virtualbox guest cannot access the host's LAN with host-only adapter

hortageno · 10-29-2015, 06:50 AM

Hi all,

I'm trying to setup an Ubuntu guest on an Ubuntu host so that the guest can reach the host's network, but nothing else.

Code:

guest network:    192.168.56.0/24
guest ip eth0:    192.168.56.101
host network:     192.168.99.0/24
host ip p2p1:     192.168.99.4
host ip vboxnet0: 192.168.56.1

This is what i did so far which doesn't work:

On the guest i added a route for the host's network

Code:

#route add -net 192.168.99.0 gw 192.168.56.1 netmask 255.255.255.0 dev eth0
#route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.56.0    *               255.255.255.0   U     1      0        0 eth0
192.168.99.0    192.168.56.1    255.255.255.0   UG    0      0        0 eth0

This seems to work and I can ping the host's ip 192.168.99.4

Now I enabled ipforwarding on the host with

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

and it seems to be activated for all interfaces

Code:

cat /proc/sys/net/ipv4/conf/*/forwarding
1
1
1
1
1

but I cannot reach any other pc in the 192.168.99.0 network. There is no firewall set up.

Code:

iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Is there anything else I forgot to do?

suicidaleggroll · 10-29-2015, 10:03 AM

Could you clarify your ultimate goals here? You want the guest to be able to access everything on the host's LAN, but "nothing else"? What do you mean by "nothing else"? Is there another LAN the host can access that you don't want the guest to, or are you talking about the outside internet? Does it matter where the restriction is coming from? In other words, does the host need to restrict the guest's access to the network, or is it alright if the guest restricts itself?

hortageno · 10-29-2015, 11:34 AM

Quote:

Originally Posted by suicidaleggroll

Could you clarify your ultimate goals here? You want the guest to be able to access everything on the host's LAN, but "nothing else"? What do you mean by "nothing else"? Is there another LAN the host can access that you don't want the guest to, or are you talking about the outside internet? Does it matter where the restriction is coming from? In other words, does the host need to restrict the guest's access to the network, or is it alright if the guest restricts itself?

With "nothing else" I meant the outside Internet.

I think I know where you coming from. I guess I could use the bridged network adapter and define a default non-existing gateway or delete the default route altogether.

I just tried it out and it works. But what if I still need the VM to be in its own network and also to learn something. Why does the ipforwarding not work the way I did it?

Edit: I just found another way to do it. In the IPv4/Routes settings of the network manager there is a checkbox for "use this connection only for resources on its network". This deletes the default route.

suicidaleggroll · 10-29-2015, 11:59 AM

Quote:

Originally Posted by hortageno

With "nothing else" I meant the outside Internet.

I think I know where you coming from. I guess I could use the bridged network adapter and define a default non-existing gateway or delete the default route altogether.

I just tried it out and it works.

Yes that's exactly what I was working towards, good job getting it running and I'm glad it works.

Quote:

Originally Posted by hortageno

But what if I still need the VM to be in its own network and also to learn something. Why does the ipforwarding not work the way I did it?

All good questions, but I'm afraid I don't know enough about IP forwarding in Linux to answer it. Hopefully somebody else will come along who does.