Opened 4 years ago
#20147 new defect
Problems when masquerade is enabled on host
| Reported by: | sblk | Owned by: | |
|---|---|---|---|
| Component: | network | Version: | VirtualBox 6.1.16 |
| Keywords: | bridge, firewall, masquerade | Cc: | |
| Guest type: | Linux | Host type: | Linux |
Description
Steps to reproduce issue:
- Configure host linux with firewalld + enable masquerade on public zone (or configuration alike with iptables or nftables by hand)
- Test access to both http and https on guest side
- Disable masquerade on host and repeat 2
If netfilter masquerading is enabled on host, and guest is in bridge modem, both http and https don't work.
For example:
curl -I http://www.virtualbox.org curl: (56) Recv failure: Connection reset by peer root@techier-glossa:~# curl -I https://www.virtualbox.org curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to www.virtualbox.org:443
If I disable netfilter masquerading, it works.
In bridge mode it should not concern at all if host is doing that.
This the configuration of firewalld:
[root@munster ~]# firewall-cmd --zone=lxc --list-all
lxc (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: lxcbr0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@munster ~]# firewall-cmd --zone=libvirt --list-all
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
[root@munster ~]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp108s0
sources:
services: dhcpv6-client kdeconnect mdns ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As far I know, In bridge mode it should not concern at all if host is doing that, should it?
Thanks in advance
Attachments (1)
Change History (1)
by , 4 years ago
| Attachment: | ubuntu-focal-20.04-cloudimg-20210119-2021-01-22-15-42-51.log added |
|---|
Note:
See TracTickets
for help on using tickets.


VBox Log file