How to connect to a guest VM from the host system?

Issue #1 - VM networking types

There are 3 modes of networking:

  1. NAT
  2. Host Only
  3. Bridged

Details on setting them up

  • This AU Q&A titled: "In VirtualBox, how do I set up host-only virtual machines that can access the Internet?", shows how to do #2.
  • This article titled: "How to Setup VirtualBox Guest Additions and Network", shows how to do #3.

When to use each?

  • #1: For development of Facebook/web apps that are on other servers
  • #2: If you want to build your own app, and test it from the VirtualBox host (not just the guest VM)
  • #3: If you want to build an app and test it from other systems on LAN

Issue #2 - firewall blocking?

Depending on which distro you're using, the firewall might be blocking your web browser from accessing your Apache instance. This would make sense given you're able to ping the system, but not access it via port 80, which is the port that Apache is listening on.

temporarily disabling it

On CentOS you use this command to disable it.

$ /etc/init.d/iptables stop

check that Apache's listening

You can also confirm that it's listening on this port.

$ netstat -antp | grep :80 | head -1 | column -t
tcp  0  0  :::80  :::*  LISTEN  3790/httpd

confirm firewall's off

The firewall can be confirmed that it's wide open.

$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If this solves your issue then you can permanently add a rule that allows traffic in via TCP port 80.

adding a rule for TCP port 80

$ /etc/init.d/iptables restart
$ iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ /etc/init.d/iptables save

NOTE: This will make the rule persist between reboots.

firewall is accepting TCP port 80

A system that has the port 80 open would look something like this:

$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:8834 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Issue #3 - Apache listening?

In the above issue we saw that Apache was listening, but sometimes it's mis-configured so that it's only listening on 1 IP address, or that it's listening on a different network interface. The command netstat can be used to double check this as well as reviewing the Apache configuration files.

$ netstat -anpt | grep :80 | column -t
tcp  0  0  0.0.0.0:80  0.0.0.0:*  LISTEN  1750/httpd

This shows that Apache is listening on all interfaces (IP 0.0.0.0).

I won't repeat what @Lekensteyn's answer which covers this particular issue in more details here.

References

  • Chapter 6. Virtual networking

Your Apache installation is likely configured to listen on localhost only. You can verify that by running in your guest:

$ netstat -tnl | grep :80
Proto Recv-Q Send-Q Local Address      Foreign Address  State
tcp        0      0 0.0.0.0:80         0.0.0.0:*        LISTEN
tcp6       0      0 :::80              :::*             LISTEN

If it says 0.0.0.0:80, it listens on all interfaces. In your case, I would expect 127.0.0.1:80 instead. To solve this, edit your Apache config (somewhere in /etc/httpd/conf/) and change:

Listen 127.0.0.1:80

to:

Listen 80

You can also use nmap to verify the available services on your machine. It should look like:

$ nmap 192.168.0.2

Starting Nmap 6.40 ( http://nmap.org ) at 2014-01-11 15:22 CET
Nmap scan report for localhost (192.168.0.2)
Host is up (0.0036s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds

On CentOS 7, firewalld has replaced iptables as the default firewall.

I had to use

systemctl stop firewalld

to pause the firewall to test the connection from host to CentOS VM.

See more here: https://stackoverflow.com/questions/24756240/how-can-i-use-iptables-on-centos-7

Tags:

Virtualbox

Recent Posts