No IP address displayed

satimis

@stephenw10:

Aha!
The host box is probably not using the vboxnet interface as it's default route. What does 'route' show?

$ sudo ifconfig```

eth0      Link encap:Ethernet  HWaddr 00:26:18:44:b6:1a 
          inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:126 errors:0 dropped:0 overruns:0 frame:0
          TX packets:127 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:12304 (12.0 KiB)  TX bytes:11683 (11.4 KiB)
          Interrupt:18

eth1      Link encap:Ethernet  HWaddr 90:f6:52:03:57:86 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:43 Base address:0x4000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2228 (2.1 KiB)  TX bytes:2228 (2.1 KiB)

vboxnet0  Link encap:Ethernet  HWaddr 0a:00:27:00:00:00 
          inet addr:192.168.2.3  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:22317 (21.7 KiB)

$ sudo route```

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.2.2     0.0.0.0         UG    0      0        0 vboxnet0
192.168.2.0     *               255.255.255.0   U     0      0        0 vboxnet0

$ sudo ip r```

default via 192.168.2.2 dev vboxnet0
192.168.2.0/24 dev vboxnet0  proto kernel  scope link  src 192.168.2.3

$ sudo systemctl start dhcpcd@vboxnet0.service```

Failed to get D-Bus connection: No connection to service manager.

Does it need a physical NIC ?

satimis

stephenw10

Ah, so the pfSense VM can ping 192.168.2.3 but the host cannot ping 192.168.2.2?

Did you add a firewall rule to the OPT1 interface in pfSense to allow that traffic?
Your screenshot earlier of rules on OPT1 shows only TCP traffic allowed and not ICMP (ping) or UDP (dns).

Steve

satimis

@stephenw10:

Ah, so the pfSense VM can ping 192.168.2.3 but the host cannot ping 192.168.2.2?

No.

$ sudo ifconfig```

eth0      Link encap:Ethernet  HWaddr 00:26:18:44:b6:1a 
          inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3671 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3500 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:3307162 (3.1 MiB)  TX bytes:758567 (740.7 KiB)
          Interrupt:18

eth1      Link encap:Ethernet  HWaddr 90:f6:52:03:57:86 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:43 Base address:0x6000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3240 (3.1 KiB)  TX bytes:3240 (3.1 KiB)

vboxnet0  Link encap:Ethernet  HWaddr 0a:00:27:00:00:00 
          inet addr:192.168.2.3  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:21625 (21.1 KiB)

$ ping 192.168.2.2```

PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=5 Destination Host Unreachable
^C
--- 192.168.2.2 ping statistics ---
8 packets transmitted, 0 received, +2 errors, 100% packet loss, time 6999ms

Did you add a firewall rule to the OPT1 interface in pfSense to allow that traffic?
Your screenshot earlier of rules on OPT1 shows only TCP traffic allowed and not ICMP (ping) or UDP (dns).

Changed it already TCP/UDP
(pls see photo attached)

Still same result;
$ ping 67.195.160.76```

PING 67.195.160.76 (67.195.160.76) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=2 Destination Host Unreachable
From 192.168.2.3 icmp_seq=3 Destination Host Unreachable
From 192.168.2.3 icmp_seq=4 Destination Host Unreachable
From 192.168.2.3 icmp_seq=5 Destination Host Unreachable
From 192.168.2.3 icmp_seq=6 Destination Host Unreachable
^C
--- 67.195.160.76 ping statistics ---
8 packets transmitted, 0 received, +6 errors, 100% packet loss, time 7038ms
pipe 3

satimis

![Screenshot_opt1_firewall.png](/public/_imported_attachments_/1/Screenshot_opt1_firewall.png)
![Screenshot_opt1_firewall.png_thumb](/public/_imported_attachments_/1/Screenshot_opt1_firewall.png_thumb)

stephenw10

Ping traffic is not TCP or UDP it's ICMP so unless you allow that too it will be blocked by the firewall.
Just change the protocol to 'all' for now to test the connection. You can always tighten up the rules later.

Steve

satimis

@stephenw10:

Ping traffic is not TCP or UDP it's ICMP so unless you allow that too it will be blocked by the firewall.
Just change the protocol to 'all' for now to test the connection. You can always tighten up the rules later.

Protocol - "all" is NOT available ONLY "any"
Change it to "any"

$ ping 192.168.2.2```

PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=2 Destination Host Unreachable
From 192.168.2.3 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.2.2 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3014ms
pipe 3

Still the same

satimis

stephenw10

Hmm. But you can still ping 192.168.2.3 from pfSense?

Sorry I meant 'any', yes.

Steve

satimis

@stephenw10:

Hmm. But you can still ping 192.168.2.3 from pfSense?

Yes, without problem.  Also VM can ping host on 192.168.2.3

satimis

stephenw10

Hmm, it looks like it has no route to the host. But you have shown that the routing table looks OK and the connection is presumably good because it responds to ping from other machines.  :-
Perhaps the host is running some software firewall?
The pings to the host on 192.168.2.3 could be reaching it via some other route, it has many interfaces.

Steve

satimis

@stephenw10:

• snip -
  Perhaps the host is running some software firewall?
• snip -

I haven't added any rule to iptables.  It is ONLY default installation.

I have tested;
HOWTO: Run pfSense nanobsd in VirtualBox
http://www.freebsdnews.net/2012/05/22/howto-run-pfsense-nanobsd-virtualbox/

Host-Only Network works but it needs a physical NIC

satimis

stephenw10

In that how-to robi does not use a physical NIC for the host-only adapter. The only difference I can see is that he simply sets the pfSense interface to use the existing 192.168.56.X subnet created by VBox. I can't really see why that would make any difference but you could try that anyway.

Steve