Allowing network broadcasts to a VM guest

jimoe666 · May 22, 2012, 7:32pm

opensuse v12.1
linux 3.1.10-1.9-desktop x86_64
guest os/2 v4.5x
VM network: Bridged adapter.

(I posted this on the VirtualBox forum originally. Apparently no one knows.)

I have a database manager (Sybase SQLAnywhere) running in an OS/2 guest VM. I have not succeeded in making it visible to the outside world. The dbm is also running on a native OS/2 installation without any problem so I an guessing that the linux host is somehow preventing the expected operation.

I have opened port 1498 (sybase-sqlany) in the linux firewall. I have also allowed UDP/TCP broadcasts on port 1498. When a SQL client (in a VM!) is searching for a connection, it broadcasts on port 1498 IP 255.255.255.255, then 192.255.255.255 which elicits a response from the native OS/2 system. The dbm in the VM never responds. (I do not run both servers at the same time.)

What settings are required to allow a broadcast through to the VM?

robin_listas · May 22, 2012, 11:03pm

On 2012-05-22 19:36, jimoe666 wrote:
> (I posted this on the VirtualBox forum originally. Apparently no one
> knows.)

But you did not ask in the virtualization forum here.

> What settings are required to allow a broadcast through to the VM?

routing and firewall both on host and guest.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

jimoe666 · May 23, 2012, 12:17am

Corrected.

> What settings are required to allow a broadcast through to the VM?
routing and firewall both on host and guest.

The guest is not running a firewall.

I do not understand what you mean by “routing.”

robin_listas · May 23, 2012, 1:33am

On 2012-05-23 00:26, jimoe666 wrote:
> I do not understand what you mean by “routing.”

To move packets in a tcp/ip network between hosts that are not in the same
range you need to define routes. Basic networking knowledge

The virtualization software should define the appropriate routes. You see
them by issuing the command “route” in any host.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

jimoe666 · May 23, 2012, 7:13am

Ah. I thought you meant something more complicated.

All of the real and virtual hosts are on the same subnet, no special routing needed there. The VMs setup uses what VBox calls “bridge mode” which is, AIUI, basically straight through the real host, no NAT required.

Which brings me back to my question. Why are the broadcast packets not reaching the VM?

robin_listas · May 23, 2012, 2:33pm

On 2012-05-23 07:16, jimoe666 wrote:
>
> Ah. I thought you meant something more complicated.
>
> All of the real and virtual hosts are on the same subnet, no special
> routing needed there. The VMs setup uses what VBox calls “bridge mode”
> which is, AIUI, basically straight through the real host, no NAT
> required.

But the IP used can be in the same range or different.

> Which brings me back to my question. Why are the broadcast packets not
> reaching the VM?

Firewall.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

jimoe666 · May 23, 2012, 6:34pm

This does not tell me anything.

> Which brings me back to my question. Why are the broadcast packets not
> reaching the VM?

Firewall.

Which brings us back to my question, rephrased: What do I modify in the firewall settings to allow broadcasts through to the VM?

robin_listas · May 24, 2012, 12:33am

On 2012-05-23 18:36, jimoe666 wrote:

> Which brings us back to my question, rephrased: What do I modify in the
> firewall settings to allow broadcasts through to the VM?

Have a look at the variables:


grep -i broadcast /etc/sysconfig/SuSEfirewall2

One thing I did was list the virtual interfaces as internal.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

jimoe666 · May 24, 2012, 9:48pm

Here is the result of the grep:

FW_ALLOW_FW_BROADCAST_EXT="1498"
FW_ALLOW_FW_BROADCAST_INT=""
FW_ALLOW_FW_BROADCAST_DMZ=""
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"

FW_SERVICES_ACCEPT_RELATED_EXT="192.168.69.0/255.255.255.0,udp,1498
FW_SERVICES_ACCEPT_RELATED_DMZ=""
FW_SERVICES_ACCEPT_RELATED_INT=""

The first entry, FW_ALLOW_FW_BROADCAST_EXT, I added “1498” later to see if it would make any difference. It did not.

One thing I did was list the virtual interfaces as internal.

I do not understand what you mean here.

robin_listas · May 24, 2012, 10:48pm

On 2012-05-24 21:56, jimoe666 wrote:
>
> robin_listas;2464712 Wrote:
>> Have a look at the variables:
>>
>>>
> Code:
> --------------------
> > >
> > grep -i broadcast /etc/sysconfig/SuSEfirewall2
> >
> --------------------
>>>
> Here is the result of the grep:
>
> Code:
> --------------------
> FW_ALLOW_FW_BROADCAST_EXT=“1498”
> FW_ALLOW_FW_BROADCAST_INT=""
> FW_ALLOW_FW_BROADCAST_DMZ=""
> FW_IGNORE_FW_BROADCAST_EXT=“yes”
> FW_IGNORE_FW_BROADCAST_INT=“no”
> FW_IGNORE_FW_BROADCAST_DMZ=“no”
>
> FW_SERVICES_ACCEPT_RELATED_EXT=“192.168.69.0/255.255.255.0,udp,1498
> FW_SERVICES_ACCEPT_RELATED_DMZ=”"
> FW_SERVICES_ACCEPT_RELATED_INT=""
>
> --------------------
>
> The first entry, FW_ALLOW_FW_BROADCAST_EXT, I added “1498” later to see
> if it would make any difference. It did not.

Perhaps:


# Note that if you allow specifc ports here it just means that broadcast
# packets for that port are not dropped. You still need to set
# FW_SERVICES_*_UDP to actually allow regular unicast packets to
# reach the applications.

One thing I did was list the virtual interfaces as internal.
I do not understand what you mean here.

vmware host:


FW_DEV_INT='vmnet8 vmnet1'

You also have to configure the firewall to write to the log all rejections,
so that you can see them.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)