VirtualBox

Opened 10 years ago

Closed 10 years ago

#13537 closed defect (invalid)

SSH connect from outside to guest failed

Reported by: zoullou Owned by:
Component: network/NAT Version: VirtualBox 4.3.18
Keywords: nat network ssh forwarding Cc:
Guest type: Linux Host type: Windows

Description

Hi,

I have VM's on a 10.0.2.0 NAT network. I can make an SSH connection to guest from host (ssh 127.0.0.1 on port 11010 on putty) with this forwad rule :

VBoxManage natnetwork modify --netname NatNetwork --port-forward-4 "SSH - $VmName:tcp:[]:11010:[10.0.2.10]:22"

But, with putty on the same host, i can't connect to guest when i user my public PC IP (ssh 10.254.220.112 on port 11010 on putty)

When i try to connect with putty, in tcpview, i find an ESTABLISHED connection from host to VBoxNetNAT.exe process (see screenshot) but it seem to don't redirect to VBOX NAT network.

Yours

Attachments (1)

tcpview.jpg (25.1 KB ) - added by zoullou 10 years ago.

Download all attachments as: .zip

Change History (6)

by zoullou, 10 years ago

Attachment: tcpview.jpg added

comment:1 by zoullou, 10 years ago

Test Case

HOST : Windows 7 x64
Guest : CentOS 6.5 x64

Create a NAT Network

VBoxManage natnetwork add --netname NatNetwork --network "10.0.2.0/24" --enable --dhcp off

Create a Linux guest (CentOS in my case). Install system with fixed IP (10.0.2.10 in my case)

VBoxManage createvm --name "$VmName" --register
# System
VBoxManage modifyvm "$VmName" --ostype RedHat_64 --memory 500 --acpi on --ioapic on --boot1 disk --boot2 dvd --boot3 net --boot4 floppy
# Network Card
VBoxManage modifyvm "$VmName" --nic1 natnetwork --nat-network1 NatNetwork --nictype1 82540EM
# Storage
VBoxManage storagectl "$VmName" --name IDE --add ide --controller PIIX4 --bootable on
VBoxManage storagectl "$VmName" --name SATA --add sata --controller IntelAhci --bootable on
VBoxManage createhd --filename "$VIRTUALBOX_DATA_DIR\$VmName\$VmName.vdi" --size 50000
VBoxManage storageattach "$VmName" --storagectl IDE --port 0 --device 0 --type dvddrive --medium "$INSTALL_DIR\binaires\linux\CentOS-6.5-x86_64-bin-DVD1.iso"
VBoxManage storageattach "$VmName" --storagectl IDE --port 0 --device 1 --type dvddrive --medium "$INSTALL_DIR\binaires\linux\CentOS-6.5-x86_64-bin-DVD2.iso"
VBoxManage storageattach "$VmName" --storagectl IDE --port 1 --device 0 --type dvddrive --medium "C:\Program Files\Oracle\VirtualBox\VBoxGuestAdditions.iso"
VBoxManage storageattach "$VmName" --storagectl SATA --port 0 --type hdd --medium "$VIRTUALBOX_DATA_DIR\$VmName\$VmName.vdi"
# Shared Folder
VBoxManage sharedfolder add "$VmName" --name "Install" --hostpath "$INSTALL_DIR" --automount

Add Network NAT Forwarding

# Network NAT Forwarding
VBoxManage natnetwork modify --netname NatNetwork --port-forward-4 "SSH - $VmName:tcp:[]:11010:[10.0.2.10]:22"[[BR]]

SSH Connect to guest (WORK)

IP : 127.0.0.1
Port : 11010

SSH Connect to guest (DON'T WORK)

IP : host public IP
Port : 11010

Last edited 10 years ago by zoullou (previous) (diff)

comment:2 by zoullou, 10 years ago

Hi,

I isolated the problem. When i connect using 127.0.0.1 on port 11010, here is the output from tcpdump on the guest :

14:06:13.629780 IP 10.0.2.2.52782 > 10.0.2.10.ssh: Flags [S], seq 23907, win 32768, options [mss 1460], length 0
14:06:13.629804 IP 10.0.2.10.ssh > 10.0.2.2.52782: Flags [S.], seq 2308307446, ack 23908, win 14600, options [mss 1460], length 0
14:06:13.629998 IP 10.0.2.2.52782 > 10.0.2.10.ssh: Flags ., ack 1, win 32768, length 0

Packet come from VB Nat gateway (10.0.2.2) and guest respond to this adresse who is forwarded to host by VBoxNetNat process

Now, this is the output from tcpdump on the guest when i connect using host public IP :

14:06:28.062319 IP 10.254.220.112.52784 > 10.0.2.10.ssh: Flags [S], seq 26415, win 32768, options [mss 1460], length 0
14:06:30.906948 IP 10.254.220.112.52784 > 10.0.2.10.ssh: Flags [S], seq 26415, win 32768, options [mss 1460], length 0

Why packet come from host public IP on the Vbox NAT Network (10.254.220.112) ?

Yours

comment:3 by zoullou, 10 years ago

Hi,

I found a workaround, i add a default route on guest to use 10.0.2.2 as gateway. With this default gateway, guest respond to SYN throught gateway.

Is it standard behavior

Yours

in reply to:  2 comment:4 by Valery Ushakov, 10 years ago

Replying to zoullou:

Why packet come from host public IP on the Vbox NAT Network (10.254.220.112) ?

Because that is the source address of the connection.

I found a workaround, i add a default route on guest to use 10.0.2.2 as gateway. With this default gateway, guest respond to SYN throught gateway.

If you use static/manual IP configuration in the guest with NAT Network you should set default route to 10.0.2.1 (assuming you want the guest to have external connectivity). This is not a workaround - this is normal setup. If you'd used DHCP it would configure your guest to use it.

10.0.2.2 will also work, but 10.0.2.1 is the canonical address of the NAT Network proxy.

comment:5 by Valery Ushakov, 10 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use