NAT Network Not Containing Traffic?

[BoiledFrog]

I am trying to use a private NAT Network to configure VMs using DHCP. The DHCP on this private network is another VirtualBox VM running Debian.

I am using a private network to prevent interactions with my regular network's DHCP server but it doesn't seem to be working. After the client does a DHCP Request it receives OFFERs from both the VM-based DHCP server (which I want) and the real DHCP server (which I don't). Am I misunderstanding something or is there something wrong. I've attached the packet capture of the interaction.

[BillG]

A DHCP request will not be seen in any other network unless there is a router which is configured to forward them.

How have you configured this NAT network?

[BoiledFrog]

I guess I wasn't clear enough. This is a virtual NAT network setup inside VirtualBox not a real NAT network. It has the default settings:

Name: NatNetwork
CIDR: 10.0.2.0/24
Supports DHCP: Yes
Supports IPv6: No
Port Forwarding: No

I tried disabling DHCP on NatNetwork but it had no affect. Have I found a bug or am I simply misunderstanding how VirtualBox NAT networks work?

[socratis]

Moving to "Using VirtualBox" from "OSX Hosts". Maybe it will attract more eyes...

[Perryg]

VBox NAT Network will use its own DHCP server if you enable it and if you have another DHCP server on the same NAT Network it will also receive a broadcast from it as well. Does the guest need Internet access for your needs? If not then try the Internal network. If this works and you would also like the Internet then you would add another guest for routing like pFsense withthe WAN side pointing to NAT or bridged and the LAN side pointing to the NAT Network.

[BillG]

Yes, I was aware that this was a virtual network. The point I made was that, it the network is also receiving offers from the DHCP server on the physical network, there must be a connection somewhere which allows these requests and offers to pass from one network to the other.

Your situation is pretty unusual. Normally this traffic will not pass from one network to another simply because there is a connection. There has to be some device which is capable of doing that, such as a router with this feature enabled. If you search DHCP pass-through you will see lots of questions about how to enable it, not how to prevent it.

How exactly have you configured the networking? Do the vms have any other NICs enabled? Do you have anything using bridged mode?

I cannot reproduce your problem. I am running VirtualBox 5.1.22 on Windows 10 Pro ver 1703. The host adapter is connected to my ASDL router and gets its config from DHCP on that router. The vms are in a natnetwork and get their config from DHCP of the natnetwork. They work as expected. They have Internet access and access to each other.

[BoiledFrog]

I am running on a iMac host with a wired network. It is wired directly into my cable modem and this is where the second OFFER is coming from. The modem is a Hitron CGNM-2250. It has an IP Passthrough feature but it's disabled. I am assuming this is different than DHCP Passthrough. The iMac also has a WiFi network but it is disabled. This is the results of ifconfig on the iMac:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
	ether 38:c9:86:22:2f:0f 
	inet6 fe80::e4a8e7:9669%en0 prefixlen 64 secured scopeid 0x4 
	inet 192.168.0.11 netmask 0xffffff00 broadcast 192.168.0.255
	inet6 fd00:6477:7da6:9da2:12:bba6:cfd4:1a6c prefixlen 64 autoconf secured 
	inet6 fd00:6477:7da6:9da2:81e7:af72:80f1:f816 prefixlen 64 deprecated autoconf temporary 
	inet6 fd00:6477:7da6:9da2:8490:78b0:8e54:156f prefixlen 64 deprecated autoconf temporary 
	inet6 fd00:6477:7da6:9da21cbd:d396:a0d3 prefixlen 64 autoconf temporary 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex,flow-control>)
	status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
	ether 28:f0:76:27:97:b6 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (<unknown type>)
	status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 1a:00:00:eb:15:10 
	media: autoselect <full-duplex>
	status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 1a:00:00:eb:15:11 
	media: autoselect <full-duplex>
	status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 1a:00:00:eb:15:10 
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x2
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 6 priority 0 path cost 0
	member: en3 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 7 priority 0 path cost 0
	nd6 options=201<PERFORMNUD,DAD>
	media: <unknown type>
	status: inactive
p2p0: flags=8803<UP,BROADCAST,SIMPLEX,MULTICAST> mtu 2304
	ether 0a:f0:76:27:97:b6 
	media: autoselect
	status: inactive
awdl0: flags=8903<UP,BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
	ether 32:f5:12:ba:35:b9 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
	inet6 fe80::7c09:f372:9103:c8%utun0 prefixlen 64 scopeid 0xb 
	nd6 options=201<PERFORMNUD,DAD>

I have two VMs on the virtual NAT. One is running dnsmasq including DHCP and PXE. The other is a VM I am trying to install from the PXE server. It seems very similar to your setup except I wish the behaviour was more similar to yours.

I have attached the vminfo from the two VMs on this network. Maybe it will be useful.

I don't really understand how it gets to the real network. I would expect the Virtual NAT to block it before it gets to real hardware.

[BillG]

IP pass-through is effectively a bridge and connects your host directly to the Internet. Are you sure that you have effectively disabled it?

https://community.shaw.ca/docs/DOC-5122

*Added 28th June. You are not using IP pass-through, Your host has a private (192.168.0.x) address, not a public one.



dnsmasq is also capable of doing DHCP relay. Are you sure that is not where your problem is?

There is also this ticket about just the sort of thing you have.

https://dev.openwrt.org/ticket/6819

[BoiledFrog]

I've done a bit more analysis and the second DHCP OFFER is not coming from the cable modem. I was confused by the hitron.home domain name in the packet.

The first OFFER is coming from my dnsmasq server. I intended to set this up as the DHCP server on the network and to serve installation images on this segregated network. I don't think I need to set it up this way but that's how it's currently configured.

The second OFFER is coming from MAC address 08:00:27:20:a6:17. I don't know where that's coming from. It doesn't match any of my VMs, the iMac host (or any other Apple hardware on my network). It looks suspiciously like a VirtualBox MAC but I don't know where it's coming from.

I've attached a pcap of my latest findings.