Allow All and Allow VMs MAC filtering does not work
Posted: 16. Aug 2016, 22:42
I am running two Ubuntu Linux Guests on a Windows 7 Host.
I've set up Internal Networking between them. This all works fine if I let VirtualBox pick and use the MACs on the virtual interfaces.
But in my case my Linux Guests set the Hardware MAC address on the virtual interfaces.
The first Linux Guest (call it A) has the NIC configured as follows:
NIC 2: MAC: 080027823BE6, Attachment: Internal Network 'intnet1', Cable connected: on, Trace: on (file: foobar.pcap
), Type: virtio, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: allow-all, Bandwidth group: none
The second Linux Guest (call it B) has the NIC configured as follows:
NIC 2: MAC: 0800278B0F78, Attachment: Internal Network 'intnet1', Cable connected: on, Trace: on (
p), Type: virtio, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: allow-all, Bandwidth group: none
In other words I'm using "virtio" and I've configured the promiscuous policy to "Allow All". (Allow VMs doesn't work either).
I set up IP addresses in this interface (it's called "eth1" in each of the Linux systems). As I said for reasons that I don't have to go into here the Linux system wants to set its own MAC on the interface. So for purposes of this discussion call it MACA on system A and MACB on system B. That's why I'm having to use "Allow All" as the promiscuous policy.
If I now ping from system A to system B here is what happens.
System A sends a Broadcast ARP to resolve the MAC address for B. This packet is received by system B and of course a UNICAST reply is sent back with the resolution for MAC B.
System B then sends a unicast ARP packet (source MACB dest MACA) asking for the resolution of systemA's MAC.
The pcap trace file I've put on System B's NIC (foobar2.pcap) shows all of these packets. But the pcap trace file on system A (foobar.pcap) only shows the original ARP broadcast packet from system A to system B. It does NOT show either of the Unicast replies. So of course they don't make it into the System A Libux system and hence the ping doesn't work.
This is the behavior I'd expect had I not set promiscuous mode on the virtual NICs inside VirtualBox. But I have set promiscuous mode and I cannot understand why it is not working.
Please could someone explain what is happening to my Unicast packets. What exactly is filtering them and why? How do I fix it?
I've spent ages googling for a similar problem but my searches have come up dry, hence this post.
Thanks,
Dave
I've set up Internal Networking between them. This all works fine if I let VirtualBox pick and use the MACs on the virtual interfaces.
But in my case my Linux Guests set the Hardware MAC address on the virtual interfaces.
The first Linux Guest (call it A) has the NIC configured as follows:
NIC 2: MAC: 080027823BE6, Attachment: Internal Network 'intnet1', Cable connected: on, Trace: on (file: foobar.pcap
), Type: virtio, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: allow-all, Bandwidth group: none
The second Linux Guest (call it B) has the NIC configured as follows:
NIC 2: MAC: 0800278B0F78, Attachment: Internal Network 'intnet1', Cable connected: on, Trace: on (
p), Type: virtio, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: allow-all, Bandwidth group: none
In other words I'm using "virtio" and I've configured the promiscuous policy to "Allow All". (Allow VMs doesn't work either).
I set up IP addresses in this interface (it's called "eth1" in each of the Linux systems). As I said for reasons that I don't have to go into here the Linux system wants to set its own MAC on the interface. So for purposes of this discussion call it MACA on system A and MACB on system B. That's why I'm having to use "Allow All" as the promiscuous policy.
If I now ping from system A to system B here is what happens.
System A sends a Broadcast ARP to resolve the MAC address for B. This packet is received by system B and of course a UNICAST reply is sent back with the resolution for MAC B.
System B then sends a unicast ARP packet (source MACB dest MACA) asking for the resolution of systemA's MAC.
The pcap trace file I've put on System B's NIC (foobar2.pcap) shows all of these packets. But the pcap trace file on system A (foobar.pcap) only shows the original ARP broadcast packet from system A to system B. It does NOT show either of the Unicast replies. So of course they don't make it into the System A Libux system and hence the ping doesn't work.
This is the behavior I'd expect had I not set promiscuous mode on the virtual NICs inside VirtualBox. But I have set promiscuous mode and I cannot understand why it is not working.
Please could someone explain what is happening to my Unicast packets. What exactly is filtering them and why? How do I fix it?
I've spent ages googling for a similar problem but my searches have come up dry, hence this post.
Thanks,
Dave