Can't access web from virtual machine

Blue Elf · April 16, 2012, 06:53:55 AM

I'm windows user, but for some reason I need also linux for some things. Easiest way IMO is to create virtual machine, so I installed VirtualBox (version 4.0.

from Oracle on the top of my Win7 (64bit). I was able to install fedora 16 successfully, but I can't access any web page

I'm using bridged networking in the virtualbox, I'm able find target machine using nslookup and ping it, but web browser (konqueror) still say's that target machine can't be found. No proxy is set in the konqueror. Can someone more experienced suggest some solution?

bommel · April 17, 2012, 12:16:29 AM

Do you really need bridged network? Usually NAT is sufficient and it works out of the box (at least most times ^^).

Blue Elf · April 17, 2012, 12:43:17 AM

Quote from: bommel on April 17, 2012, 12:16:29 AM
Do you really need bridged network? Usually NAT is sufficient and it works out of the box (at least most times ^^).

I tried it, but then I didn't receive IP address from DHCP. Seems that NAT can't bound to Wifi card, that's why I switched to bridge with binding to Wifi card. Ok, I'll try also to use standard net card using cable and see if it works.

Ningey · April 17, 2012, 01:17:51 AM

If at all, NAT is done on the interface that points to the 'Net and not on the interface that's dealing with your internal network (i. e. this normally happens on the router that links you to the 'Net). So the question is: Have you properly enabled routing on your host systems so the requests from the guests are properly forwarded from the virtual network to the outbound (physical) network device?

If not, you easily wind up with a situation like this.

Blue Elf · April 17, 2012, 02:50:12 PM

Quote from: Ningey on April 17, 2012, 01:17:51 AM
If at all, NAT is done on the interface that points to the 'Net and not on the interface that's dealing with your internal network (i. e. this normally happens on the router that links you to the 'Net). So the question is: Have you properly enabled routing on your host systems so the requests from the guests are properly forwarded from the virtual network to the outbound (physical) network device?

If not, you easily wind up with a situation like this.

ok, I describe my config:

Internet <-> router <-> Wifi APN/switch <-> my computer
DHCP runs on the router, computer is connected through wifi, standard netcard is not used. So, every interface I'm using points to my internal network, but it is necessary to be able to connect internet. Is there something wrong?

Ningey · April 17, 2012, 05:43:37 PM

Then you have to enable routing on your host system (i. e. the one you launch the virtual machines from) in order to enable the guest OSes (the ones in the virtual machines) to access the 'Net.
I've had the same issue with VMware, and since I didn't want bridging, I needed a local virtual network (NAT hadn't been an option, either, since the firewall on my gateway already did that), and to allow the guests to access the 'Net I had to enable routing in the host. Since the host had been running on Linux, this had been rather straightforward.

I don't know exactly how things run with Windoze (I'm currently not running that system at all) so I would have to figure out first how that can be achieved.

EDIT: You also need to assign a different pool of network addresses to your virtual network. Otherwise you are going to experience problems. You would have to configure your DHCP server accordingly (or better yet, set up a DHCP server that provides IP addresses to your guests on your host system).

EDIT2: Still better would be assigning fixed IP addresses to your virtual network - that way you don't have to put up with complex DHCP configurations...

Blue Elf · April 18, 2012, 03:21:47 AM

I tried with wired network and NAT -> hmmm, even with different IP adress than from my internal network (probably assigned by VM box) I can resolve and ping to names, but stupid Konqueror still can't connect to web. So problem is not in NAT vs. bridging, but at some different area.
Today I took my VM into office and tried here. It works of course.... Difference is in OS - Win7 x64 at home, WinXP x86 at office. what is interesting, in XP I can see new netcard created by Virtualbox, in Win7 there nothing similar. Pak![/thinking about dowgrade]

Sіr. Ηaxalot · April 18, 2012, 05:51:30 PM

First of all, can the guest ping your router (usually 192.168.1.1, 192.168.0.1 or 192.168.1.254)? If that works, try to check DNS with nslookup. If nslookup works, try to ping something on the internet. Iff all those works, it could be proxy settings or some problem with the browser in the guest.

bommel · April 19, 2012, 12:00:54 AM

Did you have a look at the manual (for example here)?

Blue Elf · April 19, 2012, 01:25:46 AM

Quote from: Thorbjorn on April 18, 2012, 05:51:30 PM
First of all, can the guest ping your router (usually 192.168.1.1, 192.168.0.1 or 192.168.1.254)? If that works, try to check DNS with nslookup. If nslookup works, try to ping something on the internet. Iff all those works, it could be proxy settings or some problem with the browser in the guest.

DNS lookup works, ping to name too. The only thing I can't do is to use web browser. I'll do another researches, probably also upgrade VMbox as new version is available.

bommel · April 22, 2012, 05:44:01 AM

This is quite strange, usually Virtualbox NAT runs out of the box. It's even stranger that DNS and ping work but you can't access any web sites. Unfortunately I don't have a clue what's wrong

Human No More · April 22, 2012, 04:39:16 PM

What are you using for DNS servers? Your router, or internet based ones (e.g. 8.8.8.8 and 8.8.4.4 for google's)?

Which of these can you ping?
-The host computer's IP
-The router
-A website via IP address

Are you using a static IP or DHCP?

Also, did you set the network up in Fedora? I'm not especially familiar with Fedora, but it's very similar to CentOS, which I use, so I guess network should be the same in it.
/etc/sysconfig/network-scripts-ifcfg-eth0
you can edit the setup there; I always disable Network Manager on it (NM_CONTROLLED="no")

Blue Elf · April 23, 2012, 02:42:12 AM

Using my router as DNS, it forwards queries to ISP's DNS. I can ping any machine you asked. I have no idea how IP is assigned, under interfaces I don't see eth0, but p2p1.
I'm not good in Fedora too, my last experience with Linux comes from the time of Redhat 7.1.
What is also interesting - the same VM moved from Win7 to WinXP works without any problem. I haven't enough time to look at it closer, but I'll check config as you proposed, next weekend will longer than usually

Blue Elf · April 28, 2012, 04:06:37 PM

I did some more researches with big help of Ningey (irayo nìmun!), seems that problem is in my router. There's no problem to connect to web server on router, but what is behind it, it is unreachable. I tested my old WinXP - from this machine I can't reach web sites behind the router too. I'll read router documentation, if there is some option to change, but probably I install Linux as second OS on my notebook...

Ningey · April 29, 2012, 06:20:23 PM

It seems as if we now have pinpointed the problem.
Since nslookup correctly resolves any host names, but other programs don't, it seems as if nslookup is handling name resolution a little differently from anything else.
After all other programs couldn't access other sites (they simply failed to resolve any names) a check by a site's IP address suddenly turned out to be successful.

Does anyone have any information on what nslookup is doing differently than other programs as far as name resolution is concerned?
My guess would be that nslookup is using TCP connections whereas all other programs seem to send UDP requests (which somehow are denied).

Human No More · May 08, 2012, 03:27:45 PM

DNS can use either; TCP is generally likely though as UDP just sends packets without opening a connection or checking that they were properly received.

Try setting some other nameservers. See if you can ping 8.8.8.8 and 8.8.4.4 (google DNS), then add them to /etc/resolv.conf or in the script for the network adapter (DNS1="8.8.8.8").

Ningey · May 11, 2012, 11:39:38 AM

Just as I thought. BIND uses TCP for zone transfers (i. e. the entire bunch of DNS data for a certain domain is sent in one pass) and UDP for normal name resolution. That's where the dualism comes into play.

nslookup obviously triggers such a zone transfer with its query, and since TCP is connection-oriented, any firewalls on the way out recognize the returned data and open a return path. However, since UDP is a state- and connectionless data transfer, the same thing doesn't necessarily work here.
In this case a firewall needs to have its UDP ports above 1023 open to receive the return info of name resolution requests.

Since you are behind a router, there are three chances for this to fail:
- Your router
- the Windows firewall
- any firewall that is active on your Linux guest

Since you get the address of the DNS server on your router, that shouldn't be a problem. Your computer requests a name resolution (via UDP), and since the DNS server on your router subsequently requests a zone transfer, that would make it TCP, so no problem here.
So only the firewalls on your Windoze host and on your Linux guest could be a problem (with Win 7 I don't know where to start looking), so as far as your Linux guest is concerned, you should try the following files in /var/log:
- messages
- localmessages
- warn
- firewall (if present)
The messages might sound rather cryptic initially, but they can give you a hint on what's going awry.
If you have any log files for the Windows firewall, you should check those as well.

Blue Elf · May 11, 2012, 03:02:57 PM

Quote from: Human No More on May 08, 2012, 03:27:45 PM
DNS can use either; TCP is generally likely though as UDP just sends packets without opening a connection or checking that they were properly received.

Try setting some other nameservers. See if you can ping 8.8.8.8 and 8.8.4.4 (google DNS), then add them to /etc/resolv.conf or in the script for the network adapter (DNS1="8.8.8.8").

Wou, setting this helped a lot! Great! Karma for you, applause for you!