Network failure in VirtualBox Guest VM
I can't access the internet from a VirtualBox virtual machine on Windows 7 and Debian Linux. I need to fix the problem in order to get these VMs working again.
I have a Debian laptop host that has been running VMware VMs in the past and now runs VirtualBox VMs without any difficulty. Most of my VMs have network setup bridged through the laptop's wi-fi card, and my home router provides DHCP addresses for the laptop and its VMs.
Lately, I've also been using Docker and Docker Compose without any issues. I have a docker0 bridge, but my laptop's network manager also shows the br-xxxxxxxxxxxx bridge and others that I'm not familiar with, but I've noticed that every time I create or just start a Docker container, I get more more and more.
Anyway, I've been able to use bridged networking in a VirtualBox guest to connect from the host laptop to the guest via SSH, HTTP, etc., and vice versa, and to be able to connect to the internet from both the laptop and the guest, at least Able to ping Google's 8.8.8.8.
I'm not sure if this is the reason, but it's definitely different: over the weekend, I made a docker-compose.yaml file cobbled together from other sources and added the following to something I've never used before in the previous In any docker-compose.yaml:
networks:
default:
driver: bridge
Of all my Docker Compose files, this is the only one with networks
.
When I docker-compose up
first asked this question , I could have sworn I saw another bubble in the notification area of Network Manager, but I'm not sure.
Usually, I do remember that I got extra bridges, and after a few days or weeks I would " edit connections" to manually remove those extra bridges as they got old.
Anyway, I'm not too concerned about the extra air bubbles and I have no issues with my container. I exposed the ports and was able to browse to them via http://localhost:nnnn as usual , and I didn't think much about it.
Today was the first time in about a week or two that I booted up my VirtualBox virtual machine - a Windows 7 guest. Once there, I realized I couldn't connect to the internet. I fired up a command prompt and realized I couldn't even , and ping 8.8.8.8
no ipconfig
IP address was reported.
I tried one of my Debian VMs. Same thing - can't ping 8.8.8.8
, and no IP addresses are reported /sbin/ifconfig eth0
.
The host laptop is so happy with the private IP address that I go to http://superuser.com to post this question.
What are the next steps I should take to resolve this issue?
Edit: I'm not sure what I did, but I managed to get my VM to get an IP address and connect to the internet.
First, it took me a while to type the above, so I don't know if I'll have to wait a while. It seems silly, and I've never done this before.
I remember restarting the Docker daemon on the host ( sudo /etc/init.d/docker restart
) before , but after doing so, I didn't see any noticeable change.
Before this, I had restarted my laptop. I remember when it came back I started the VM but the internet connection still didn't work in the VM.
ifdown
I barely did / ifup
and ipconfig /release
and before rebooting and ipconfig /renew
then started removing those bridges mentioned in the network manager, but this time I removed all bridges - even the current bridge and the docker0 bridge. At the time, it didn't seem to make any difference.
I also powered off and powered on the virtual machines in no particular order.
That's it
Update (3/15/2018): Now it's even worse; my VM is having a hard time getting an IP address and now it's impossible to ping 8.8.8.8 from inside the VM at all. This is happening with both VirtualBox VMs and VMware VMs.
Docker containers are able to enter the Internet without any difficulty.
When I run one of my Debian VMs, this is the bridge on the host laptop:
# brctl show
bridge name bridge id STP enabled interfaces
br-993886a09e53 8000.02424635b59c no
br-9d3771956e43 8000.0242c5e9afa6 no
br-ce4e98cb7458 8000.0242561fb6fc no
br-ef846b86506c 8000.0242982b55d7 no
br-fd2186a1e375 8000.02426f4ae98a no
docker0 8000.024258c6aaa0 no
The VM's network settings show that its adapter 1 is attached to the bridge adapter name wlan0. Promiscuous mode is set to deny and check cable connections .
Here is the device I have:
# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 24:b6:fd:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
link/ether c0:18:85:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: vmnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
5: vmnet8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
6: br-ef846b86506c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:98:xx:xx:xx brd ff:ff:ff:ff:ff:ff
7: br-fd2186a1e375: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:6f:xx:xx:xx brd ff:ff:ff:ff:ff:ff
8: br-993886a09e53: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:46:xx:xx:xx brd ff:ff:ff:ff:ff:ff
9: br-9d3771956e43: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:c5:xx:xx:xx brd ff:ff:ff:ff:ff:ff
10: br-ce4e98cb7458: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
11: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:58:xx:xx:xx brd ff:ff:ff:ff:ff:ff
12: vboxnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 0a:00:27:xx:xx:xx brd ff:ff:ff:ff:ff:ff
13: vboxnet1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 0a:00:27:xx:xx:xx brd ff:ff:ff:ff:ff:ff
Here are my firewall rules. The list was much shorter until I tried to install ufw
and gufw
, then run gufw
, enable it, then disable it.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
Chain DOCKER (6 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
Chain ufw-after-logging-input (1 references)
target prot opt source destination
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
Chain ufw-before-input (1 references)
target prot opt source destination
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
I try to create one /etc/sysctl.d/bridge.conf
with the following :
# Reference: https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
Then ran sysctl -p
.
I tried running Wireshark along with tcpdump on the host laptop and watched what happened when I ran it dhclient eth0
in the VM :
# tcpdump -ni wlan0 port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:03:45.275713 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.275788 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.418183 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.418277 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:49.220658 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:49.220749 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:51.953865 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:51.953936 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.275713 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.275788 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.418183 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:45.418277 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:49.220658 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:49.220749 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:51.953865 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:03:51.953936 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:04:04.084840 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:04:04.084909 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:04:16.898585 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:04:16.898688 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:04:26.201038 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
19:04:26.201150 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:xx:xx:xx, length 300
If I'm doing everything right, traffic is leaving the bridge but not re-entering, is this an ingress issue?
I also noticed today that another laptop on the same home network can't SSH into it; I'm not sure if that's related.
I can SSH into the laptop from myself:
$ ssh user@localhost
$ ssh [email protected]
However, if I try to connect via WinSCP from another laptop, it seems to time out. Wireshark shows absolutely no activity from other laptops.
The laptop used to be able to connect about six weeks ago.
I checked the router's configuration and nothing seems to be out of the ordinary.
Again, I'm trying to connect via SSH from an Android phone using the ConnectBot app. It used to work fine too, now I see the following in the ConnectBot output:
Connecting to 192.168.1.8:22 via ssh
Connection Lost
recvfrom failed: ECONNRESET (Connection reset by peer)
recvfrom failed: ECONNRESET (Connection reset by peer)
Rebooting the home router solved both problems for me. After the router rebooted, the remote laptop was able to SSH into my Debian laptop and my VM's internet access and LAN access worked fine again.