Hi, I'm thought I'd just post a follow up on this with regard to what made it work, in case anyone in the future is searching on a similar issue.
I only got this going with some very good assistance and direction from Jim Cheetam - many thanks Jim for your time and help, it is much appreciated. First change was my 'host-only' virtualbox network from the ubuntu router machine to other virtual client machines - changed this network type to 'Internal' instead of 'host-only' in the virtualbox settings. Removed the ubuntu firewall (ufw) package as that seemed to interfere with the traffic and added lots of rules to iptables, went to just using iptables with one rule. Using network sniffers determined client packets got routed out to the internet and returned as far as the host side of the NAT network (10.0.2.2) that connects to the ubuntu router. At this point the virtualbox NAT did not know what machines were on the other side of the ubuntu router and so would issue arp requests trying to find the originating machine... which would fail. So we made the ubuntu router also do NAT to get around this. Commands to achieve this on the ubuntu router machine: apt-get remove ufw Edit "/etc/rc.local" to get the routing to happen after reboot. Added: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Best regards to all, Bryce Stenberg. Below is parts of previous posts to give the above some context: >> This virutalbox guest machine has two interfaces to act as a >router - one is NAT interface, other is Host-Only. >> >> >> The reason I'm trying to create this guest 'router' is >following suggestions from VirtualBox list, when it became >apparent I couldn't configure the NAT interface addresses as I >required in VirtualBox. Suggested workaround was to add in a >VM as a router. A bit of background for why I need this - our >imaged backups (windows) can be restored directly into >VirtualBox. I'm trying to simulate our real network and >machines to run some tests and trials without having to change >all the existing firewall rules on the Windows ISA 2004 server >that is loaded up as a guest also (== I don't want to go >changing ip addresses). So that is why the internal network >is showing up as 203.97.9.104/29 as that is our real internet >address range and needs hiding from the real world - this I >want it routed out through the host NAT interface (on the >other side of our ISA server will be another host-only network >simulating our internal network address range) >> >> Internet >> | >> Virtual box NAT - (gateway 10.0.2.2) >> | >> IP (10.0.2.15) >> 'router' server >> pseudo public IP (203.97.9.105 - host-only network) >> | >> pseudo public IP (203.97.9.108 - host-only network) >> ISA server >> private IP (gateway for 10.1.1 servers - host-only network2) >> | >> servers 10.1.1.x - host-only network2 >> >> >> (for current router testing I've dropped out the ISA server >and just added an ubuntu machine with ip 203.97.9.106 as part >of the host-only network, as in: >> >> Internet >> | >> Virtual box NAT - (gateway 10.0.2.2) >> | >> IP (10.0.2.15) >> 'router' server >> pseudo public IP (203.97.9.105 - host-only network) >> | >> pseudo public IP (203.97.9.106 - host-only network) >> Ubuntu client ) >> >> >>>> I just want all traffic passed from host-only network side of this >>>> virtual server to go out through its external interface (which is a >>>> NAT'd and handled by VirtualBox). >>> >> >>>> >From this ubuntu server I can ping external networks on the >>>internet and >>>> machines on the internal host-only network. >>>> But from a server on the host-only network I can't get a >>>response from >>>> pings to external networks. >>> >> >> So the 'router server' can ping internet and ping 'ubuntu >client', therefore I should be able to make routing work and >have 'ubuntu client' ping internet via router server. >> >> But I'm still not sure if I issued the right commands to get >this routing to work. >> ufw status shows: >> Status: active >> >> To Action From >> ---- --------- -------- >> Anywhere/udp ALLOW Anywhere/udp >> Anywhere/tcp ALLOW Anywhere/tcp >> >> And /proc/sys/net/ipv4/ip_forward shows value of 1. >> >> I must be missing something? >> >>what's the IP addresses and the output of route on the the >>two servers? >> >On internal host-only server: > >Destination Gateway Genmask Flags Metric Ref Use >Iface >203.97.9.104 * 255.255.255.248 U 1 0 >0 eth0 >link-local * 255.255.0.0 U 1000 >0 0 eth0 >default * 0.0.0.0 >UG 0 >0 0 eth0 > >On the 'router' server: > >Destination Gateway Genmask Flags Metric Ref Use >Iface >203.97.9.104 * 255.255.255.248 U 0 0 >0 eth1 >10.0.2.0 * 255.255.255.0 U >0 0 0 eth0 >default * 10.0.2.2 > UG >100 0 0 eth0 > > DISCLAIMER: If you have received this email in error, please notify us immediately by reply email, facsimile or collect telephone call to +64 3 9641200 and destroy the original. Please refer to full DISCLAIMER at http://www.hrnz.co.nz/eDisclaimer.htm _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
