[Freedombox-discuss] Test if your freedombox is working as it should (testsuite)
- Subject: [Freedombox-discuss] Test if your freedombox is working as it should (testsuite)
- From: afc@shibaya.lonestar.org (A. F. Cano)
- Date: Wed, 2 Apr 2014 20:18:57 -0400
- Message-id: <[🔎] 20140403001857.GA29386@shibaya.lonestar.org>
- In-reply-to: <53307043.6050708@medhas.org>
- References: <2fllhw9w4ty.fsf@diskless.uio.no> <20140317232843.GA9396@shibaya.lonestar.org> <20140318053246.GD31715@ulrik.uio.no> <20140319032842.GA21915@shibaya.lonestar.org> <20140319060827.GQ31715@ulrik.uio.no> <20140324012023.GA10634@shibaya.lonestar.org> <53307043.6050708@medhas.org>
On Mon, Mar 24, 2014 at 11:19:55PM +0530, Sunil Mohan wrote:
> On Monday 24 March 2014 06:50 AM, A. F. Cano wrote:
> [...]
>
> > Now, about the problems:
> >
> > I suppose I should have asked: How do I access plinth when the fbx is
> > running in a virtualbox?
> >
> > Obviously, I need to know the interface names on which the virtualbox
> > is listening. The default eth0 is in NAT mode, so it can't be accessed
> > from outside the virtualbox. It only passes back packets from
> > connections originated from inside the virtualbox, and it is connected
> > directly to the physical board of the native machine/OS. That's why ping
> > and nslookup from inside the virtualbox work.
>
> In the default NAT mode, the recent versions of VirtualBox supports port
> mapping. With this feature we can map port X on host machine to port Y
> on the guest. Any connections such as web requests arriving on host's
> port X would actually be served by a web server on guest's port Y. It
> should work well with all ports and protocols but requires adding
> explicit mapping for each port.
Thanks for that explanation. Now that I've thought about the situation
a bit more, and given that eth0 (guest/virtualbox machine/fbx) is
recognized properly and works fine as the "outside" (internet facing)
interface, I have no problem about how this part works. In fact, it's the
ideal set-up for the tests I want to run: it provides access to the
outside and yet is protected from access from there.
What I would like to do is have another interface (eth1) on the
guest/virtualbox machine/fbx) to accept connections (for now) from
the host/physical machine only. That's why vboxnet0 seems ideal.
It would allow me to use the browser on the host machine to access
both the setup of the freedombox (plinth) and to use it as a
proxy/firewall which is how it would work if the system were installed
on its own hardware.
I have now configured the virtualbox adapter 2 as vboxnet0 and manually
configured it to:
Ipv4 Adress 192.168.56.100
Ipv4 network mask 255.255.255.0
it also says the DHCP server (which is enabled) has set it to:
Address: 192.168.56.100
Network mask: 255.255.255.0
I have only static IPs and routes on the host machine and if fact in my
whole network.
Earlier I gave these results, and they are still the same:
> > ...
> > http://10.0.2.15/plinth/ says
> >
> > Not Found.
> > The requested URL /plinth/ was not found on this server.
I now realize that this assumes I'd be contacting the web server from
eth0, which is not what I want to do.
> > It looks like some redirection is not working. There is only
> > html/index.html in /var/www.
>
> The IP address you set in File > Preferences -> Network > Host-only
> Network is for the host. So when you pointed your browser to that
> address you are in fact accessing the web server of host (I suspect you
> have one setup on the host). This is why you are unable to find plinth.
This is what appears to be happening.
> Login to guest, set the IP address there (DHCP or manual) and use that IP.
The IP there (for eth0) is 10.0.2.15. The freedombox seems to not have
activated or found eth1.
What I said earlier still stands:
> > From earlier research:
> >
> > Inside the fbx, eth1 is detected. From dmesg:
> >
> > eth1: (PCI:33MHz:32-bit) 08:00:27:b2:43:c9
> > eth1: Intel(R) PRO/1000 Network Connection
> >
> > But ifconfig doesn't report eth1. It needs to be manually brought up:
#ifconfig eth1 up 192.168.56.100
After this, ifconfig reports eth1, and route reports:
default 10.0.2.2 0.0.0.0 UG 0 0 0 0 eth0
10.0.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.56.0 * 255.255.255.0 U 0 0 0 eth1
Why isn't this done automatically when eth1 is detected?
> > [ problem I didn't understand but is now clear ]
>
> Same problem as above. To understand "Host-only" network, imagine that
> you installed a new ethernet card in the host and called it 'vboxnet0'.
> Then you added another ethernet card in the guest and called it 'eth0'.
Ok, in this case it would be eth1.
> Using a cable you have connected the two ethernet cards. Typically after
> that one would setup an IP on the host and another different IP on the
> guest and the two machines would be able communicate with each other.
> Same is the case with host-only networking. You assign an IP inside the
> guest and use that IP from the host.
Ok, it seems that host-only vboxnet0 should do what I want but I'm
obviously missing a step, or two, or 10. How does the freedombox
software set up eth1 when it's running on its own hardware? Why is
it not doing it under virtualbox? I have the second interface
configured, I think properly, but the browser doesn't get through it.
I have configured it in virtualbox as having the address
192.168.56.100 which is what dhcp magically seems to assign, but
it didn't make any difference. Pointing the browser to
http://192.168.56.100/plinth still returns not found. On the host,
route shows 192.168.56.0 to go to vboxnet0.
It does make sense that the "inside" address space would be 192.168.56.0
if the freedombox is acting as a NAT firewall, but why can't I connect
through eth1? Is the freedombox actually setting up that address space?
or is it virtualbox?
> Apart from the above two options, there is also the Bridged mode option
> that is simplest. If you host computer is connecting to a router which
> gives automatic DHCP IP address then bridging the guest will put guest
There's no DHCP here at all (on the inside network). The only DHCP is
done by the router that also does NAT for my whole network.
> in same network as your host. This is as if you have plugged the guest
> machine into the hosts' network. Consequence of this is that guest will
> directly take its IP address from the router (or you can assign one
> statically). Guest will be accessible from your entire network. Host to
> guest and guest to host communication is as if two machines in the
> network are communicating with each other. No mappings etc. are required.
I'd prefer to figure out how to make it work with vboxnet0 in host-only
mode, not only because it seems to be the set-up that most closely
approximates the real-life case of the freedombox running on its own
hardware, but also because it provides more security, as the virtualbox
is only visible from the one test machine/host.
So, to summarize, the main problem seems to be that eth1 requires more
setup inside the freedombox, or maybe it is the web server that needs
to be told to listen on the 192.168.56.0 interface? But there is some
progress. I can actually ping the freedombox from the host:
# ping 192.168.56.100
actually works, or maybe I'm pinging the host machine? Since the
browser seems to be contacting the host's web server... But vboxnet0
was set up in the virtualbox! My head is starting to spin.
Stopping the host's web server results in "Connection to Server Refused"
so it seems that at least the web browser is not even contacting the
virtualbox. Weird.
On the virtualbox freedombox:
192.168.56.0 * 255.255.255.0 U 0 0 0 eth1
On the host machine:
192.168.56.0 * 255.255.255.0 U 0 0 0 vboxnet0
Why aren't the two connecting? Any suggestions/tests welcome.
> It would be nice to have all this documented.
Indeed!
> --
> Sunil
>
--
Augustine
Reply to: