Opened 15 years ago
Closed 15 years ago
#5654 closed defect (fixed)
Port Fowarding broken after update to VB 3.1 with static IP guest. => Fixed in SVN/3.1.2
Reported by: | didiervdp | Owned by: | |
---|---|---|---|
Component: | network/NAT | Version: | VirtualBox 3.1.0 |
Keywords: | Cc: | ||
Guest type: | Linux | Host type: | Linux |
Description (last modified by )
I've done the update to VirtualBox 3.1 (on an openSuSE 11.1). Since that, the port forwarding configuration on the guest linux I used didn't work anymore. :( The symptoms are that a netstat on the host "says" that there is nothing listening on the port 2222. I have already re-configure the guest with VBoxManage (GuestPort - HostPort - Protocol), but it didn't change anything... :/
In attach, the VB.log from the Virtual Machine.
Thanks!
Attachments (3)
Change History (40)
by , 15 years ago
comment:1 by , 15 years ago
Component: | other → network/NAT |
---|
comment:2 by , 15 years ago
Description: | modified (diff) |
---|
Please make sure that firewall on the guest is configured or switched off.
vbox@linux-uknj:~> /etc/init.d/SuSEfirewall2_setup status Checking the status of SuSEfirewall2 unused
follow-up: 4 comment:3 by , 15 years ago
It's tunred off:
sles11-vb:~/Desktop # /etc/init.d/SuSEfirewall2_setup status Checking the status of SuSEfirewall2 unused sles11-vb:~/Desktop #
By the way, the port forwarding was working perfectly until the update (I was using 3.0.12) ... :/
comment:4 by , 15 years ago
Replying to didiervdp: What is
# ssh -p 2222 localhost
error message do ssh print when you're trying access running guest?
comment:5 by , 15 years ago
Here it is :
user@l-d530-06:~> ssh -Xvp 2222 root@localhost OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 2222. debug1: connect to address 127.0.0.1 port 2222: Connection refused ssh: connect to host localhost port 2222: Connection refused
and
netstat -ant | grep 222
returns nothing...
follow-up: 7 comment:6 by , 15 years ago
Still in prearing build environment, to provide debug bits ... so probably will put tomorrow link where to get debug bits.
comment:7 by , 15 years ago
Replying to Hachiman:
Still in prearing build environment, to provide debug bits ... so probably will put tomorrow link where to get debug bits.
No problem!! :)
follow-up: 9 comment:8 by , 15 years ago
please download http://www.virtualbox.org/download/testcase/VBoxDD.so.5654 and replace the same library with it in your VirtualBox installation. then
# export VBOX_LOG=drv_nat.e.l2 # export VBOX_LOG_DEST=file=nat.log # VirtualBox -startvm [name of your vm here]
please attach result log to defect.
follow-up: 11 comment:10 by , 15 years ago
I have done the test with the debug library.
Here is the log file (nat.log)
follow-up: 13 comment:11 by , 15 years ago
Replying to didiervdp:
I have done the test with the debug library.
Here is the log file (nat.log)
Thank you, but looks like I need add more logging staff. Could you please add here output of your ifconfig command on guest and sysctl -a?
follow-up: 14 comment:12 by , 15 years ago
And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?
comment:13 by , 15 years ago
Replying to Hachiman:
Thank you, but looks like I need add more logging staff. Could you please add here output of your ifconfig command on guest and sysctl -a?
For your information, I have added a second network interface to the VM (host-only). If you prefer me to remove it, I will do it, but I need it to continue to work... :/
ifconfig :
eth0 Link encap:Ethernet HWaddr 08:00:27:F4:D2:B7 inet addr:172.16.121.15 Bcast:172.16.121.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fef4:d2b7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:1208 (1.1 Kb) Interrupt:10 Base address:0xd020 eth1 Link encap:Ethernet HWaddr 08:00:27:FA:44:50 inet addr:192.168.56.20 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fefa:4450/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:725 errors:0 dropped:0 overruns:0 frame:0 TX packets:727 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:51601 (50.3 Kb) TX bytes:109775 (107.2 Kb) Interrupt:9 Base address:0xd240 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:892 (892.0 b) TX bytes:892 (892.0 b)
I've put the output of "sysctl -a" into sysctl.log
follow-up: 15 comment:14 by , 15 years ago
Replying to Hachiman:
And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?
It has a static IP (but set to 172.16.121.15 as I found in the following thread : http://forums.virtualbox.org/viewtopic.php?f=7&t=21700&start=0&hilit=port+forwarding)
comment:15 by , 15 years ago
Replying to didiervdp:
Replying to Hachiman:
And have your guest is configured to obtain IP via DHCP or it's got statically assigned address ?
It has a static IP (but set to 172.16.121.15 as I found in the following thread : http://forums.virtualbox.org/viewtopic.php?f=7&t=21700&start=0&hilit=port+forwarding)
In case of static assigned address NAT rely on ARP gratuitous reply. But I assume that SLES guest disable it by default net.ipv4.conf.eth0.arp_announce = 0 in my SLES guest. Could you please check by doing
sysclt -wa net.ipv4.conf.eth0.arp_announce=1
port-forwarding will start working for you?
follow-up: 17 comment:16 by , 15 years ago
I have change the value of net.ipv4.conf.eth0.arp_announce with
sysclt -wa net.ipv4.conf.eth0.arp_announce=1
But still not working... :/
By the way, I don't think the problem is linked with the guest OS as I have an other VM (with Gentoo) with port forwarding configured where it was working before the update and it's broken now... :(
follow-up: 18 comment:17 by , 15 years ago
Replying to didiervdp:
I have change the value of net.ipv4.conf.eth0.arp_announce with
sysclt -wa net.ipv4.conf.eth0.arp_announce=1But still not working... :/
By the way, I don't think the problem is linked with the guest OS as I have an other VM (with Gentoo) with port forwarding configured where it was working before the update and it's broken now... :(
Does your gentoo guest using dhcp or it statically configured?
follow-up: 19 comment:18 by , 15 years ago
Replying to Hachiman:
Does your gentoo guest using dhcp or it statically configured?
Statically.
If you want, I can do a test aith a new VM configured in DHCP... :)
follow-up: 20 comment:19 by , 15 years ago
follow-up: 24 comment:20 by , 15 years ago
Replying to Hachiman:
I'd appreciated, at least it'd localize problem to static only, I hope :).
Ok, I have just finished the installation and the test on a "DHCP configured" VM. And I have good news : It's working!!! Here are the results :
l-d530-06:/ # netstat -antp | grep 2222 tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 28383/VirtualBox
user1@l-d530-06:~> ssh -p 2222 root@localhost The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established. RSA key fingerprint is 29:b7:2f:ce:24:1f:d2:c1:cf:0a:7a:55:68:d3:24:7e. Are you sure you want to continue connecting (yes/no)?
comment:21 by , 15 years ago
Good, so I will change subject. And here I was able reproduce it locally. Hope will be able offer you test bits for verification.
comment:22 by , 15 years ago
Summary: | Port Fowarding broken after update to VB 3.1 → Port Fowarding broken after update to VB 3.1 on self IP assignment guest. |
---|
comment:23 by , 15 years ago
Summary: | Port Fowarding broken after update to VB 3.1 on self IP assignment guest. → Port Fowarding broken after update to VB 3.1 with static IP guest. |
---|
comment:24 by , 15 years ago
Replying to didiervdp: Could you please try http://www.virtualbox.org/download/testcase/VBoxDD.so.5654.fix? Note:
# VBoxManage setextradata "Linux guest" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestIP" "your static assignment" # VBoxManage modifyvm "Linux guest" --natnet1 "network"
network, e.g. "172.23/16"
follow-up: 26 comment:25 by , 15 years ago
The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.
follow-up: 27 comment:26 by , 15 years ago
Replying to Hachiman:
The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.
I will try that on Monday (the VM is at work... :/)... Does it means it's possible now to set any IP we want in NAT and not only the x.x.x.15 ?? :)
Thanks for your work!!!
comment:27 by , 15 years ago
Replying to didiervdp:
Replying to Hachiman:
The reason for such problems is that in 3.1 port-forwarding became more dynamic, that mean it accept connection when pairs GuestIP<->Ether is set. That possible when ARP cache (appears in 3.1 as well) of NAT contains corresponded pair.
I will try that on Monday (the VM is at work... :/)... Does it means it's possible now to set any IP we want in NAT and not only the x.x.x.15 ?? :)
Yes now it should work. the only problem is in-persistent of network configuration Network attribute in NAT tag is disappear from time to time trying to figure out why it happens. but it easily detect when network is up that and x.x.x.2 (router) is ping-able that network attribute is applied if no then you need repeat :(.
# VBoxManage modifyvm "Linux guest" --natnet1 "network"
Hope to the monday I'll find the root cause of this new problem.
Thanks for your work!!!
follow-up: 29 comment:28 by , 15 years ago
Hi,
I have done the test with the new VBoxDD.so file and the new config (GuestIP) but it isn't working... :( Port 2222 on Host is not open... :(
follow-up: 30 comment:29 by , 15 years ago
Replying to didiervdp:
Hi,
I have done the test with the new VBoxDD.so file and the new config (GuestIP) but it isn't working... :( Port 2222 on Host is not open... :(
Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?
follow-up: 31 comment:30 by , 15 years ago
Replying to Hachiman:
Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?
Ok! Sorry for my previous message!!! Indeed, it works!
When you mention the tag NAT could disappear from time to time, I didn't thought it was so often :( To have it works, I had to execute the command 5x.
Another strange thing is the Host Port seems to not be open directly :( I have to login locally on the Guest, test the ping of the Gateway, then the Host port has been open... :/
I have just done a test (closed VB interface, start VB interface, start the Guest) and the tag has disappear on start. When I left VB open, then add the TAG and start the Guest, it seems to stay.
comment:31 by , 15 years ago
Replying to didiervdp:
Replying to Hachiman:
Could you please check that xml file contains non-empty tag entry <NAT Network="your network"> and that gateway is x.x.x.2 is pingable?
Ok! Sorry for my previous message!!! Indeed, it works!
good, so basic functionality is working for you. that good. thanks for feedback.
When you mention the tag NAT could disappear from time to time, I didn't thought it was so often :( To have it works, I had to execute the command 5x.
Yep, still require investigation.
Another strange thing is the Host Port seems to not be open directly :( I have to login locally on the Guest, test the ping of the Gateway, then the Host port has been open... :/
Right, answering the ping NAT tries to find Ether address to response (in DHCP cache which is empty, because of static assignment and in own ARP cache, which filled before pong with ARP request). I assumed that most guests announce it's IP assignment with ARP gratuitous request, but in case of SuSE it's assumption is wrong. Will try found more "intelligent" solution :).
I have just done a test (closed VB interface, start VB interface, start the Guest) and the tag has disappear on start. When I left VB open, then add the TAG and start the Guest, it seems to stay.
Thanks for investigation.
follow-up: 33 comment:32 by , 15 years ago
I have done a test with a Gentoo Guest, but it's not working... :( I can ping the Gateway and the tag is set. :/
This is just for information/investigation, I don't need this Guest for the moment :)
For info, this vm has the same IP than the Suse (I have stopped the Suse of course... ;) ) and the Hostport is 2223...
follow-up: 34 comment:33 by , 15 years ago
Replying to didiervdp:
I have done a test with a Gentoo Guest, but it's not working... :( I can ping the Gateway and the tag is set. :/
This is just for information/investigation, I don't need this Guest for the moment :)
For info, this vm has the same IP than the Suse (I have stopped the Suse of course... ;) ) and the Hostport is 2223...
Which of version gentoo is it? and except of static assignment have you set other non-default network setting (sysctl)?
comment:34 by , 15 years ago
Replying to Hachiman:
Which of version gentoo is it? and except of static assignment have you set other non-default network setting (sysctl)?
It Gentoo R8 and I have done no change with sysctl. I can't get the output of sysctl -a for the moment :/
comment:35 by , 15 years ago
Summary: | Port Fowarding broken after update to VB 3.1 with static IP guest. → Port Fowarding broken after update to VB 3.1 with static IP guest. => Fixed in SVN/3.1.2 |
---|
comment:37 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Log from the VM