E
E
Evgeny2017-12-01 12:46:16
linux
Evgeny, 2017-12-01 12:46:16

Why is the guest system not accessible by external IP to itself?

Hello dear community!
There was the following problem, which could not be solved with a swoop:
There is an Ubuntu host running Windows on it in VirtualBox.
Host network address 192.168.1.1/24 (interface br0). The network on VirtualBox is raised in the virtual host adapter mode: the address of the virtual adapter is 192.168.56.1/24 (vboxnet0 interface), the address of the guest system's network adapter itself is 192.168.56.2/24.
In total, in order for the machine to be visible from the local network of the host (192.168.1.0/24), a number of rules have been created for iptables:

iptables -A INPUT -i br0 -p tcp -m tcp --dport 8081 -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --dport 8081 -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.56.2:8081

As a result, when accessing the address 192.168.1.1:8081 from the 192.168.1.0/24 network, all requests are redirected to the guest system. But! If you make a request to the address 192.168.1.1:8081 from the guest system itself, then there will be no response ... I

found information about "Hairpin NAT" on the network, but adding such a rule did not solve the problem:
iptables -t nat -A POSTROUTING -d 192.168.56.2 -p tcp --dport 8081 -j MASQUERADE

I ask experienced colleagues to indicate the right direction to solve this problem.

PS
I know about the curvature of the solution itself, but very specific software is running on the guest system, which requires just such a scheme.
PPS
I also know about the existence of NAT in VirtualBox and it works, but there are problems with the above-mentioned specific software. The technical support of the software manufacturer sins on the incorrect implementation of NAT from VirtualBox, which is most likely not the case, but to eliminate this factor, you need to switch to the "native" implementation of traffic redirection.

UPDATE:
The above solution, the so-called Hairpin or Reflection NAT, is absolutely working. But, for some reason, only not in the case of VirtualBox. A physical network card was additionally installed in the system, on which a scheme similar to that with a guest system on VirtualBox was assembled. The corresponding iptables rules, network adapter settings were set, and this solution functioned properly in the original environment, which, in turn, proved its validity.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
Dmitry Aleksandrov, 2017-12-01
@jamakasi666

Can it be easier to transfer the network to Bridged mode and close the extra ports with a firewall directly in windows?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question