VirtualBox3 iptables routing problem?

mYsL_oVi · #1 (**permalink**) 09-Jul-2009, 15:11

Hi leute,

i have the following setup and/or problem:

Virtualization Software: VirtualBox 3
Host: SuSE 11.1 x64
Guest: Vista x64

On the Hostsystem is running Plesk 9.2.1
The suseFirewall is inactive (Plesk did have an own firewall).

ifconfig HOST:

Code:

eth0      Link encap:Ethernet  Hardware Adresse 00:xx:xx:xx:xx:xx
          inet Adresse:xxx.xxx.xxx.138  Bcast:xxx.xxx.xxx.xxx  Maske:255.255.255.192
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:663545 errors:0 dropped:0 overruns:0 frame:0
          TX packets:450371 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:815249568 (777.4 Mb)  TX bytes:141576557 (135.0 Mb)
          Interrupt:249 Basisadresse:0xc000

eth0:zusa Link encap:Ethernet  Hardware Adresse 00:xx:xx:xx:xx:xx 
          inet Adresse:xxx.xxx.xxx.183  Bcast:xxx.xxx.xxx.xxx  Maske:255.255.255.192
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          Interrupt:249 Basisadresse:0xc000

lo        Link encap:Lokale Schleife 
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:211497 errors:0 dropped:0 overruns:0 frame:0
          TX packets:211497 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:0
          RX bytes:33791042 (32.2 Mb)  TX bytes:33791042 (32.2 Mb)

pan0      Link encap:Ethernet  Hardware Adresse DE:F9:9B:80:D1:2B 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vboxnet0  Link encap:Ethernet  Hardware Adresse 0A:00:27:00:00:00 
          inet Adresse:192.168.0.1  Bcast:192.168.0.255  Maske:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:864 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:0 (0.0 b)  TX bytes:156552 (152.8 Kb)

ipconfig GUEST:

Code:

Windows-IP-Konfiguration

Ethernet-Adapter LAN-Verbindung:

   Verbindungsspezifisches DNS-Suffix:
   Verbindungslokale IPv6-Adresse  . : fe80::5c52:a857:620c:d6f%10
   IPv4-Adresse  . . . . . . . . . . : 192.168.0.101
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . :192.168.0.1

Tunneladapter LAN-Verbindung*:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:

Tunneladapter LAN-Verbindung* 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:

etc/hosts HOST:

Code:

# nameserver config
# IPv4

127.0.0.1       localhost
xxx.xxx.xxx.138   bla bla.foo

#
# IPv6

::1             ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
ff02::3         ip6-allhosts
127.0.0.2       bla.foo bla

iptables HOST:

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pcsync-https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:cddbp-alt
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:poppassd
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:postgresql
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9008
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:glrpc
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds
ACCEPT     udp  --  anywhere             anywhere            udp dpt:openvpn
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     icmp --  anywhere             anywhere            icmp type 8 code 0
ACCEPT     all  --  anywhere             anywhere           

Chain FORWARD (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             192.168.0.101       tcp dpt:menandmice-dns
DROP       all  --  anywhere             anywhere           

Chain OUTPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere

the Guestadapter is configured as Host-Only network with following setup:
Host: 192.168.0.1
Gast: 192.168.0.101

i need the following rules:

The Host only may use IP: xxx.xxx.xxx.138
The Guest only may use IP: xxx.xxx.xxx.183
The Guest must can use the own firewall and it must be transparent networking.

A Bridged Setup is impossible, because i don't become a DHCP permission of the virtual adapter MAC in the datacenter and must be routed completely over the Hostadapter.

Could you say my what i must make to get it work?

thanks for help ahead.

Regards,
oVI

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode