Port-forwarding

satimis · 05-20-2014, 10:53 PM

Hi all,

Host Ubuntu 12.04 desktop 64bit
Guest Ubuntu 12.04 LAMP/desktop 64bit
VirtualBox
2 NICs
Optic Fibre Broadband connection - interface
(connected to onboard NIC)
Static IP
Router not available

Host:-
$ cat /etc/network/interfaces

Code:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
     address xx.xx.xxx.xx (static IP)
     dns-nameservers xxx.xxx.xxx.xxx  xxx.xxx.xxx.xxx
     netmask 255.255.255.252
     broadcast xx.xx.xxx.xx
     gateway xx.xx.xxx.xx

Guest:-
$ cat /etc/network/interfaces

Code:

auto lo
iface lo inet loopback

$ sudo ifconfig
[sudo] password for satimis:

Code:

eth5      Link encap:Ethernet  HWaddr 08:00:27:d3:83:91  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fed3:8391/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:85 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:32891 (32.8 KB)  TX bytes:16748 (16.7 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:40 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3724 (3.7 KB)  TX bytes:3724 (3.7 KB)

Network -> Adpater 1
Enable Network Adapter
Attached to: NAT

Please advise how to setup port-forwarding assigning a static IP to Guest so that the webserver can be connected/browsed on Internet. I have been searching a while and couldn't find a guide to follow. Pointers would be appreciatd.

Thanks

Rgds
satimis

suicidaleggroll · 05-21-2014, 10:06 AM

Have you tried searching? I hate to be "that guy", but a simple Google search for "virtualbox nat port forwarding" returns over 60k results, the top ten of which all answer the question you're asking here. Here's one from the VirtualBox manual itself:
http://www.virtualbox.org/manual/ch06.html#natforward

Do you have some complication with your setup that those guides don't address? Are you having troubles on any of the steps?

GunFighT · 05-23-2014, 02:10 PM

Hello,

Here is a example for you:

Code:

iptables -I FORWARD -p tcp -d 192.168.50.2 --dport 443 -j ACCEPT -m comment --comment "https accept port"
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 443 -j DNAT --to-destination 192.168.50.2:443 -m comment --comment "https to NetworkStorage"

satimis · 05-24-2014, 12:56 AM

Hi all,

Thanks for your advice.

Sorry for not explaining clear on my posting.

What I'm trying to achieve is:

Behind a router I can assign static IP to all VMs which are running webserver/website for testing. If I need VM1, for example, to be browsed on Internet I just on router forward all ports to the static IP of VM1.

If without a router and VM1 running on NAT what can I do? How can I made VM1 to be browsed on Internet?

TIA

Rgds
satimis

GunFighT · 05-24-2014, 06:55 AM

Well, on what type of OS are you running the virtual machine?
If you exlude the router, you need to forward the ports from the machine you are running this VMs.
For Linux, the type of firewall configuration remains the same like I posted above.

I`ll give you another example for HTTP traffic:
Lets say that eth0 is the interface WAN from the server, and the IP 192.168.50.2 is the static ip from VM1.

Quote:

iptables -I FORWARD -p tcp -d 192.168.50.2 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.50.2:80

satimis · 05-24-2014, 09:27 AM

Quote:

Originally Posted by GunFighT

Well, on what type of OS are you running the virtual machine?

Host Ubuntu 12.04 desktop
Guests Ubuntu/Debian/LinuxMint/Fedora etc.

Quote:

If you exlude the router, you need to forward the ports from the machine you are running this VMs.

That is what I'm searching for? Whether it is possible?

Guests:
Network Connection -> NAT

$ sudo ifconfig

Code:

eth0      Link encap:Ethernet  HWaddr 08:00:27:bb:00:a1  
          inet addr:10.0.2.15
....

Rgds
satimis

GunFighT · 05-24-2014, 11:16 AM

Yes, for this problem. You need to customize a firewall that does all the routing. But also don`t forget: you will also need to modify the /etc/sysctl.conf , at line:

Code:

net.ipv4.ip_forward = 0

with line:

Quote:

net.ipv4.ip_forward = 1

so that forward can be done!

After you modify the sysctl.conf you need to type the command:

Code:

[root@server ~]# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1

For this type of services you sould use a firewall with default policies like:

Code:

iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

You make the FORWARD for VMs you have (with the commands I posted above), and then you open the ports you want to be accesed from INPUT
That is how I would do.
You can also set the default policie for INPUT to ACCEPT, like FORWARD and OUTPUT.