virtualbox.org

Hello everyone,

I have a fresh install CentOS 8 using the "Server with GUI" option. I installed Virtualbox 6.1 and have setup my first VM, also running CentOS 8, but I can't figure out what is going on with network connectivity.

I've tried searching and attempting various different things and am starting to go crazy. Hoping someone may be able to help.

Little bit of information:
-I have 5 available public IP addresses, lets say they are:
216.218.220.196
216.218.222.9
216.218.222.10
216.218.222.11
216.218.222.12

The .220.196 address is in use on the host server, and the other .222.# addresses are not currently assigned to anything.

I'm trying to assign the .222.9 and .222.10 addresses to the VM. I've done something like this in the past, but it was years ago and I can't figure out how to do it now. Also, the IPs back then were the same first 3 set of numbers rather than a different 3rd set for 4 of them like I have now. If that makes sense... not sure if it makes a difference. I also couldn't figure out if I need to assign the two addresses to the NIC on the host server, or what?

I searched the forums here and it kind of looks like I need to set the adapter to bridged in the VM, per the "Virtual Box Networks: In Pictures" post in these forums? I attempted that and it didn't work.

If I set the adapter to NAT it gains internet access, but it's a private IP address and I can't access the VM from anything else. I need the VM to be pingable/accessible from anywhere.

I'm somewhat of a Linux newbie, so I apologize for my lack of knowledge.


Thanks in advance for any help. I'm going to continue trying to figure it out and will edit or reply if I solve it.

I don't have any experience with multiple public IP addresses coming into one place, so I am assuming that you have a network router, fancier than a typical house router, that can accept multiple public IPs and in some way transfer traffic on these IPs out to the LAN.

A quick bit of googling leads me to think that "1 to 1 NAT" is what your router needs to do.

It seems to me that you would end up using Bridged, so your guest can appear as another PC on the LAN.

Exactly how does your router send the traffic out? Does it provide separate physical Ethernet ports for each IP? Does it connects one public IP to one private LAN IP internally and put all the traffic out on one Ethernet port all in the same private IP range? Does it use VLANs?

I think how the router sends out the traffic will determine what you need to do to set certain public IP traffic to the guest.

It's a dedicated server with a hosting provider in a separate state from me. They assigned 1 external IP address to my server, and then added 4 additional at my request for me to setup on my own.

I can utilize the additional addresses easily on the host server if I assign them to the NIC (there's only 1 connected NIC btw).

I can't seem to get bridged to work period, though. Ignoring the additional addresses for now - I set the network for the VM as "Bridged Adapter" and set the name to the NIC with the address on the host machine. When I start the VM and try to ping something I get "connect: Network is unreachable". IP A returns nothing for the adapter in the VM (enp0s3).

If I change the network from bridged to "NAT", it takes the link down and back up in the VM and I can access the internet... but it has a private IP of 10.0.2.15 and can't be accessed externally. Switching back to bridged adapter results in no connectivity again.

I suspect this could be the problem with Bridged, if I am imagining your network setup correctly:

Surreall wrote:They assigned 1 external IP address to my server

If the internet comes directly into your Virtualbox host PC not through a router, and the PC only ever gets this one public IP, and is not behind a router that sets up a private LAN, with private IP addresses like 192.168.#.# or such, then there are no extra IP addresses for the Bridged guest adapter to connect to, which seems to be confirmed by this:

Surreall wrote:IP A returns nothing for the adapter in the VM (enp0s3)

When you assign the extra IP addresses to the physical NIC in the server, traffic on those IPs is picked up, right? What happens if you don't assign an extra IP address to the physical NIC, but assign it to the VM's NIC inside the VM OS, and Bridge the adapter?

scottgus1 wrote:When you assign the extra IP addresses to the physical NIC in the server, traffic on those IPs is picked up, right? What happens if you don't assign an extra IP address to the physical NIC, but assign it to the VM's NIC inside the VM OS, and Bridge the adapter?

Yes, if I add one or more of the extra IPs to the host they immediately become pingable and I can use them to remotely access the server.

I haven't had the extras assigned to the physical NIC and was attempting to assign to the VM NIC from within the VM OS with no luck. Assuming I'm doing that part right.

I'm setting the IP to 216.218.222.9 and gateway to 216.218.222.1 (note - these aren't the actual addresses, just similar for example). VM network in Virtualbox is set to "Bridged Adapter".


Edit: I also tried assigning the extra IPs to the host NIC and that didn't make any difference in the VM.

So tried something else, not sure if this is bad or not... but it *seems* to be working.

I cloned the MAC address of the host's NIC for the VM NIC. Left it set to bridged adapter, started the VM and assigned a static IP to one of the extras.

I can now access the VM from other locations, such as my local PC. I can SSH into it as well with no issues.

I assume everything will work fine with it set like this? No issues if the VM NIC has the same MAC as the host NIC... right?

All I've ever heard is that MAC addresses have to be unique inside a LAN, but I'm not sure.

I'm not too skilled in Linux myself, Google is my friend when I do something (anything!!) in Linux.

I think this one is getting beyond me and I'd hate to waste your time with my guesses.

The direct-to-internet connection might not allow Bridged to work, or there might be an issue with the Virtualbox Bridged drivers on your host computer. Troubleshooting this on a Linux host is also beyond me, but here's a suggestion, based on a test I just did:

1. disconnect the internet cable from your host PC
2. connect something else, anything: a laptop, an unmanaged switch that's not connected to anything, a Raspberry Pi, just to get the network link up, even if there is no connectivity on it. (I discovered that if the physical NIC link is down, Bridged will not work. But get the link up and Bridged will work.)
3. Set the host NIC to a fixed private IP address like 192.168.0.10, netmask 255.255.255.0, gateway 192.168.0.1.
4. Set the guest NIC to a fixed private IP address like 192.168.0.11, netmask 255.255.255.0, gateway 192.168.0.1.
5. Turn off the firewalls on host and guest.
6. Try to ping between host and guest.

Assuming everything is set up correctly, if you can ping, then Bridged is working. No Ping means Bridged is not working correctly on your host PC.

I can't do anything physically with the host since it's in a data center in another state, which I don't have access to anyways.

I'm thinking my hosting provider may have something set that only allows a certain MAC address to bind with an IP address, so that must be why it didn't work until I cloned the MAC on the VM.

Everything seems to be working fine so far, so I'm going to roll with it and hope nothing happens. It's all learning stuff for me, so no catastrophes if something breaks.

I really appreciate your help, thank you!

Surreall wrote:I can't do anything physically with the host since it's in a data center in another state

Ah! Light bulb!

Surreall wrote:only allows a certain MAC address to bind with an IP address

This is a very distinct possibility! I remember now a forum poster that couldn't get a Bridged guest to work because the college they were attending had a one-PC-only-per-Ethernet-port policy on the switches.

Here is another possibility: Set up a pfSense guest, bridged directly to the host NIC, and copying the host's MAC address if necessary. Set all IP addresses on the Virtualbox NIC in pfSense's WAN side (I think). Use pfSense's 1-to-1-NAT setup to translate the public IP addresses to private IP addresses, then use a no-DHCP Host-Only to send the host's traffic to the host, and Internal networks to send other IP traffic to the guests. Set the pfSense guest to start automatically.

Or talk to the provider and see if they can relax that restriction for you.

scottgus1 wrote: Here is another possibility: Set up a pfSense guest, bridged directly to the host NIC, and copying the host's MAC address if necessary. Set all IP addresses on the Virtualbox NIC in pfSense's WAN side (I think). Use pfSense's 1-to-1-NAT setup to translate the public IP addresses to private IP addresses, then use a no-DHCP Host-Only to send the host's traffic to the host, and Internal networks to send other IP traffic to the guests. Set the pfSense guest to start automatically.

I'll check into this, thanks! Will mark the original post as solved since it at least seems to be working now.

Using the same Ethernet MAC address works in your case, because VirtualBox uses a network filter driver that intercepts and injects network packets very close to the host's network interface. So for any network participant outside your host, it just looks like the host has only one network interface with multiple IP addresses.

A few years ago, there has been a similar discussion on these forums, and I learnt that a German hosting company named Hetzner also provides additional IP addresses. On the Hetzner websites, you could find several documents containing detailed descriptions for complex usage scenarios.