
Opened 10 years ago

Closed 10 years ago

#13537 closed defect (invalid)

SSH connect from outside to guest failed

Reported by: zoullou Owned by:
Component: network/NAT Version: VirtualBox 4.3.18
Keywords: nat network ssh forwarding Cc:
Guest type: Linux Host type: Windows



I have VM's on a NAT network. I can make an SSH connection to guest from host (ssh on port 11010 on putty) with this forwad rule :

VBoxManage natnetwork modify --netname NatNetwork --port-forward-4 "SSH - $VmName:tcp:[]:11010:[]:22"

But, with putty on the same host, i can't connect to guest when i user my public PC IP (ssh on port 11010 on putty)

When i try to connect with putty, in tcpview, i find an ESTABLISHED connection from host to VBoxNetNAT.exe process (see screenshot) but it seem to don't redirect to VBOX NAT network.


Attachments (1)

tcpview.jpg (25.1 KB ) - added by zoullou 10 years ago.

Download all attachments as: .zip

Change History (6)

by zoullou, 10 years ago

Attachment: tcpview.jpg added

comment:1 by zoullou, 10 years ago

Test Case :

HOST : Windows 7 x64 Guest : CentOS 6.5 x64

  • Create a NAT Network

VBoxManage natnetwork add --netname NatNetwork --network "" --enable --dhcp off

  • Create a Linux guest (CentOS in my case). Install system with fixed IP ( in my case)

VBoxManage createvm --name "$VmName" --register # System VBoxManage modifyvm "$VmName" --ostype RedHat_64 --memory 500 --acpi on --ioapic on --boot1 disk --boot2 dvd --boot3 net --boot4 floppy # Network Card VBoxManage modifyvm "$VmName" --nic1 natnetwork --nat-network1 NatNetwork --nictype1 82540EM # Storage VBoxManage storagectl "$VmName" --name IDE --add ide --controller PIIX4 --bootable on VBoxManage storagectl "$VmName" --name SATA --add sata --controller IntelAhci --bootable on VBoxManage createhd --filename "$VIRTUALBOX_DATA_DIR
$VmName.vdi" --size 50000 VBoxManage storageattach "$VmName" --storagectl IDE --port 0 --device 0 --type dvddrive --medium "$INSTALL_DIR\binaires\linux\CentOS-6.5-x86_64-bin-DVD1.iso" VBoxManage storageattach "$VmName" --storagectl IDE --port 0 --device 1 --type dvddrive --medium "$INSTALL_DIR\binaires\linux\CentOS-6.5-x86_64-bin-DVD2.iso" VBoxManage storageattach "$VmName" --storagectl IDE --port 1 --device 0 --type dvddrive --medium "C:\Program Files\Oracle\VirtualBox\VBoxGuestAdditions.iso" VBoxManage storageattach "$VmName" --storagectl SATA --port 0 --type hdd --medium "$VIRTUALBOX_DATA_DIR
$VmName.vdi" # Shared Folder VBoxManage sharedfolder add "$VmName" --name "Install" --hostpath "$INSTALL_DIR" --automount

  • Add Network NAT Forwarding

# Network NAT Forwarding VBoxManage natnetwork modify --netname NatNetwork --port-forward-4 "SSH - $VmName:tcp:[]:11010:[]:22"

  • SSH Connect to guest (WORK)

IP : Port : 11010

  • SSH Connect to guest (WORK)

IP : host public IP Port : 11010

Version 0, edited 10 years ago by zoullou (next)

comment:2 by zoullou, 10 years ago


I isolated the problem. When i connect using on port 11010, here is the output from tcpdump on the guest :

14:06:13.629780 IP > Flags [S], seq 23907, win 32768, options [mss 1460], length 0
14:06:13.629804 IP > Flags [S.], seq 2308307446, ack 23908, win 14600, options [mss 1460], length 0
14:06:13.629998 IP > Flags ., ack 1, win 32768, length 0

Packet come from VB Nat gateway ( and guest respond to this adresse who is forwarded to host by VBoxNetNat process

Now, this is the output from tcpdump on the guest when i connect using host public IP :

14:06:28.062319 IP > Flags [S], seq 26415, win 32768, options [mss 1460], length 0
14:06:30.906948 IP > Flags [S], seq 26415, win 32768, options [mss 1460], length 0

Why packet come from host public IP on the Vbox NAT Network ( ?


comment:3 by zoullou, 10 years ago


I found a workaround, i add a default route on guest to use as gateway. With this default gateway, guest respond to SYN throught gateway.

Is it standard behavior


in reply to:  2 comment:4 by Valery Ushakov, 10 years ago

Replying to zoullou:

Why packet come from host public IP on the Vbox NAT Network ( ?

Because that is the source address of the connection.

I found a workaround, i add a default route on guest to use as gateway. With this default gateway, guest respond to SYN throught gateway.

If you use static/manual IP configuration in the guest with NAT Network you should set default route to (assuming you want the guest to have external connectivity). This is not a workaround - this is normal setup. If you'd used DHCP it would configure your guest to use it. will also work, but is the canonical address of the NAT Network proxy.

comment:5 by Valery Ushakov, 10 years ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use