VirtualBox

Opened 14 years ago

Last modified 10 years ago

#6403 closed defect

BindIP does not work for inbound NAT port-forwarded connections — at Version 2

Reported by: Jason Roysdon Owned by:
Component: network/NAT Version: VirtualBox 3.1.4
Keywords: bindip Cc: vbox.20100320@…
Guest type: other Host type: other

Description (last modified by vasily Levchenko)

Linux HostOS with multiple secondary IPs bound.

1.1.1.x are public/outside addresses in this example.

eth0 - primary hostos IP 1.1.1.1

eth0:2 - secondary hostos IP 1.1.1.2

eth0:3 - secondary hostos IP 1.1.1.3

Hostos has tcp/22 bound specifically to 1.1.1.1 with sshd using the "ListenAddress 1.1.1.1" directive in sshd_config.

Now setting the guestos to bind to 1.1.1.2: 

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/BindIP" "1.1.1.2"

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/Protocol" TCP

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestPort" 22

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/HostPort" 22

Then when trying to connect to ssh -p 22 1.1.1.2 connection is refused, and wireshark dump on the hostos shows it is being reset.

Testing this by binding to tcp/23 for the guestos on the outside of the NAT: 

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/Protocol" TCP

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestPort" 22

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/HostPort" 23

Now, ssh -p 23 1.1.1.2 works. However, ssh -23 1.1.1.1 is also being forwarded to the guestos, but is not what is expected due to the BindIP of 1.1.1.2.

Hostos netstat reports guestos is binding ALL (0.0.0.0) tcp/23 connections. This should not be.

For instance, should I want to bind 1.1.1.2:80 to guestosA and 1.1.1.3:80 to guestosB, you cannot, as the first guestos that starts will bind to all 0.0.0.0:80. The BindIP should limit what IP address the NAT's are bound to.

Change History (2)

in reply to:  description comment:1 by vasily Levchenko, 14 years ago

Replying to jroysdon:

Linux HostOS with multiple secondary IPs bound.

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/BindIP" "1.1.1.2"

This parameter bind your outgoing connections to 1.1.1.2 interface.

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/Protocol" TCP

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestPort" 22

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/HostPort" 22

To bind port-forwarding to interface you need 

VBoxManage setextradata "guest os" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/BindIP" "1.1.1.2"

please see http://www.virtualbox.org/manual/ch09.html#id2548533 for more details.

comment:2 by vasily Levchenko, 14 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use