Opened 10 years ago
Closed 10 years ago
#13537 closed defect (invalid)
SSH connect from outside to guest failed
Reported by: | zoullou | Owned by: | |
---|---|---|---|
Component: | network/NAT | Version: | VirtualBox 4.3.18 |
Keywords: | nat network ssh forwarding | Cc: | |
Guest type: | Linux | Host type: | Windows |
Description
Hi,
I have VM's on a 10.0.2.0 NAT network. I can make an SSH connection to guest from host (ssh 127.0.0.1 on port 11010 on putty) with this forwad rule :
VBoxManage natnetwork modify --netname NatNetwork --port-forward-4 "SSH - $VmName:tcp:[]:11010:[10.0.2.10]:22"
But, with putty on the same host, i can't connect to guest when i user my public PC IP (ssh 10.254.220.112 on port 11010 on putty)
When i try to connect with putty, in tcpview, i find an ESTABLISHED connection from host to VBoxNetNAT.exe process (see screenshot) but it seem to don't redirect to VBOX NAT network.
Yours
Attachments (1)
Change History (6)
by , 10 years ago
Attachment: | tcpview.jpg added |
---|
follow-up: 4 comment:2 by , 10 years ago
Hi,
I isolated the problem. When i connect using 127.0.0.1 on port 11010, here is the output from tcpdump on the guest :
14:06:13.629780 IP 10.0.2.2.52782 > 10.0.2.10.ssh: Flags [S], seq 23907, win 32768, options [mss 1460], length 0
14:06:13.629804 IP 10.0.2.10.ssh > 10.0.2.2.52782: Flags [S.], seq 2308307446, ack 23908, win 14600, options [mss 1460], length 0
14:06:13.629998 IP 10.0.2.2.52782 > 10.0.2.10.ssh: Flags ., ack 1, win 32768, length 0
Packet come from VB Nat gateway (10.0.2.2) and guest respond to this adresse who is forwarded to host by VBoxNetNat process
Now, this is the output from tcpdump on the guest when i connect using host public IP :
14:06:28.062319 IP 10.254.220.112.52784 > 10.0.2.10.ssh: Flags [S], seq 26415, win 32768, options [mss 1460], length 0
14:06:30.906948 IP 10.254.220.112.52784 > 10.0.2.10.ssh: Flags [S], seq 26415, win 32768, options [mss 1460], length 0
Why packet come from host public IP on the Vbox NAT Network (10.254.220.112) ?
Yours
comment:3 by , 10 years ago
Hi,
I found a workaround, i add a default route on guest to use 10.0.2.2 as gateway. With this default gateway, guest respond to SYN throught gateway.
Is it standard behavior
Yours
comment:4 by , 10 years ago
Replying to zoullou:
Why packet come from host public IP on the Vbox NAT Network (10.254.220.112) ?
Because that is the source address of the connection.
I found a workaround, i add a default route on guest to use 10.0.2.2 as gateway. With this default gateway, guest respond to SYN throught gateway.
If you use static/manual IP configuration in the guest with NAT Network you should set default route to 10.0.2.1 (assuming you want the guest to have external connectivity). This is not a workaround - this is normal setup. If you'd used DHCP it would configure your guest to use it.
10.0.2.2 will also work, but 10.0.2.1 is the canonical address of the NAT Network proxy.
comment:5 by , 10 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Test Case :
HOST : Windows 7 x64 Guest : CentOS 6.5 x64