Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I have a problem with my server & virtual server setup. I have one linux server with 2 IPs from my provider, the provider does not alllow different MAC ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2010
    Posts
    4

    NAT loopback with virtualbox not working


    Hi,

    I have a problem with my server & virtual server setup.

    I have one linux server with 2 IPs from my provider, the provider does not alllow different MAC addresses on the switch, so I have to use NAT.

    On my server there's virtualbox running with am Ubuntu virtual machine inside.
    This machine is connected via a host-only network to the host.

    So the host looks like this:

    eth0 inet addr:81.169.xxx.xxx
    eth0:1 inet addr:85.214.xxx.xxx
    vboxnet0 inet addr:192.168.56.1

    On the virtual client like this:

    eth0 inet addr:192.168.56.101


    On my host I have the following iptables setup:


    Code:
    EXTIF="eth0" #External
    INTIP="192.168.56.101" #Internal VM 
    EXTIP2="85.214.xxx.xxx" # External IP 2
    
    iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
    
    iptables -t nat -A PREROUTING -d $EXTIP2 -j DNAT --to $INTIP
    iptables -t nat -A OUTPUT -d $EXTIP2 -j DNAT --to $INTIP
    This is working okay, the VM client can reach the internet and I can reach the services via the second IP of the host.
    One thing isn't working though: The client cannot reach itsself via the internet IP
    This is quite annoying, because some services try to lookup themselves through the internet IP and of course fail.

    What can I do to make this work?
    I've read in many tutorials that for this "nat loopback" you need to modify the source address to the external interface, so I tried this:

    iptables -t nat -A POSTROUTING -s $INTIP -d $INTIP -j SNAT --to $EXTIP2

    but this is not working either

    Any help would be greatly appreciated!

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    I believe the problem lies in the fact that you're using a "HOST ONLY" connection, instead of doing NAT. The "host-only adapter" is probably unseen as a network interface by iptables and the kernel, and thus packets won't be routed.

  3. #3
    Just Joined!
    Join Date
    Dec 2010
    Posts
    4
    But the routing is working fine, just the loopback is not

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    I'm quite unsure what a "nat loopback" should be. I believe you want to access your virtual host by applying net address translation to incoming packets on your host computer to your virtual host (and back). This said, your hosting computer behaves like a router with NATed connections: it translates request from the outside (internet) to a host within its immediate subnet.

    Since "nat loopback" is not a term that makes sense to me (unless you are trying to apply NAT to a loopback device - which does not make sense at all), please correct me if I'm wrong and point me to your resources?
    Last edited by Kloschüssel; 12-23-2011 at 11:25 AM. Reason: typo

  6. #5
    Just Joined!
    Join Date
    Dec 2010
    Posts
    4
    It can also be called "nat reflection".
    It is like I said this: You can reach your NATed host from itsself via the NATed IP.

  7. #6
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    I was afraid you want to do this. My advice is short and simple:

    Work around the problem by accessing the host/s by hostnames (domain names) and make the dns more intelligent. I.e.:

    If the virtual should be accessible from the public through "virtual.host.com", the dns resolution from outside should yield the public IP, the dns resolution from the virtual host yields something like 127.0.0.1 and finally the dns resolution from "neighboured" virtual hosts should yield an IP that enables the most direct connection.

    I have already wrapped my head around that problem in the past for more than two times and couldn't get it to work because the firewall configuration is far away from being trivial. If you're able to do it, share your wisdom with the world!
    Last edited by Kloschüssel; 12-28-2011 at 07:19 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •