I have two real machines.
One is responsible for NAT and IP redirect called NC2 and another is responsible for eucalyptus KVM established 3 virtual machine.
No doubt, the OS of machine which is responsible for eucalyptus is Linux.
The guest OS of virtual machines are Windows XP.
Each virtual machine is a web server which runs Tomcat
NC2 gives an private IP 192.168.0.3 to Linux server.
Linux server gives 3 IPs which are private class B to virtual machines.
For example, one of guest OS gained IP 172.16.1.5
Now I use NC2 to redirect a physical IP x.x.x.x to 172.16.1.5
Here is my problem:
I can use other PC ,outer IP, connect to the website which is established on 172.16.1.5 with IP x.x.x.x, but I can't use machine with IP 172.16.1.5 to connect to it's own website.
I turned off the firewall on 172.16.1.5, and it's able to connect to internet such as yahoo or amazon. But it just can't use x.x.x.x to connect to it's own website.
I tested other guest OS which are gained 172.16.x.x also not able to connect to x.x.x.x.
How can I do to make guest OS connect it's redirected physical address?
It look likes this is caused by a NAT issue called 'hairpin'. Here is the explanation:
Let machine A on a LAN have a private IP address 192.168.0.10.
Let NAT N translate A's private IP to public 77.33.45.67 for the WAN.
Some 'early/old' NATs take for granted that the translated address in only going to be used from the WAN. Therefore, they don't forward packets on the LAN having ip address = 77.33.45.67 and only let in and forward those with this ip address when they come from the WAN.
This problem is solved in more recent NATs which detect these situations and forward packets properly. This problem is sometime encountered in P2P systems.
If you are lucky, your NAT be may be reconfigured to enable usage of translated address on the LAN. If not, then you need a new NAT.
Related
I need to access company's internal network without using their OPENVPN server directly (My ISP blocks it). So I used an instance with a public IP, where my company is located, and have configured a OPENVPN client then used it to connect to the company's OPENVPN server.
(public IP instance) ===OPENVPN===> (Company)
Now, I need to achieve a further thing, which is working from my local machine by using VPN over SSH tunnel using sshuttle, such that the topology becomes:
(local) ===SSHUTTLE===> (public IP instance) ===OPENVPN===> (Company)
Note that public IP instance has two network adapters; eth0 (it has public IP) and tun0 (which belongs to OPENVPN)
I installed sshuttle, and tested the next command:
sshuttle --dns -r <user>#<public IP instance address> 0.0.0.0/0
It says connected after then but I still cant access anything. I tested dig and it returned results showing addresses of company's internal services. However, I still can't ping them. I tested using traceroute and it stops at some point after displaying some hops.
One important point is that I can't ping the tun0 address (on public ip instance) from my local machine.
I suspect that I need to add some routes on the intermediate public IP instance, but I am not sure.
I would appreciate any help
Thanks in advance
your setup is right but your assumptions are wrong.
Initially, check that your vpn is working fine on the jump box , if linux just check
route -n
Wrong assumptions:
sshuttle will route your dig commands , sshutle only route TCP and DNS queries are UDP
using --dns in your sshuttle meanless as you wont gain dns of vpn but of the jump box and that wont work
you should add the DNS of local vpn in your /etc/resolv.conf with target domain for local discovery
like : < call tech support to provide you with right DNS , you can find it in vpn log on jump box
search companydomain.internal
nameserver 10.x.y.z
its better to split the traffic and only target your company CIDR over sshuttle , most of them use parts of 10.0.0.0/8 instead of all traffic 0.0.0.0/0
important note: that may be your company block egress traffic to the internet over VPN access
before I was accessing to my xampp server from my dynamic ip. Now I installed latest version of xampp under c:\xampp3
i have no antivirus windows firewall disabled still I can not access.
Forwarding is done correctly.
My local ip is: 192.168.0.13
In router interface displayed WAN IP:
100.98.20....
but when I check it from browser that is:
94.54.225....
if I type 100.98.20.... which is displayed in router's interface it is okay from local computer but if I type it in different net not responding.
When I type 94.54.225.... not responding from anywhere.
Whats wrong here ?
My ISP gives ips many times to each other and that is why I can not access from public ? Should I buy a static ip ?
It depends on your ISP.
Your "WAN" IP is 100.98.20.... it's IPv4 ISP: Carrier-Grade NAT RFC6598
By the wiki https://en.wikipedia.org/wiki/Carrier-grade_NAT
Disadvantages
* It makes it impossible to host services
Read the wiki for more details and/or contact with your ISP for public IP address.
I want to be able to SSH into a VM Guest of Virtualbox where the guests are sharing a NAT Network.
LocalNat Portforwarding (See https://www.pythian.com/blog/test-lab-using-virtualbox-nat-networking/ Set Up Portforwarding) is inconvenient vs. having an IP address on the NAT for the host.
Port forwarding requires me to keep specifying the port, e.g. in scp -P 2222 from-file localhost: and it messes with SSH keys as localhost now has two host identities, my laptop and the VM's ssh-rsa key.
Rather than port-forward, is there not a way of just adding another IP for my Virtualbox host?
Thanks, Martin.
You can set up a host-only network in addition to the NAT network. A host-only network is a local network which can connect to both the host and to individual VMs. The host and the VMs can communicate with each other through it.
Using the virtualbox GUI, go to Virtualbox manager > File > Preferences > Network and set up a host-only network. Enable the DHCP server. You could use these settings:
host adapter address is 192.168.56.1
DHCP server address is 192.168.56.100
Both masks are 255.255.255.0
The server address range is 192.168.56.101-192.168.56.254
This gives you the addresses from ...56.2 through ...56.99 to use as static addresses. You can manually assign them to VM interfaces if you like.
After setting up this network, you should see a virtual interface on your host system with the correct IP address (the one assigned to the adapter).
Now, go to network settings for the VM. Add a new network adapter. Set "attached to" to the "host-only adapter", and the name to the host-only network that you set up earlier.
Start the VM. It should see the host-only adapter in addition to whatever adapters it was using before. If it's a modern operating system, it'll probably query the DHCP server and set up the interface on its own. Alternately, from inside the VM OS, you could manually assign static addresses to these interfaces.
You can assign a host-only adapter to a VM in addition to its existing NAT adapter. In the past I've had a windows VM and an Ubuntu Linux VM set up this way. Both VMs and the host had no trouble communicating with each other as well as the Internet.
I have hosted a VM (Red Hat Linux) named test-vm on my Desktop machine (Windows) with a static IP address but I don't have any DNS entry for this static IP address.
Without having an entry in the client's host file, to my wonder the ping test-vm responds. How is this possible? How test-vm is resolved at other machines on our LAN Network without having a DNS entry for test-vm?
Regards,
Adil Khalil
I guess you are using vmware client in your windows desktop. In this case, the hostname is associated to your vmware virtual DNS. With a ping of broadcast in your network, your vmware virtual DNS is forwarding the ping to your VM Client.
I have installed Ubuntu on Windows 8 using Hyper V. Having also installed Apache 2 I had the notion that I was going to use this as a web dev environment. I set up an external switch so that my ubuntu installation could access the internet. So far everything was progressing swimmingly. The problem I am encountering is that I have no idea how to access the web server from my machine. I can get the IP address that ubuntu picks up and type that into my browser whereupon I am informed "It works!". That's all good but I move around among several networks and I should not have to look up the IP address every time, and that can't facilitate having multiple sites installed. I just want to be able to enter something like
"http://mytestserver/"
into my browser to access it.
Any pointers on how to set this up properly would be much appreciated.
I have always had the most success with Bridged networking in VM Guests and would definitley recommend you go with that option. What you then could do and what I have done is to assign a static IP for the server and assign the hostname as below. You will have to know what IP addressing is available or you can use 192.168.1.x if your inside your network.
The easiest way would be to assign a static IP in /etc/network/interfaces replacing the 0.0.0.0 with the correct entries for your network
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 0.0.0.0.0
netmask 0.0.0.0.0
gateway 0.0.0.0.0
broadcast 0.0.0.0.0
dns-nameservers 0.0.0.0.0 0.0.0.0.0
and then edit your /etc/hosts file and add that static IP and add the Hostname mytestserver. You will already have the localhost entry and possibly others. Just make sure you assign the Static IP address you assigned in interfaces to mytestserver. You may also have to make this same entry in your machines hosts file simply because it will not have a DNS record.
127.0.0.1 localhost
0.0.0.0 mytestserver