[SOLVED] Cannot Access VM Outside of LAN

[MadDawg010]

Hello, I am trying to access a Debian 7 virtual server from outside of my LAN, but all attempts to connect fail, yet the VM can access the Internet and all devices on the LAN, and all devices on the LAN can access the VM. I have the virtual NIC set to bridged, and I have all the relevant ports forwarded on the router. I am running Vbox 4.2.18 with a Windows 7 Ultimate 64-bit SP1 host.

Here are the contents of the /etc/network/interfaces file:

Code: Select all

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.21
netmask 255.255.255.0
gateway 192.168.1.254
dns-nameservers 208.67.222.222 208.67.220.220

Here is the output of netstat -nr:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

Any suggestions?

[noteirak]

Did you disable the firewall on the host and the guest?

What is the output of this in the guest:

Code: Select all

sudo iptables -L -n -v

[MadDawg010]

I have tried disabling the firewall on the host but not on the guest. After 7 minutes of uptime, I get this output from iptables:

Code: Select all

Chain INPUT (policy ACCEPT 4657 packets, 4858K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3686 packets, 432K bytes)
 pkts bytes target     prot opt in     out     source               destination 

[noteirak]

Before we go further, I have this question :
If the VM can access Internet and all your LAN, and your LAN can access your VM, but you cannot from Internet, what makes you think the problem comes from Virtualbox and not your router?

[MadDawg010]

Well, I can also access all of my physical machines outside the LAN; it's just the Vbox VMs I can't reach. I have tried switching from bridged to NAT and just forwarding the ports to the host (I made sure to forward them on Vbox GUI as well), but I run into the same problem. Still, it may very well be the case that the router does not like Vbox for whatever reason, but I just want to be sure I eliminate any possibility that I may have missed something before I go out and buy more network equipment (not that I have a problem with tossing this 2Wire box).

[noteirak]

From your symptoms, I only see these culprits :
1. Your network equipement - make sure you shutdown EVERY device once at the same time, then restart everything
2. Your router is not happy with two MACs on the same port (some security trigger)
3. Your host has a firewall still active - or an antivirus
4. Your guest has a firewall/antivirus active
5. Your guest is missing a default route

Virtualbox is only emulating hardware. If it was failing, all the traffic wuold fail, not just the one coming from outside. For me, it's a configuration issue.
You could also do some packet sniffing and see where your traffic is going.

[MadDawg010]

Alright, it looks like I can connect to the VM as long as the connection originates from outside the LAN (as opposed to being on the inside and trying to use the router's public IP). I'm not sure if this is normal behavior, so I'll have to look into it.

I found this out when I forwarded port 22 to a physical Debian server with a similar configuration (which I conveniently had set up) and tried to SSH into it from inside the LAN, but using the router's public IP address. I was surprised when it failed, so out of curiosity, I used http://www.serfish.com/console/ to connect to it, and I was able to get in, again to my surprise. After forwarding the port back to the VM, I repeated the process and got the same result. Interestingly enough, when I tried the serFISH site three days ago, it did not work, despite the fact I had the same configuration. I think the problem then was that I only had TCP port 22 instead of having both TCP and UDP port 22 forwarded. Once I enabled both protocols, I was able to get in.

Thanks for the help, by the way.

[noteirak]

Alright, it looks like I can connect to the VM as long as the connection originates from outside the LAN (as opposed to being on the inside and trying to use the router's public IP). I'm not sure if this is normal behavior

This only a matter of configuration, both are possible. But in case of a normal router, this is definitly the intended and expected behaviour!

Glad you managed to make it work, thank you for posting back your findings.