CentOS on VirtualBox

[Joshua Dickerson]

Trying to setup a CentOS 6.3 guest on a VirtualBox host (Win7) but something is wrong with the networking configuration somewhere. I tried 2 instances: first one I got from http://virtualboxes.org/images/centos/ and the second is the LiveCD from centos.org.

#1: can connect via ping and ssh but not via HTTP. I get a 502 error. I tried Apache, Nginx, and a Node.js server with a number of different ports. I tried `wget localhost` locally (on the guest) and I got a proper response. So confused.

#2: so, I thought it might have been that image because I had some other issues with it. Nope. Started sshd on it but I can't connect via SSH. It just times out. Ping works.

I don't have any proxies setup on my computer or network. I am using the 'bridged adapter' network adapter to my wifi card. I just tried it with my ethernet connection and that didn't work either.

If you're wondering why I'm using CentOS - I am creating a development environment for work which uses RHEL. So, I'd like to stick with commands I can copy and past. No distro debates please.

Anyone have any advice? freenode.net/centos isn't any help.

[Ricky.]

Since its a bridged with network, have you disabled windows firewall already ?

[LiroyvH]

Apart from Windows Firewall needing to be checked, though it usually wont wreak heavoc, one should check the default rules CentOS 6 comes, most annoyingly, equiped with.
run this on the console:
iptables --flush

See if it fixes it up.
If so, remove the default rules or it will keep doing it on each and every reboot.
If no, try to run: setup
Is also a command, see if all is OK.

And lastly, I do assume you made sure the ports ain't in use already on Windows?

And as for the bridge then to move on, how did you set it up?
You may have to yum install bridge-utils and setup br0 accordingly, examples:

ifcfg-br0:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
BROADCAST=10.0.0.1
IPADDR=10.0.0.101
NETMASK=255.255.255.0
NETWORK=10.0.0.0
ONBOOT=yes

ifcfg-eth0:

DEVICE=eth0
HWADDR=MACGOESHERE
IPV6INIT=yes
IPV6_AUTOCONF=yes
ONBOOT=yes
BRIDGE=br0

And don't forget to service network restart.

If you use virtualbox however im not entirely sure if adding a bridge works that way. So, make a backup of your original ifcfg-eth0 before doing anything.
In the config for centos on virtualbox, may have to change it another way if br0 doesnt work...
Before proceeding, remove it again :p
Last I can think of without additional information:

in sysctl.conf modify to make sure the following options read as such:

net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1

then run these:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A OUTPUT -t filter -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

If it works, dont forget to save the iptables rules...


And last but not least:
For the love of god, use VMWare..!

[Storman™]

For the love of god, use VMWare..!

I've tried it on VMWare and got the same issue as Joshua with 6.3. Strangely CentOS 5.8 worked fine out the box but 6.3 didn't. I was using the minimal install though.

Ended up installing the full centos image (for server, not desktop) and ran it in repair mode. That's very using friendly if you use the gui install as it will check the network config and configure it.

In respect to config below think you will also need the line:

Code Select Expand

BOOTPROTO="dhcp"

in ifcfg-eth0 as well if using DCHP.

[LiroyvH]

I haven't ever encountered such issues on VMWare Workstation. Either running it on Linux already or on Windows, no problemo.
You sure you selected the correct NIC type?

And yes, you need to setup dhcp if the static configuration refuses to popup the network

[Joshua Dickerson]

Changed sysctl.conf

Code Select Expand

# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

Ran those iptables commands.

Code Select Expand

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED

Okay, I figured out some of it. After doing that and it not working, I tried just doing `service iptables stop`. That worked. That's fine for me because I have no need for iptables (at this time).

[LiroyvH]

Hmm, had you tried running the "iptables --flush" command I suggested in one of the first lines of the post?
That would do pretty much the same as iptables stop, just keep the process running but clear out the iptables rule base and thus allow everything.
Judging by the snippet you posted, you didn't run that? That would still keep it blocked.

Keep in mind that on reboot, the service will start again. Which is actually best behavior.
You should delete the contents of /etc/sysconfig/iptables.save and it will never load the rules blocking you in the first place again
That should fix it up for good. Otherwise, if you wish to stop iptables from loading up, make sure to disable the service on boot-time.

[Joshua Dickerson]

Yeah, iptables --flush works as well. Sorry, I missed that one.

Thanks

[Joshua Dickerson]

BTW, there is no /etc/sysconfig/iptables.save so I just did chkconfig iptables off and chkconfig ip6tables off

[LiroyvH]

Hm, it might actually just be "/etc/sysconfig/iptables" I had actually double checked if my memory served right, but I think I may have swapped memory with a CentOS + cPanel server instead of CentOS only, and checked it accordingly on a cPanel server :')

Either way, what you did works anyway so: all good eh

[Joshua Dickerson]

Trying to install Solr on a VM and I ran in to this again. Thank goodness for forums! I remembered I had this problem, searched the forum, and found the solution immediately. Granted, turning off iptables isn't perfect, I can at least use it for development.