VirtualBox

Ticket #20147 (new defect)

Opened 19 months ago

Problems when masquerade is enabled on host

Reported by: sblk Owned by:
Component: network Version: VirtualBox 6.1.16
Keywords: bridge,firewall,masquerade Cc:
Guest type: Linux Host type: Linux

Description

Steps to reproduce issue:

  1. Configure host linux with firewalld + enable masquerade on public zone (or configuration alike with iptables or nftables by hand)
  2. Test access to both http and https on guest side
  3. Disable masquerade on host and repeat 2

If netfilter masquerading is enabled on host, and guest is in bridge modem, both http and https don't work.

For example:

curl -I http://www.virtualbox.org
curl: (56) Recv failure: Connection reset by peer
root@techier-glossa:~# curl -I https://www.virtualbox.org
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to www.virtualbox.org:443

If I disable netfilter masquerading, it works.

In bridge mode it should not concern at all if host is doing that.

This the configuration of firewalld:

[root@munster ~]# firewall-cmd --zone=lxc --list-all

lxc (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: lxcbr0
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[root@munster ~]# firewall-cmd --zone=libvirt --list-all
libvirt (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: virbr0
  sources: 
  services: dhcp dhcpv6 dns ssh tftp
  ports: 
  protocols: icmp ipv6-icmp
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule priority="32767" reject
[root@munster ~]# firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp108s0
  sources: 
  services: dhcpv6-client kdeconnect mdns ssh
  ports: 
  protocols: 
  masquerade: yes
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

As far I know, In bridge mode it should not concern at all if host is doing that, should it?

Thanks in advance

Attachments

ubuntu-focal-20.04-cloudimg-20210119-2021-01-22-15-42-51.log Download (103.1 KB) - added by sblk 19 months ago.
VBox Log file

Change History

Changed 19 months ago by sblk

VBox Log file

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use