VirtualBox

Opened 14 years ago

Closed 14 years ago

#5654 closed defect (fixed)

Port Fowarding broken after update to VB 3.1 with static IP guest. => Fixed in SVN/3.1.2

Reported by: didiervdp Owned by:
Component: network/NAT Version: VirtualBox 3.1.0
Keywords: Cc:
Guest type: Linux Host type: Linux

Description (last modified by vasily Levchenko)

I've done the update to VirtualBox 3.1 (on an openSuSE 11.1). Since that, the port forwarding configuration on the guest linux I used didn't work anymore. :( The symptoms are that a netstat on the host "says" that there is nothing listening on the port 2222. I have already re-configure the guest with VBoxManage (GuestPort - HostPort - Protocol), but it didn't change anything... :/

In attach, the VB.log from the Virtual Machine.

Thanks!

Attachments (3)

VBox.log (55.9 KB ) - added by didiervdp 14 years ago.
Log from the VM
nat.log (7.4 KB ) - added by didiervdp 14 years ago.
Log with debug VBoxDD.so (4 Dec 2009)
sysctl.log (22.1 KB ) - added by didiervdp 14 years ago.
sysctl command output

Download all attachments as: .zip

Change History (40)

by didiervdp, 14 years ago

Attachment: VBox.log added

Log from the VM

comment:1 by Frank Mehnert, 14 years ago

Component: othernetwork/NAT

comment:2 by vasily Levchenko, 14 years ago

Description: modified (diff)

Please make sure that firewall on the guest is configured or switched off.

vbox@linux-uknj:~> /etc/init.d/SuSEfirewall2_setup status
Checking the status of SuSEfirewall2                                                                                       unused

comment:3 by didiervdp, 14 years ago

It's tunred off:

sles11-vb:~/Desktop # /etc/init.d/SuSEfirewall2_setup status
Checking the status of SuSEfirewall2                                 unused
sles11-vb:~/Desktop # 

By the way, the port forwarding was working perfectly until the update (I was using 3.0.12) ... :/

in reply to:  3 comment:4 by vasily Levchenko, 14 years ago

Replying to didiervdp: What is

# ssh -p 2222 localhost

error message do ssh print when you're trying access running guest?

comment:5 by didiervdp, 14 years ago

Here it is :

user@l-d530-06:~> ssh -Xvp 2222 root@localhost
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: connect to address 127.0.0.1 port 2222: Connection refused
ssh: connect to host localhost port 2222: Connection refused

and

netstat -ant | grep 222

returns nothing...

comment:6 by vasily Levchenko, 14 years ago

Still in prearing build environment, to provide debug bits ... so probably will put tomorrow link where to get debug bits.

in reply to:  6 comment:7 by didiervdp, 14 years ago

Replying to Hachiman:

Still in prearing build environment, to provide debug bits ... so probably will put tomorrow link where to get debug bits.

No problem!! :)

comment:8 by vasily Levchenko, 14 years ago

please download http://www.virtualbox.org/download/testcase/VBoxDD.so.5654 and replace the same library with it in your VirtualBox installation. then

# export VBOX_LOG=drv_nat.e.l2
# export VBOX_LOG_DEST=file=nat.log
# VirtualBox -startvm [name of your vm here]

please attach result log to defect.

in reply to:  8 comment:9 by vasily Levchenko, 14 years ago

and don't forget to save original bit in the safe place :).

comment:10 by didiervdp, 14 years ago

I have done the test with the debug library.

Here is the log file (nat.log)

by didiervdp, 14 years ago

Attachment: nat.log added

Log with debug VBoxDD.so (4 Dec 2009)

in reply to:  10 ; comment:11 by vasily Levchenko, 14 years ago

Replying to didiervdp:

I have done the test with the debug library.

Here is the log file (nat.log)

Thank you, but looks like I need add more logging staff. Could you please add here output of your ifconfig command on guest and sysctl -a?

comment:12 by vasily Levchenko, 14 years ago

And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?

in reply to:  11 comment:13 by didiervdp, 14 years ago

Replying to Hachiman:

Thank you, but looks like I need add more logging staff. Could you please add here output of your ifconfig command on guest and sysctl -a?

For your information, I have added a second network interface to the VM (host-only). If you prefer me to remove it, I will do it, but I need it to continue to work... :/

ifconfig :

eth0      Link encap:Ethernet  HWaddr 08:00:27:F4:D2:B7  
          inet addr:172.16.121.15  Bcast:172.16.121.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fef4:d2b7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:1208 (1.1 Kb)
          Interrupt:10 Base address:0xd020 

eth1      Link encap:Ethernet  HWaddr 08:00:27:FA:44:50  
          inet addr:192.168.56.20  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fefa:4450/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:725 errors:0 dropped:0 overruns:0 frame:0
          TX packets:727 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:51601 (50.3 Kb)  TX bytes:109775 (107.2 Kb)
          Interrupt:9 Base address:0xd240 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:892 (892.0 b)  TX bytes:892 (892.0 b)

I've put the output of "sysctl -a" into sysctl.log

by didiervdp, 14 years ago

Attachment: sysctl.log added

sysctl command output

in reply to:  12 ; comment:14 by didiervdp, 14 years ago

Replying to Hachiman:

And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?

It has a static IP (but set to 172.16.121.15 as I found in the following thread : http://forums.virtualbox.org/viewtopic.php?f=7&t=21700&start=0&hilit=port+forwarding)

in reply to:  14 comment:15 by vasily Levchenko, 14 years ago

Replying to didiervdp:

Replying to Hachiman:

And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?

It has a static IP (but set to 172.16.121.15 as I found in the following thread : http://forums.virtualbox.org/viewtopic.php?f=7&t=21700&start=0&hilit=port+forwarding)

In case of static assigned address NAT rely on ARP gratuitous reply. But I assume that SLES guest disable it by default net.ipv4.conf.eth0.arp_announce = 0 in my SLES guest. Could you please check by doing

sysclt -wa net.ipv4.conf.eth0.arp_announce=1

port-forwarding will start working for you?

comment:16 by didiervdp, 14 years ago

I have change the value of net.ipv4.conf.eth0.arp_announce with

sysclt -wa net.ipv4.conf.eth0.arp_announce=1

But still not working... :/

By the way, I don't think the problem is linked with the guest OS as I have an other VM (with Gentoo) with port forwarding configured where it was working before the update and it's broken now... :(

in reply to:  16 ; comment:17 by vasily Levchenko, 14 years ago

Replying to didiervdp:

I have change the value of net.ipv4.conf.eth0.arp_announce with

sysclt -wa net.ipv4.conf.eth0.arp_announce=1

But still not working... :/

By the way, I don't think the problem is linked with the guest OS as I have an other VM (with Gentoo) with port forwarding configured where it was working before the update and it's broken now... :(

Does your gentoo guest using dhcp or it statically configured?

in reply to:  17 ; comment:18 by didiervdp, 14 years ago

Replying to Hachiman:

Does your gentoo guest using dhcp or it statically configured?

Statically.

If you want, I can do a test aith a new VM configured in DHCP... :)

in reply to:  18 ; comment:19 by vasily Levchenko, 14 years ago

Replying to didiervdp:

Replying to Hachiman:

Does your gentoo guest using dhcp or it statically configured?

Statically.

If you want, I can do a test aith a new VM configured in DHCP... :)

I'd appreciated, at least it'd localize problem to static only, I hope :).

in reply to:  19 ; comment:20 by didiervdp, 14 years ago

Replying to Hachiman:

I'd appreciated, at least it'd localize problem to static only, I hope :).

Ok, I have just finished the installation and the test on a "DHCP configured" VM. And I have good news : It's working!!! Here are the results :

l-d530-06:/ # netstat -antp | grep 2222
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      28383/VirtualBox
user1@l-d530-06:~> ssh -p 2222 root@localhost
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is 29:b7:2f:ce:24:1f:d2:c1:cf:0a:7a:55:68:d3:24:7e.
Are you sure you want to continue connecting (yes/no)? 

comment:21 by vasily Levchenko, 14 years ago

Good, so I will change subject. And here I was able reproduce it locally. Hope will be able offer you test bits for verification.

comment:22 by vasily Levchenko, 14 years ago

Summary: Port Fowarding broken after update to VB 3.1Port Fowarding broken after update to VB 3.1 on self IP assignment guest.

comment:23 by vasily Levchenko, 14 years ago

Summary: Port Fowarding broken after update to VB 3.1 on self IP assignment guest.Port Fowarding broken after update to VB 3.1 with static IP guest.

in reply to:  20 comment:24 by vasily Levchenko, 14 years ago

Replying to didiervdp: Could you please try http://www.virtualbox.org/download/testcase/VBoxDD.so.5654.fix? Note:

# VBoxManage setextradata "Linux guest" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestIP" "your static assignment"
# VBoxManage modifyvm "Linux guest" --natnet1 "network"

network, e.g. "172.23/16"

comment:25 by vasily Levchenko, 14 years ago

The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.

in reply to:  25 ; comment:26 by didiervdp, 14 years ago

Replying to Hachiman:

The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.

I will try that on Monday (the VM is at work... :/)... Does it means it's possible now to set any IP we want in NAT and not only the x.x.x.15 ?? :)

Thanks for your work!!!

in reply to:  26 comment:27 by vasily Levchenko, 14 years ago

Replying to didiervdp:

Replying to Hachiman:

The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.

I will try that on Monday (the VM is at work... :/)... Does it means it's possible now to set any IP we want in NAT and not only the x.x.x.15 ?? :)

Yes now it should work. the only problem is in-persistent of network configuration Network attribute in NAT tag is disappear from time to time trying to figure out why it happens. but it easily detect when network is up that and x.x.x.2 (router) is ping-able that network attribute is applied if no then you need repeat :(.

# VBoxManage modifyvm "Linux guest" --natnet1 "network"

Hope to the monday I'll find the root cause of this new problem.

Thanks for your work!!!

comment:28 by didiervdp, 14 years ago

Hi,

I have done the test with the new VBoxDD.so file and the new config (GuestIP) but it isn't working... :( Port 2222 on Host is not open... :(

in reply to:  28 ; comment:29 by vasily Levchenko, 14 years ago

Replying to didiervdp:

Hi,

I have done the test with the new VBoxDD.so file and the new config (GuestIP) but it isn't working... :( Port 2222 on Host is not open... :(

Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?

in reply to:  29 ; comment:30 by didiervdp, 14 years ago

Replying to Hachiman:

Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?

Ok! Sorry for my previous message!!! Indeed, it works!

When you mention the tag NAT could disappear from time to time, I didn't thought it was so often :( To have it works, I had to execute the command 5x.

Another strange thing is the Host Port seems to not be open directly :( I have to login locally on the Guest, test the ping of the Gateway, then the Host port has been open... :/

I have just done a test (closed VB interface, start VB interface, start the Guest) and the tag has disappear on start. When I left VB open, then add the TAG and start the Guest, it seems to stay.

in reply to:  30 comment:31 by vasily Levchenko, 14 years ago

Replying to didiervdp:

Replying to Hachiman:

Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?

Ok! Sorry for my previous message!!! Indeed, it works!

good, so basic functionality is working for you. that good. thanks for feedback.

When you mention the tag NAT could disappear from time to time, I didn't thought it was so often :( To have it works, I had to execute the command 5x.

Yep, still require investigation.

Another strange thing is the Host Port seems to not be open directly :( I have to login locally on the Guest, test the ping of the Gateway, then the Host port has been open... :/

Right, answering the ping NAT tries to find Ether address to response (in DHCP cache which is empty, because of static assignment and in own ARP cache, which filled before pong with ARP request). I assumed that most guests announce it's IP assignment with ARP gratuitous request, but in case of SuSE it's assumption is wrong. Will try found more "intelligent" solution :).

I have just done a test (closed VB interface, start VB interface, start the Guest) and the tag has disappear on start. When I left VB open, then add the TAG and start the Guest, it seems to stay.

Thanks for investigation.

comment:32 by didiervdp, 14 years ago

I have done a test with a Gentoo Guest, but it's not working... :( I can ping the Gateway and the tag is set. :/

This is just for information/investigation, I don't need this Guest for the moment :)

For info, this vm has the same IP than the Suse (I have stopped the Suse of course... ;) ) and the Hostport is 2223...

in reply to:  32 ; comment:33 by vasily Levchenko, 14 years ago

Replying to didiervdp:

I have done a test with a Gentoo Guest, but it's not working... :( I can ping the Gateway and the tag is set. :/

This is just for information/investigation, I don't need this Guest for the moment :)

For info, this vm has the same IP than the Suse (I have stopped the Suse of course... ;) ) and the Hostport is 2223...

Which of version gentoo is it? and except of static assignment have you set other non-default network setting (sysctl)?

in reply to:  33 comment:34 by didiervdp, 14 years ago

Replying to Hachiman:

Which of version gentoo is it? and except of static assignment have you set other non-default network setting (sysctl)?

It Gentoo R8 and I have done no change with sysctl. I can't get the output of sysctl -a for the moment :/

comment:35 by vasily Levchenko, 14 years ago

Summary: Port Fowarding broken after update to VB 3.1 with static IP guest.Port Fowarding broken after update to VB 3.1 with static IP guest. => Fixed in SVN/3.1.2

comment:36 by didiervdp, 14 years ago

Great!

Thanks a lot for your investigation and great work!!!

comment:37 by Frank Mehnert, 14 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use