Networking 101 - or not?

chemlud · October 23, 2024, 05:28:33 PM

Hy again!

Have here a problem that started after updating Virtualbox to 7.1.4 on a host in one of my networks on an OPNsense (24.7.6, bare metal), topology give in graph below post.

The VBox HOST (10.0.0.29) is an opensuse Tumbleweed (kernel 6.11.3.2-default).

Problem: No GUEST whatsowever (Win7, Win10, Opensuse Leap 15.6...) on the VBox with NAT has functional network in the setup shown in the graph. The GUEST always gets an IP of 10.0.2.15, the HOST has 10.0.2.2.

There is no functional DNS (set to 10.0.2.3 in the GUEST via DHCP) in the GUEST, there is no ping to 10.0.2.1 or 10.0.2.2, although I'm unsure the HOST has 10.0.2.1 or 10.0.2.2 from this here:

https://www.nakivo.com/blog/virtualbox-network-setting-guide/

Hint: There is a 10.0.2.0/27 on the OPNsense. But normally that should not matter, as there is NAT in between, or?

However the VBox HOST has access via firewall rules on the OPNsense to some machines in the native 10.0.2.0/27 network.

What resolves the problem:

- On another HOST in another OPNsense install that has NO 10.0.2.0/x network, the GUESTS on VBox have functional networking.

- Setting Network on the VBOX configuration to "NAT network" (instead of "NAT") hands out IPs in a different IP range and the networking works just fine for VBox GUESTs.

What I don't understand is, why is there a problem at all with networking in the GUESTs. Is it because the HOST (10.0.0.29) knows the VBox network (10.0.2.0/x) AND the native 10.0.2.0/27 on the OPNsense? And therefore doesn't know where to route the traffic to (or always routes it to the OPNsense)?

I have tried to change the IP range for the VBox NAT, but to no avail.

Along the line:

Code Select

VBoxManage modifyvm leap153_25042021 \
--natnet1 "10.121.34.0/28"

But that results in nonfunctional networking.

chemlud · October 23, 2024, 05:47:06 PM

Did some Wireshark on the only network interface (10.0.0.29) of the HOST and there is absolutely no traffic when doing "ping google.com" on the HOST or trying to do "zypper up".

Hmmm....

Patrick M. Hausen · October 23, 2024, 05:58:06 PM

With overlapping networks on both sides of the VirtualBox host routing cannot work. Even with NAT in place the hosts needs to know on which single interface that net 10 is supposed to be.

Change the VM network to 192.168.x or similar.

chemlud · October 23, 2024, 06:10:50 PM

Can't change the IP range for NAT in VBox, didn't work, see above. No idea what the problem is.

I have an install with an older VBox 7.0.20, which hands out 10.254.0.0/xx adresses to HOSTs with "NAT" configured. I don't think I changed the default some years ago when setting up VBox. Has the IP range for "NAT" in VBox changed with 7.1? Cause this install with the problem now worked flawlessly for some years.

I don't want to use "NAT network" mode in VBox, as the GUESTs have access to the loopback device of the HOST in this config.

Questions, questions, questions...

Patrick M. Hausen · October 23, 2024, 06:19:49 PM

Then create a bridged network interface instead.

About your concern: in VirtualBox the host and the guest cannot communicate over the NAT network. You must create a dedicated host-only network if you need a virtual connection from host to guest or vice versa. That's a feature (depending on how you view it) of VirtualBox. In VMware Workstation or Fusion host and guest can communicate of the NAT adapter.

That's why the guest cannot ping the default gateway or the name server it gets via DHCP.

chemlud · October 23, 2024, 06:49:02 PM

Here

https://www.virtualbox.org/manual/ch06.html

I read in Section 6.3 (NAT):

Quote... If you need to change the guest-assigned IP range, see Section 9.8, "Fine Tuning the Oracle VM VirtualBox NAT Engine".

but under the link I read:

https://www.virtualbox.org/manual/ch09.html#changenat

QuoteIf the NAT network needs to be changed, use the following command:

$ VBoxManage modifyvm VM-name \
--natnet1 "192.168/16"

but for me

Code Select

VBoxManage modifyvm leap153_25042021 \
--natnet1 "10.121.34/28"

the GUEST doesn't boot at all and with

Code Select

VBoxManage modifyvm leap153_25042021 \
--natnet1 "10.121.34.0/28"

there is non-functional networking in the GUEST, i.e. IP is 10.0.2.15, which makes no sense at all.

I can't have 192.168/16, there's always a 192.168.0.0/x and/or 192.168.1.0/y around the next corner...

What I'm looking for is a solution to set the "NAT" range for VBox to something different from the default of 10.0.2.0/x, but apparently there is no solution for this in the whole wide world.

chemlud · October 24, 2024, 03:45:02 PM

This

Code Select

VBoxManage modifyvm leap153_25042021 \
--natnet1 "192.168/16"

from here

https://www.virtualbox.org/manual/ch09.html#changenat

simply doesn't do anything, the VBox NAT always hands out 10.0.2.15 to the GUEST. No matter which network segment I wish...

PAIN!

Networking 101 - or not?

chemlud

October 23, 2024, 05:28:33 PM Last Edit: October 23, 2024, 08:25:22 PM by chemlud

chemlud

October 23, 2024, 05:47:06 PM #1

Patrick M. Hausen

October 23, 2024, 05:58:06 PM #2

chemlud

October 23, 2024, 06:10:50 PM #3

Patrick M. Hausen

October 23, 2024, 06:19:49 PM #4

chemlud

October 23, 2024, 06:49:02 PM #5 Last Edit: October 23, 2024, 06:53:03 PM by chemlud

chemlud

October 24, 2024, 03:45:02 PM #6