Need to see real source IPs from behind port forwarding, can I disable SNAT?
122 views
Skip to first unread message
Michael Taylor
Nov 27, 2015, 3:43:29 PM11/27/15
to Vagrant
I'm trying to use graylog with Vagrant in a port forwarded Virtualbox appliance and I'm noticing that every message has 10.0.2.2 as its source IP.
Vagrantfile:
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.hostname = "graylog"
config.vm.network :forwarded_port, guest: 1514, host: 1514, protocol: 'udp'
config.vm.network :forwarded_port, guest: 9000, host: 9000
config.vm.network :forwarded_port, guest: 12900, host: 12900
config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'udp'
config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'tcp'
Example from tcpdump:
15:34:33.986334 IP 10.0.2.2.58556 > graylog.12201: Flags [P.], seq 76983:77640, ack 1, win 65535, length 657
This tells me that Vagrant set up the VM with SNAT and every forwarded packet gets the firewall IP as its source. Is there a way to disable this (use DNAT only) so the source IP of forwarded packets is correct? I don't dare make a bridged network for security reasons: graylog requires a version of Elasticsearch with no support for authentication and the Java version in the official appliance image is quite old.
Vagrantfile:
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.hostname = "graylog"
config.vm.network :forwarded_port, guest: 1514, host: 1514, protocol: 'udp'
config.vm.network :forwarded_port, guest: 9000, host: 9000
config.vm.network :forwarded_port, guest: 12900, host: 12900
config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'udp'
config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'tcp'
Example from tcpdump:
15:34:33.986334 IP 10.0.2.2.58556 > graylog.12201: Flags [P.], seq 76983:77640, ack 1, win 65535, length 657
This tells me that Vagrant set up the VM with SNAT and every forwarded packet gets the firewall IP as its source. Is there a way to disable this (use DNAT only) so the source IP of forwarded packets is correct? I don't dare make a bridged network for security reasons: graylog requires a version of Elasticsearch with no support for authentication and the Java version in the official appliance image is quite old.
Alvaro Miranda Aguilera
Nov 28, 2015, 1:00:18 AM11/28/15
to vagra...@googlegroups.com
Hello,
If you comment those out, and then use the gui I think the result will be the same.
I think if you can came up with the VBoxManage <something> that can do what you are afterm then you may use a virtualbox block to run that, and not use the out of the box forward port.
make sense?
Thanks
Alvaro
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/5dafbfe8-c7cf-4735-90d1-21e1b0a5cee5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Taylor
Nov 30, 2015, 4:37:06 PM11/30/15
to Vagrant
Yes, but I was hoping for a way to do it within the vagrantfile.
Alvaro Miranda Aguilera
Nov 30, 2015, 7:41:15 PM11/30/15
to vagra...@googlegroups.com
Once you get the commands that work, you should be able to put them in
the vagrant file.
Alvaro
the vagrant file.
Alvaro
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/mitchellh/vagrant/issues
> IRC: #vagrant on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vagrant" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vagrant-up+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vagrant-up/dc22f215-83ff-4929-b461-78a49cea38d5%40googlegroups.com.
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/mitchellh/vagrant/issues
> IRC: #vagrant on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vagrant" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vagrant-up+...@googlegroups.com.
> To view this discussion on the web visit
Michael Taylor
Dec 1, 2015, 1:24:47 PM12/1/15
to Vagrant
Got it. I added the customize line to the vagrantfile:
config.vm.provider "virtualbox" do |v|
v.memory = 4096
v.customize ["modifyvm", :id, "--nataliasmode1", "proxyonly"]
end
Pay attention to the number one at the end of "--nataliasmode", that's not the letter L and it refers to the interface number in the VM.
config.vm.provider "virtualbox" do |v|
v.memory = 4096
v.customize ["modifyvm", :id, "--nataliasmode1", "proxyonly"]
end
Pay attention to the number one at the end of "--nataliasmode", that's not the letter L and it refers to the interface number in the VM.
Reply all
Reply to author
Forward
0 new messages