No IP address displayed
-
What I meant was to configure VBox not to run a DHCP server on the host-only adapter. You need to keep a static IP on the pfSense OPT1 interface. You could use static IPs in the host also since there are only going to be two machines in that subnet.
Steve
-
What I meant was to configure VBox not to run a DHCP server on the host-only adapter. You need to keep a static IP on the pfSense OPT1 interface. You could use static IPs in the host also since there are only going to be two machines in that subnet.
Performed another test:
pfSense
Adapter 1
Bridge
eth0Adapter 2
Internal Network
intnetAdapter 3
Host-Only Network
vboxnetWAN (wan) -> pppoe2 -> v4/PPPoE: XXX.XXX.XXX.XXX
LAN (lan -> em1 -> v4: 192.168.1.1/24
OPT1 (opt1) -> em2 ->: v4: 192.168.2.2/29
(Why pppoe2? NOT pppoe1?)OPT1
IPv4 Configuration Type Static IPv4
IPv6 Configuration Type None
IPv4 address 192.168.2.2VM Ubuntu can connect Internet
Adapter 1
Internal Network
intnetHost can't connect Internet
$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:158 errors:0 dropped:0 overruns:0 frame:0
TX packets:349 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
RX bytes:10631 (10.3 KiB) TX bytes:23660 (23.1 KiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x6000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 B) TX bytes:480 (480.0 B)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:9952 (9.7 KiB)$ ping 192.168.56.1``` PING 192.168.56.1 (192.168.56.1) 56(84) bytes of data. 64 bytes from 192.168.56.1: icmp_req=1 ttl=64 time=0.022 ms 64 bytes from 192.168.56.1: icmp_req=2 ttl=64 time=0.022 ms 64 bytes from 192.168.56.1: icmp_req=3 ttl=64 time=0.022 ms 64 bytes from 192.168.56.1: icmp_req=4 ttl=64 time=0.021 ms 64 bytes from 192.168.56.1: icmp_req=5 ttl=64 time=0.022 ms ^C --- 192.168.56.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3999ms rtt min/avg/max/mdev = 0.021/0.021/0.022/0.005 ms$ cat /etc/network/interfaces```
auto lo
iface lo inet loopbackauto eth0
iface eth0 inet manualauto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-providerauto vboxnet0
iface vboxnet0 inet dhcpOPT1 (opt1) -> em2 ->: v4: 192.168.2.2/29
Do I need another physical NIC to satisfy em2? If it is then I need another physical NIC for connecting PC2? satimis -
The vboxnet adapter is still showing a 192.168.56.X address which means that VBox is still running a dhcp server somehow. You could try just setting that as static in PC1 and put it in the same subnet as the OPT1 interface, 192.168.2.3 for example.
You will need another physical interface to connect to PC2.
The OPT1 interface does not need to be physical. It appears as em2 in pfSense because the VBox adapter replicates an Intel Gigabit card.
Steve
-
The vboxnet adapter is still showing a 192.168.56.X address which means that VBox is still running a dhcp server somehow. You could try just setting that as static in PC1 and put it in the same subnet as the OPT1 interface, 192.168.2.3 for example.
You will need another physical interface to connect to PC2.
The OPT1 interface does not need to be physical. It appears as em2 in pfSense because the VBox adapter replicates an Intel Gigabit card.
Host
$ cat /etc/network/interfaces```
The loopback network interface
auto lo
iface lo inet loopbackauto eth0
iface eth0 inet manualauto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-providerauto vboxnet0
iface vboxnet0 inet static
address 192.168.2.3
netmask 255.255.255.0
gateway 192.168.2.2$ sudo /etc/init.d/networking restart``` [....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning). [....] Reconfiguring network interfaces...Plugin rp-pppoe.so loaded. done.$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7199 errors:0 dropped:0 overruns:0 frame:0
TX packets:6103 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:7467076 (7.1 MiB) TX bytes:1101048 (1.0 MiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x6000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2025 (1.9 KiB) TX bytes:2025 (1.9 KiB)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:315 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:48634 (47.4 KiB)$ ping yahoo.com``` ping: unknown host yahoo.com$ ping 67.195.160.76 (yahoo ip)
PING 67.195.160.76 (67.195.160.76) 56(84) bytes of data.
Just hanging here.VM Ubuntu
$ ping 192.168.2.3```PING 192.168.2.3 (192.168.2.3) 56(84) bytes of data.
64 bytes from 192.168.2.3: icmp_req=1 ttl=63 time=0.229 ms
64 bytes from 192.168.2.3: icmp_req=2 ttl=63 time=0.332 ms
64 bytes from 192.168.2.3: icmp_req=3 ttl=63 time=0.342 ms
64 bytes from 192.168.2.3: icmp_req=4 ttl=63 time=0.310 ms
64 bytes from 192.168.2.3: icmp_req=5 ttl=63 time=0.465 ms
64 bytes from 192.168.2.3: icmp_req=6 ttl=63 time=0.296 ms
^C
--- 192.168.2.3 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.229/0.329/0.465/0.070 mspfSense ping 192.168.2.3 works Edit === Host $ ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. hanging here as well satimis -
Aha!
The host box is probably not using the vboxnet interface as it's default route. What does 'route' show?Steve
-
Aha!
The host box is probably not using the vboxnet interface as it's default route. What does 'route' show?$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:127 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:12304 (12.0 KiB) TX bytes:11683 (11.4 KiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x4000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2228 (2.1 KiB) TX bytes:2228 (2.1 KiB)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:22317 (21.7 KiB)$ sudo route``` Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.2.2 0.0.0.0 UG 0 0 0 vboxnet0 192.168.2.0 * 255.255.255.0 U 0 0 0 vboxnet0$ sudo ip r```
default via 192.168.2.2 dev vboxnet0
192.168.2.0/24 dev vboxnet0 proto kernel scope link src 192.168.2.3$ sudo systemctl start dhcpcd@vboxnet0.service``` Failed to get D-Bus connection: No connection to service manager.Does it need a physical NIC ?
satimis
-
Ah, so the pfSense VM can ping 192.168.2.3 but the host cannot ping 192.168.2.2?
Did you add a firewall rule to the OPT1 interface in pfSense to allow that traffic?
Your screenshot earlier of rules on OPT1 shows only TCP traffic allowed and not ICMP (ping) or UDP (dns).Steve
-
Ah, so the pfSense VM can ping 192.168.2.3 but the host cannot ping 192.168.2.2?
No.
$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3671 errors:0 dropped:0 overruns:0 frame:0
TX packets:3500 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:3307162 (3.1 MiB) TX bytes:758567 (740.7 KiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x6000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3240 (3.1 KiB) TX bytes:3240 (3.1 KiB)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:21625 (21.1 KiB)$ ping 192.168.2.2``` PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. From 192.168.2.3 icmp_seq=1 Destination Host Unreachable From 192.168.2.3 icmp_seq=5 Destination Host Unreachable ^C --- 192.168.2.2 ping statistics --- 8 packets transmitted, 0 received, +2 errors, 100% packet loss, time 6999msDid you add a firewall rule to the OPT1 interface in pfSense to allow that traffic?
Your screenshot earlier of rules on OPT1 shows only TCP traffic allowed and not ICMP (ping) or UDP (dns).Changed it already TCP/UDP
(pls see photo attached)Still same result;
$ ping 67.195.160.76```PING 67.195.160.76 (67.195.160.76) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=2 Destination Host Unreachable
From 192.168.2.3 icmp_seq=3 Destination Host Unreachable
From 192.168.2.3 icmp_seq=4 Destination Host Unreachable
From 192.168.2.3 icmp_seq=5 Destination Host Unreachable
From 192.168.2.3 icmp_seq=6 Destination Host Unreachable
^C
--- 67.195.160.76 ping statistics ---
8 packets transmitted, 0 received, +6 errors, 100% packet loss, time 7038ms
pipe 3satimis   -
Ping traffic is not TCP or UDP it's ICMP so unless you allow that too it will be blocked by the firewall.
Just change the protocol to 'all' for now to test the connection. You can always tighten up the rules later.Steve
-
Ping traffic is not TCP or UDP it's ICMP so unless you allow that too it will be blocked by the firewall.
Just change the protocol to 'all' for now to test the connection. You can always tighten up the rules later.Protocol - "all" is NOT available ONLY "any"
Change it to "any"$ ping 192.168.2.2```
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=2 Destination Host Unreachable
From 192.168.2.3 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.2.2 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3014ms
pipe 3Still the same satimis -
Hmm. But you can still ping 192.168.2.3 from pfSense?
Sorry I meant 'any', yes.
Steve
-
Hmm. But you can still ping 192.168.2.3 from pfSense?
Yes, without problem. Also VM can ping host on 192.168.2.3
satimis
-
Hmm, it looks like it has no route to the host. But you have shown that the routing table looks OK and the connection is presumably good because it responds to ping from other machines. :-
Perhaps the host is running some software firewall?
The pings to the host on 192.168.2.3 could be reaching it via some other route, it has many interfaces.Steve
-
- snip -
Perhaps the host is running some software firewall? - snip -
I haven't added any rule to iptables. It is ONLY default installation.
I have tested;
HOWTO: Run pfSense nanobsd in VirtualBox
http://www.freebsdnews.net/2012/05/22/howto-run-pfsense-nanobsd-virtualbox/Host-Only Network works but it needs a physical NIC
satimis
- snip -
-
In that how-to robi does not use a physical NIC for the host-only adapter. The only difference I can see is that he simply sets the pfSense interface to use the existing 192.168.56.X subnet created by VBox. I can't really see why that would make any difference but you could try that anyway.
Steve
