ip_forward not working on virtualbox server and client

nasirjavaid · 01-07-2016, 06:58 AM

Hi experts,

I am having a strange issue with ip_forwarding on centos 6.4. here is what I am doing.

on centos 6.4 virtual I have 2 NIC... eth0 on nat and connected to internet. eth1 is 192.168.0.254 and is set as host only.
on xp virtual I have 1 NIC having 192.168.0.10 and gateway set to 192.168.0.254 while DNS set to 8.8.8.8 and 8.8.4.4

now both systems can ping each other fine and server can ping internet fine.

then I set ip_forward to 1 in /etc/sysctl.conf and did sysctl -p to make it effective.

then I tried both with iptables disabled totally and then setting

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

on xp internet explorer when I try to open any site, I see "waiting for .........." at the status bar but then it can't connect

I have also changed selinux to permissive. and tcpdump shows packets from xp going to internet but it somehow don't seem to work........

I can imagine it might be a small issue but its making me crazy now since I am unable to make it work since 2 days

here is the output of tcpdump -vvv -i eth0

[root@myserver ~]# tcpdump -vvv -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

16:39:38.415525 IP (tos 0x0, ttl 127, id 44024, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-a.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:38.422949 IP (tos 0x0, ttl 64, id 1865, offset 0, flags [DF], proto UDP (17), length 66)
10.0.2.15.38936 > WiMaxCPE.domain: [bad udp cksum 665!] 12641+ PTR? 8.8.8.8.in-addr.arpa. (38)
16:39:38.482845 IP (tos 0x0, ttl 64, id 16971, offset 0, flags [none], proto UDP (17), length 222)
WiMaxCPE.domain > 10.0.2.15.38936: [udp sum ok] 12641 q: PTR? 8.8.8.8.in-addr.arpa. 1/6/0 8.8.8.8.in-addr.arpa. [4h38m44s] PTR google-public-dns-a.google.com. ns: in-addr.arpa. [49m18s] NS f.in-addr-servers.arpa., in-addr.arpa. [49m18s] NS a.in-addr-servers.arpa., in-addr.arpa. [49m18s] NS b.in-addr-servers.arpa., in-addr.arpa. [49m18s] NS c.in-addr-servers.arpa., in-addr.arpa. [49m18s] NS d.in-addr-servers.arpa., in-addr.arpa. [49m18s] NS e.in-addr-servers.arpa. (194)
16:39:38.486147 IP (tos 0x0, ttl 64, id 1928, offset 0, flags [DF], proto UDP (17), length 68)
10.0.2.15.50295 > WiMaxCPE.domain: [bad udp cksum df28!] 31645+ PTR? 15.2.0.10.in-addr.arpa. (40)
16:39:38.489434 IP (tos 0x0, ttl 64, id 16972, offset 0, flags [none], proto UDP (17), length 68)
WiMaxCPE.domain > 10.0.2.15.50295: [udp sum ok] 31645 NXDomain* q: PTR? 15.2.0.10.in-addr.arpa. 0/0/0 (40)
16:39:38.492986 IP (tos 0x0, ttl 64, id 1935, offset 0, flags [DF], proto UDP (17), length 71)
10.0.2.15.38441 > WiMaxCPE.domain: [bad udp cksum 289f!] 49247+ PTR? 1.15.168.192.in-addr.arpa. (43)
16:39:38.495949 IP (tos 0x0, ttl 64, id 16973, offset 0, flags [none], proto UDP (17), length 93)
WiMaxCPE.domain > 10.0.2.15.38441: [udp sum ok] 49247* q: PTR? 1.15.168.192.in-addr.arpa. 1/0/0 1.15.168.192.in-addr.arpa. [0s] PTR WiMaxCPE. (65)
16:39:39.414136 IP (tos 0x0, ttl 127, id 44029, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-b.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:39.415323 IP (tos 0x0, ttl 64, id 2857, offset 0, flags [DF], proto UDP (17), length 66)
10.0.2.15.38093 > WiMaxCPE.domain: [bad udp cksum f334!] 25799+ PTR? 4.4.8.8.in-addr.arpa. (38)
16:39:39.854644 IP (tos 0x0, ttl 64, id 16974, offset 0, flags [none], proto UDP (17), length 110)
WiMaxCPE.domain > 10.0.2.15.38093: [udp sum ok] 25799 q: PTR? 4.4.8.8.in-addr.arpa. 1/0/0 4.4.8.8.in-addr.arpa. [1d] PTR google-public-dns-b.google.com. (82)
16:39:40.413730 IP (tos 0x0, ttl 127, id 44034, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-a.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:42.416580 IP (tos 0x0, ttl 127, id 44043, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-a.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:42.416803 IP (tos 0x0, ttl 127, id 44044, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-b.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:43.415288 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.2 tell 10.0.2.15, length 28
16:39:43.415646 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.2.2 is-at 52:54:00:12:35:02 (oui Unknown), length 46
16:39:43.416620 IP (tos 0x0, ttl 64, id 6859, offset 0, flags [DF], proto UDP (17), length 67)
10.0.2.15.56570 > WiMaxCPE.domain: [bad udp cksum b9ed!] 64027+ PTR? 2.2.0.10.in-addr.arpa. (39)
16:39:43.420301 IP (tos 0x0, ttl 64, id 16975, offset 0, flags [none], proto UDP (17), length 67)
WiMaxCPE.domain > 10.0.2.15.56570: [udp sum ok] 64027 NXDomain* q: PTR? 2.2.0.10.in-addr.arpa. 0/0/0 (39)
16:39:46.439571 IP (tos 0x0, ttl 127, id 44059, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-a.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:46.440133 IP (tos 0x0, ttl 127, id 44060, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.53483 > google-public-dns-b.google.com.domain: [udp sum ok] 14226+ A? www.gmail.com. (31)
16:39:55.741198 IP (tos 0x0, ttl 127, id 44116, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-a.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:39:56.737947 IP (tos 0x0, ttl 127, id 44121, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-b.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:39:57.741730 IP (tos 0x0, ttl 127, id 44126, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-a.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:39:59.742024 IP (tos 0x0, ttl 127, id 44135, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-a.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:39:59.742274 IP (tos 0x0, ttl 127, id 44136, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-b.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:40:03.748258 IP (tos 0x0, ttl 127, id 44153, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-a.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:40:03.748845 IP (tos 0x0, ttl 127, id 44154, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.64245 > google-public-dns-b.google.com.domain: [udp sum ok] 22223+ A? www.gmail.com. (31)
16:40:13.012143 IP (tos 0x0, ttl 127, id 44198, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-a.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:14.034206 IP (tos 0x0, ttl 127, id 44203, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-b.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:15.035108 IP (tos 0x0, ttl 127, id 44204, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-a.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:15.179466 IP (tos 0x0, ttl 127, id 44205, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-a.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
16:40:16.176905 IP (tos 0x0, ttl 127, id 44206, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-b.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
16:40:17.038636 IP (tos 0x0, ttl 127, id 44207, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-a.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:17.039094 IP (tos 0x0, ttl 127, id 44208, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-b.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:17.178017 IP (tos 0x0, ttl 127, id 44209, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-a.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
16:40:18.011913 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.2 tell 10.0.2.15, length 28
16:40:18.013006 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.2.2 is-at 52:54:00:12:35:02 (oui Unknown), length 46
16:40:19.180949 IP (tos 0x0, ttl 127, id 44210, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-a.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
16:40:19.181388 IP (tos 0x0, ttl 127, id 44211, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-b.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
16:40:21.042925 IP (tos 0x0, ttl 127, id 44212, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-a.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:21.043481 IP (tos 0x0, ttl 127, id 44213, offset 0, flags [none], proto UDP (17), length 59)
10.0.2.15.55850 > google-public-dns-b.google.com.domain: [udp sum ok] 48632+ A? www.gmail.com. (31)
16:40:23.187266 IP (tos 0x0, ttl 127, id 44214, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-a.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
16:40:23.187687 IP (tos 0x0, ttl 127, id 44215, offset 0, flags [none], proto UDP (17), length 65)
10.0.2.15.64246 > google-public-dns-b.google.com.domain: [udp sum ok] 47109+ A? support.mozilla.org. (37)
^C
42 packets captured
42 packets received by filter
0 packets dropped by kernel

nasirjavaid · 01-08-2016, 02:32 AM

No one to answer?

UPDATE: Its seems packets are travelling fine in both directions as can see from

[root@myserver ~]# ip route get to 119.xxx.xxx.xx from 192.168.0.10 iif eth1
119.xxx.xxx.xx from 192.168.0.10 via 10.0.2.2 dev eth0 src 192.168.0.254
cache <src-direct> mtu 1500 advmss 1460 hoplimit 64 iif eth1

[root@myserver ~]# ip route get to 192.168.0.10 from 119.xxx.xxx.xx iif eth0
192.168.0.10 from 119.xxx.xxx.xx dev eth1 src 10.0.2.15
cache mtu 1500 advmss 1460 hoplimit 64 iif eth0

Also from XP client I can ping 119.xxx.xxx.xx and any other public ip including 8.8.8.8 but not domain (for example can't ping google.com but can ping its ip) ... So it seems dns issue but how to resolve it? on server its working fine.

Any help will be highly appreciated.

Thanks!