be lost. The physical router has no way of knowing where this network is unless you tell it!

The packets can get from the internal network to the physical router by default routing, but they need help to go the other way. The default route of the physical router is out to the Internet.

[H.Z.]

OK. That means that you only have IP forwarding (also called LAN routing) on your vm router. To get the vms behind your vm router to have access to the Internet you will need a static route on the physical router to direct traffic for 192.168.2.0 to the vm router (as mentioned above). The vm can only forward traffic to this network if the packets actually reach it. Without a static route to direct them, they will be lost. The physical router has no way of knowing where this network is unless you tell it!

The packets can get from the internal network to the physical router by default routing, but they need help to go the other way. The default route of the physical router is out to the Internet.

Try to se again the routing table (I've copied here, above!)

root@router:/tmp/home/root# route
Kernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface
x.x.x.x         *               255.255.255.255 UH    0      0        0 ppp0
192.168.2.0     172.26.1.141    255.255.255.0   UG    0      0        0 br0
172.26.0.0      *               255.255.0.0     U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         xxxxxxxxxxxxxxx 0.0.0.0         UG    0      0        0 ppp0

At that time vm1's IP was 172.26.1.141 on bridged, and 192.168.2.1 on internal interface.
And again: if I run this setup on a linux host, then it works without any problems!

[noteirak]

And yes, I've tried ssh, telnet to opened ports, but nothing...

If your SSH daemon is running and listening on the port in your guest, but you cannot connect to it from the bridged interface itself, then there is definitly something blocking it.

I think before going any further in this discussion, you should look into this : why is it that even tho you have ssh server running, you cannot access them from another machine?
Clearly something is in the way, try at each step, find out what is going on exactly.
If it is running on a linux host, but not on a windows host, try to see what is the difference in between them.

[H.Z.]

you cannot access them from another machine?

I can access it from any virtual machines on the same internal network, but I can't from LAN (=those machines and vms which would be routed via vm1's bridged interface)

I've tried to find differences, but I found nothing except: the linux uses ethernet while windows uses wifi...
Hm. I'll try it...

[H.Z.]

If it is running on a linux host, but not on a windows host, try to see what is the difference in between them.

Thanks, I found the only real difference: linux uses ethernet adapter while windows uses wifi.
Some minutes ago I've plugged my notebook to router via ethernet and... voilà!
Everything work!

So I think, I will start a new topic: differences in usage between ethernet and wifi adapters if I use bridged mode... (With hostonly interfaces, routing works correctly)

[Martin]

Promiscous mode which is needed for "real" bridging isn't defined for Wifi adaptors.
Some cards supports it better than ofhers and VBox implements some tricks which sometimes aren't enough.

[H.Z.]

Promiscous mode which is needed for "real" bridging isn't defined for Wifi adaptors.
Some cards supports it better than ofhers and VBox implements some tricks which sometimes aren't enough.

The interesting thing, that the vm can see all arriving packets on eth0 in promiscuous mode.
For example: with 'tcpdump icmp' shows all packets addressed to 192.168.2.x subnet, but 'tcpdump -p icmp' not.

But it should be the solution...

[BillG]

If it is running on a linux host, but not on a windows host, try to see what is the difference in between them.

Thanks, I found the only real difference: linux uses ethernet adapter while windows uses wifi.
Some minutes ago I've plugged my notebook to router via ethernet and... voilà!
Everything work!

So I think, I will start a new topic: differences in usage between ethernet and wifi adapters if I use bridged mode... (With hostonly interfaces, routing works correctly)

Starting a new thread would be a good idea, since this discussion has little or nothing to do with your original post.

If you have only just discovered that the vm emulates a wired Ethernet NIC, you have a fair way to go in understanding how this all works!