Centos – VirtualBox, VLAN, CentOS 7: guests and host can’t communicate

centosvirtualboxvlan

I'm using CentOS 7 on everything (except the Mac noted below). Host has VirtualBox 5.1.8. Network is 192.168.10.0/24. There are no firewalls anywhere.

Everything works as expected in this scenario:

Nothing is tagged, hosts and guests can communicate on any port, to/from any ip. Network interface on each guest is bridged. Life is good here.

This scenario fails:

I created VLAN interfaces on the host and each guest. We'll call this eth0.10. Each guest continues to use eth0 (because using eth0.10 effectively removed it from the network). Network interface on each guest is bridged.

Note: when I mention ping here I realize that's just ICMP but my tests have also included TCP tests. Using ping for brevity.

I can now ping guest (192.168.10.5) to guest (192.168.10.10) but I can't ping guest (.10.5) to host (.10.50). Host (.10.50) to guest (.10.5 or .10.10) doesn't work either.

When I ping guest (.10.5 or .10.10) to some other physical system, a Mac/OS X, also in VLAN10 (.10.200) I get a response. When I ping host (.10.5) to the Mac (.10.200) I get a response. The reverse of this is also true.

I've also ran Wireshark (packet sniffer) on the Mac (.10.200). I used the filter 'vlan host 192.168.10.5' and I can see the vlan id 10 in the packet! The same is true for every single host in vlan 10.

So everybody but the host can see the guests. The guests can all see each other and everybody else but not the host. Crazy right?

I've read a few things about Open Vswitch but I don't know if this is what I need. It seems that I'm overlooking something fundamental here but I've checked the work from so many angles now.

Any suggestions would be greatly appreciated!

Best Answer

I was able to replicate your exact scenario.
Here is my test env

 +---------------------------------------------------------+                                +-----------------------------------------+
 |                                                         |                                |                                         |
 |                    Mac OS X El Capitan                  |                                |          Mikrotik router board          |
 |      Host is also setup with vlan0 VLAN ID 20           |                                |                                         |
 |      192.168.10.3                                       |                                |                                         |
 |                                                         |                                |                                         |
 |             Both VMs are bridged to en0                 |en0         Trunk               |  VLAN 20 192.168.10.250                 |
 |            +-----------------------------------------------------------------------------+  VLAN 30 192.168.30.250                 |
 |            |                            |               |            VLANs 20 and 30     |                                         |
 |   +------------------+         +-------------------+    |                                |                                         |
 |   |                  |         |                   |    |                                |                                         |
 |   |    Cent OS 7     |         |    Cent OS 7      |    |                                |                                         |
 |   |    Node 1        |         |    Node 2         |    |                                |                                         |
 |   |                  |         |                   |    |                                |                                         |
 |   |  192.168.10.2    |         |    192.168.10.4   |    |                                +-----------------------------------------+
 |   +------------------+         +-------------------+    |
 |      VLAN 20                          VLAN 20           |
 +---------------------------------------------------------+

Exact same thing happens.
When both VMs are bridged to en0 :

They can ping each other. 192.168.10.2 < -- > 192.168.10.4
They can ping VLAN 20 Int 192.168.10.250 that leaves on Mikrotik, so they have external world connectivity.
Mac host which is also setup with vlan0 VLAN ID 20 192.168.10.3 can ping Mikrotik
VMs can't ping host and host can't ping VMs.

When bridging VMs to vlan0 instead of en0 - they lose connectivity to outside world (can't ping mikrotik)

So it appears that situation is indeed very similar to the way bridging is done in KVM with macvtap. With macvtap VMs can't communicate with host, so here the issue is explained https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Host_Configuration_and_Guest_Installation_Guide/App_Macvtap.html

This situation is actually not an error — it is the defined behavior of macvtap. Due to the way in which the host's physical Ethernet is attached to the macvtap bridge, traffic into that bridge from the guests that is forwarded to the physical interface cannot be bounced back up to the host's IP stack. Additionally, traffic from the host's IP stack that is sent to the physical interface cannot be bounced back up to the macvtap bridge for forwarding to the guests.

It appears that the same mechanism is in effect with bridged VLANs. I don't know for sure, just speculating here.

Edit: I found this blog from rackspace which explains exactly this issue http://blog.rackspace.com/vms-vlans-and-bridges-oh-my-part-2

Related Solutions

VirtualBox Networking – How to Set Up Networking for Host and Guest

Try this:

Setup the virtualbox to use 2 adapters:
- The first adapter is set to NAT (that will give you the internet connection).
- The second adapter is set to host only.
Start the virtual machine and assign a static IP for the second adapter in Ubuntu (for instance 192.168.56.56). The host Windows will have 192.168.56.1 as IP for the internal network (VirtualBox Host-Only Network is the name in network connections in Windows). What this will give you is being able to access the apache server on ubuntu, from windows, by going to 192.168.56.56. Also, Ubuntu will have internet access, since the first adapter (set to NAT) will take care of that.
Now, to make the connection available both ways (accessing the windows host from the ubuntu guest) there's still one more step to be performed. Windows will automatically add the virtualbox host-only network to the list of public networks and that cannot be changed. This entails that the firewall will prevent proper access.
To overcome this and not make any security breaches in your setup:
- go to the windows firewall section, in control panel,
- click on advanced settings. In the page that pops up,
- click on inbound rules (left column), then on new rule (right column). Chose custom rule, set the rule to allow all programs, and any protocol. For the scope, add in the first box (local IP addresses) 192.168.56.1, and in the second box (remote IP) 192.168.56.56. Click next, select allow the connection, next, check all profiles, next, give it a name and save.

That's it, now you have 2 way communication, with apache/any other service available as well as internet. The final step is to setup a share. Do not use the shared folders feature in virtualbox, it's quite buggy especially with windows 7 (and 64 bit). Instead use samba shares - fast and efficient.

Follow this link for how to set that up: https://wiki.ubuntu.com/MountWindowsSharesPermanently

SSH between two Virtualbox guests

Due to the fact you're getting a rejected message I can assume you're actually seeing packets hitting the other server, I suspect ssh is not installed.

On both servers run:

sudo apt-get install openssh-server

Once the ssh server is installed it should work fine.

<-- Edit -->

I have seen that you've confirmed the service is installed so ignore the above, it may well be iptables, though it shouldn't be configured by default on Ubuntu. If you're running 12.04 you can temporarily disable the firewall by typing:

sudo ufw disable

See if that helps at all.

Also, by "whole mess of errors" what do you mean? did you try to install with or without sudo?

Best Answer

Related Solutions

VirtualBox Networking – How to Set Up Networking for Host and Guest

SSH between two Virtualbox guests

Related Topic