VirtualBox

Ticket #5654 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

Port Fowarding broken after update to VB 3.1 with static IP guest. => Fixed in SVN/3.1.2

Reported by: didiervdp Owned by:
Priority: major Component: network/NAT
Version: VirtualBox 3.1.0 Keywords:
Cc: Guest type: Linux
Host type: Linux

Description (last modified by Hachiman) (diff)

I've done the update to VirtualBox 3.1 (on an openSuSE 11.1). Since that, the port forwarding configuration on the guest linux I used didn't work anymore. :( The symptoms are that a netstat on the host "says" that there is nothing listening on the port 2222. I have already re-configure the guest with VBoxManage (GuestPort - HostPort - Protocol), but it didn't change anything... :/

In attach, the VB.log from the Virtual Machine.

Thanks!

Attachments

VBox.log Download (55.9 KB) - added by didiervdp 4 years ago.
Log from the VM
nat.log Download (7.4 KB) - added by didiervdp 4 years ago.
Log with debug VBoxDD.so (4 Dec 2009)
sysctl.log Download (22.1 KB) - added by didiervdp 4 years ago.
sysctl command output

Change History

Changed 4 years ago by didiervdp

Log from the VM

comment:1 Changed 4 years ago by frank

  • Component changed from other to network/NAT

comment:2 Changed 4 years ago by Hachiman

  • Description modified (diff)

Please make sure that firewall on the guest is configured or switched off.

vbox@linux-uknj:~> /etc/init.d/SuSEfirewall2_setup status
Checking the status of SuSEfirewall2                                                                                       unused

comment:3 follow-up: ↓ 4 Changed 4 years ago by didiervdp

It's tunred off:

sles11-vb:~/Desktop # /etc/init.d/SuSEfirewall2_setup status
Checking the status of SuSEfirewall2                                 unused
sles11-vb:~/Desktop # 

By the way, the port forwarding was working perfectly until the update (I was using 3.0.12) ... :/

comment:4 in reply to: ↑ 3 Changed 4 years ago by Hachiman

Replying to didiervdp: What is

# ssh -p 2222 localhost

error message do ssh print when you're trying access running guest?

comment:5 Changed 4 years ago by didiervdp

Here it is :

user@l-d530-06:~> ssh -Xvp 2222 root@localhost
OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: connect to address 127.0.0.1 port 2222: Connection refused
ssh: connect to host localhost port 2222: Connection refused

and

netstat -ant | grep 222

returns nothing...

comment:6 follow-up: ↓ 7 Changed 4 years ago by Hachiman

Still in prearing build environment, to provide debug bits ... so probably will put tomorrow link where to get debug bits.

comment:7 in reply to: ↑ 6 Changed 4 years ago by didiervdp

Replying to Hachiman:

Still in prearing build environment, to provide debug bits ... so probably will put tomorrow link where to get debug bits.

No problem!! :)

comment:8 follow-up: ↓ 9 Changed 4 years ago by Hachiman

please download  http://www.virtualbox.org/download/testcase/VBoxDD.so.5654 and replace the same library with it in your VirtualBox installation. then

# export VBOX_LOG=drv_nat.e.l2
# export VBOX_LOG_DEST=file=nat.log
# VirtualBox -startvm [name of your vm here]

please attach result log to defect.

comment:9 in reply to: ↑ 8 Changed 4 years ago by Hachiman

and don't forget to save original bit in the safe place :).

comment:10 follow-up: ↓ 11 Changed 4 years ago by didiervdp

I have done the test with the debug library.

Here is the log file (nat.log)

Changed 4 years ago by didiervdp

Log with debug VBoxDD.so (4 Dec 2009)

comment:11 in reply to: ↑ 10 ; follow-up: ↓ 13 Changed 4 years ago by Hachiman

Replying to didiervdp:

I have done the test with the debug library.

Here is the log file (nat.log)

Thank you, but looks like I need add more logging staff. Could you please add here output of your ifconfig command on guest and sysctl -a?

comment:12 follow-up: ↓ 14 Changed 4 years ago by Hachiman

And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?

comment:13 in reply to: ↑ 11 Changed 4 years ago by didiervdp

Replying to Hachiman:

Thank you, but looks like I need add more logging staff. Could you please add here output of your ifconfig command on guest and sysctl -a?

For your information, I have added a second network interface to the VM (host-only). If you prefer me to remove it, I will do it, but I need it to continue to work... :/

ifconfig :

eth0      Link encap:Ethernet  HWaddr 08:00:27:F4:D2:B7  
          inet addr:172.16.121.15  Bcast:172.16.121.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fef4:d2b7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:1208 (1.1 Kb)
          Interrupt:10 Base address:0xd020 

eth1      Link encap:Ethernet  HWaddr 08:00:27:FA:44:50  
          inet addr:192.168.56.20  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fefa:4450/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:725 errors:0 dropped:0 overruns:0 frame:0
          TX packets:727 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:51601 (50.3 Kb)  TX bytes:109775 (107.2 Kb)
          Interrupt:9 Base address:0xd240 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:892 (892.0 b)  TX bytes:892 (892.0 b)

I've put the output of "sysctl -a" into sysctl.log

Changed 4 years ago by didiervdp

sysctl command output

comment:14 in reply to: ↑ 12 ; follow-up: ↓ 15 Changed 4 years ago by didiervdp

Replying to Hachiman:

And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?

It has a static IP (but set to 172.16.121.15 as I found in the following thread :  http://forums.virtualbox.org/viewtopic.php?f=7&t=21700&start=0&hilit=port+forwarding)

comment:15 in reply to: ↑ 14 Changed 4 years ago by Hachiman

Replying to didiervdp:

Replying to Hachiman:

And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?

It has a static IP (but set to 172.16.121.15 as I found in the following thread :  http://forums.virtualbox.org/viewtopic.php?f=7&t=21700&start=0&hilit=port+forwarding)

In case of static assigned address NAT rely on ARP gratuitous reply. But I assume that SLES guest disable it by default net.ipv4.conf.eth0.arp_announce = 0 in my SLES guest. Could you please check by doing

sysclt -wa net.ipv4.conf.eth0.arp_announce=1

port-forwarding will start working for you?

comment:16 follow-up: ↓ 17 Changed 4 years ago by didiervdp

I have change the value of net.ipv4.conf.eth0.arp_announce with

sysclt -wa net.ipv4.conf.eth0.arp_announce=1

But still not working... :/

By the way, I don't think the problem is linked with the guest OS as I have an other VM (with Gentoo) with port forwarding configured where it was working before the update and it's broken now... :(

comment:17 in reply to: ↑ 16 ; follow-up: ↓ 18 Changed 4 years ago by Hachiman

Replying to didiervdp:

I have change the value of net.ipv4.conf.eth0.arp_announce with

sysclt -wa net.ipv4.conf.eth0.arp_announce=1

But still not working... :/

By the way, I don't think the problem is linked with the guest OS as I have an other VM (with Gentoo) with port forwarding configured where it was working before the update and it's broken now... :(

Does your gentoo guest using dhcp or it statically configured?

comment:18 in reply to: ↑ 17 ; follow-up: ↓ 19 Changed 4 years ago by didiervdp

Replying to Hachiman:

Does your gentoo guest using dhcp or it statically configured?

Statically.

If you want, I can do a test aith a new VM configured in DHCP... :)

comment:19 in reply to: ↑ 18 ; follow-up: ↓ 20 Changed 4 years ago by Hachiman

Replying to didiervdp:

Replying to Hachiman:

Does your gentoo guest using dhcp or it statically configured?

Statically.

If you want, I can do a test aith a new VM configured in DHCP... :)

I'd appreciated, at least it'd localize problem to static only, I hope :).

comment:20 in reply to: ↑ 19 ; follow-up: ↓ 24 Changed 4 years ago by didiervdp

Replying to Hachiman:

I'd appreciated, at least it'd localize problem to static only, I hope :).

Ok, I have just finished the installation and the test on a "DHCP configured" VM. And I have good news : It's working!!! Here are the results :

l-d530-06:/ # netstat -antp | grep 2222
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      28383/VirtualBox
user1@l-d530-06:~> ssh -p 2222 root@localhost
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is 29:b7:2f:ce:24:1f:d2:c1:cf:0a:7a:55:68:d3:24:7e.
Are you sure you want to continue connecting (yes/no)? 

comment:21 Changed 4 years ago by Hachiman

Good, so I will change subject. And here I was able reproduce it locally. Hope will be able offer you test bits for verification.

comment:22 Changed 4 years ago by Hachiman

  • Summary changed from Port Fowarding broken after update to VB 3.1 to Port Fowarding broken after update to VB 3.1 on self IP assignment guest.

comment:23 Changed 4 years ago by Hachiman

  • Summary changed from Port Fowarding broken after update to VB 3.1 on self IP assignment guest. to Port Fowarding broken after update to VB 3.1 with static IP guest.

comment:24 in reply to: ↑ 20 Changed 4 years ago by Hachiman

Replying to didiervdp: Could you please try  http://www.virtualbox.org/download/testcase/VBoxDD.so.5654.fix? Note:

# VBoxManage setextradata "Linux guest" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestIP" "your static assignment"
# VBoxManage modifyvm "Linux guest" --natnet1 "network"

network, e.g. "172.23/16"

comment:25 follow-up: ↓ 26 Changed 4 years ago by Hachiman

The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.

comment:26 in reply to: ↑ 25 ; follow-up: ↓ 27 Changed 4 years ago by didiervdp

Replying to Hachiman:

The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.

I will try that on Monday (the VM is at work... :/)... Does it means it's possible now to set any IP we want in NAT and not only the x.x.x.15 ?? :)

Thanks for your work!!!

comment:27 in reply to: ↑ 26 Changed 4 years ago by Hachiman

Replying to didiervdp:

Replying to Hachiman:

The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.

I will try that on Monday (the VM is at work... :/)... Does it means it's possible now to set any IP we want in NAT and not only the x.x.x.15 ?? :)

Yes now it should work. the only problem is in-persistent of network configuration Network attribute in NAT tag is disappear from time to time trying to figure out why it happens. but it easily detect when network is up that and x.x.x.2 (router) is ping-able that network attribute is applied if no then you need repeat :(.

# VBoxManage modifyvm "Linux guest" --natnet1 "network"

Hope to the monday I'll find the root cause of this new problem.

Thanks for your work!!!

comment:28 follow-up: ↓ 29 Changed 4 years ago by didiervdp

Hi,

I have done the test with the new VBoxDD.so file and the new config (GuestIP) but it isn't working... :( Port 2222 on Host is not open... :(

comment:29 in reply to: ↑ 28 ; follow-up: ↓ 30 Changed 4 years ago by Hachiman

Replying to didiervdp:

Hi,

I have done the test with the new VBoxDD.so file and the new config (GuestIP) but it isn't working... :( Port 2222 on Host is not open... :(

Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?

comment:30 in reply to: ↑ 29 ; follow-up: ↓ 31 Changed 4 years ago by didiervdp

Replying to Hachiman:

Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?

Ok! Sorry for my previous message!!! Indeed, it works!

When you mention the tag NAT could disappear from time to time, I didn't thought it was so often :( To have it works, I had to execute the command 5x.

Another strange thing is the Host Port seems to not be open directly :( I have to login locally on the Guest, test the ping of the Gateway, then the Host port has been open... :/

I have just done a test (closed VB interface, start VB interface, start the Guest) and the tag has disappear on start. When I left VB open, then add the TAG and start the Guest, it seems to stay.

comment:31 in reply to: ↑ 30 Changed 4 years ago by Hachiman

Replying to didiervdp:

Replying to Hachiman:

Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?

Ok! Sorry for my previous message!!! Indeed, it works!

good, so basic functionality is working for you. that good. thanks for feedback.

When you mention the tag NAT could disappear from time to time, I didn't thought it was so often :( To have it works, I had to execute the command 5x.

Yep, still require investigation.

Another strange thing is the Host Port seems to not be open directly :( I have to login locally on the Guest, test the ping of the Gateway, then the Host port has been open... :/

Right, answering the ping NAT tries to find Ether address to response (in DHCP cache which is empty, because of static assignment and in own ARP cache, which filled before pong with ARP request). I assumed that most guests announce it's IP assignment with ARP gratuitous request, but in case of SuSE it's assumption is wrong. Will try found more "intelligent" solution :).

I have just done a test (closed VB interface, start VB interface, start the Guest) and the tag has disappear on start. When I left VB open, then add the TAG and start the Guest, it seems to stay.

Thanks for investigation.

comment:32 follow-up: ↓ 33 Changed 4 years ago by didiervdp

I have done a test with a Gentoo Guest, but it's not working... :( I can ping the Gateway and the tag is set. :/

This is just for information/investigation, I don't need this Guest for the moment :)

For info, this vm has the same IP than the Suse (I have stopped the Suse of course... ;) ) and the Hostport is 2223...

comment:33 in reply to: ↑ 32 ; follow-up: ↓ 34 Changed 4 years ago by Hachiman

Replying to didiervdp:

I have done a test with a Gentoo Guest, but it's not working... :( I can ping the Gateway and the tag is set. :/

This is just for information/investigation, I don't need this Guest for the moment :)

For info, this vm has the same IP than the Suse (I have stopped the Suse of course... ;) ) and the Hostport is 2223...

Which of version gentoo is it? and except of static assignment have you set other non-default network setting (sysctl)?

comment:34 in reply to: ↑ 33 Changed 4 years ago by didiervdp

Replying to Hachiman:

Which of version gentoo is it? and except of static assignment have you set other non-default network setting (sysctl)?

It Gentoo R8 and I have done no change with sysctl. I can't get the output of sysctl -a for the moment :/

comment:35 Changed 4 years ago by Hachiman

  • Summary changed from Port Fowarding broken after update to VB 3.1 with static IP guest. to Port Fowarding broken after update to VB 3.1 with static IP guest. => Fixed in SVN/3.1.2

comment:36 Changed 4 years ago by didiervdp

Great!

Thanks a lot for your investigation and great work!!!

comment:37 Changed 4 years ago by frank

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use