Port forwarding trouble

[Charles]

Vagrants:

I'm a Vagrant newbie. I have searched this forum, and then the internet, experimented, cried, but still can't solve my problem. You are my only hope.

My host is a macbook air run osx 10.10.

My guest is hashicorp/precise64 using virtualbox

I followed the 'getting started' guide to set it up clean. No problems, and port forwarding is working from apache on port 80 to the host on 4567. I am able to open a browser on the mac and view the web page (directory listing) on the virtual machine. Great!

Now, I'm working through a go programming tutorial. I create a very simple http server, and run it on port 3000 on the guest. I change my Vagrantfile to include the following lines:

config.vm.network :forwarded_port, guest: 80, host: 4567 

config.vm.network :forwarded_port, guest: 3000, host: 4568

I bring the virtualbox down, the bring it back up again.OK, apache port forwarding is still working, but no matter what I do from the host, I can't see the simple go server. Chrome shows and error. Curl shows an 'empty reply'.

But, on the guest, if I run the server in the background I can see the server working on port 3000 with curl. So I know it is running and serving.

So, I conclude that I must be making a mistake somehow with port forwarding?

Help.

[Alvaro Miranda Aguilera]

On Sun, Jan 25, 2015 at 1:31 PM, Charles <cjl...@gmail.com> wrote:

config.vm.network :forwarded_port, guest: 80, host: 4567 

config.vm.network :forwarded_port, guest: 3000, host: 4568

Hello,

The correct way of reloading  once you modify the Vagrantfile, do a vagrant reload

network, shared folder, and other stuffs are executed by vagrant on start.. so a vagrant halt and vagrant up also fit the bill

check the guest firewall is not causing issue, and also, check the port of that application is binding to all the IP and not to just one specific ip

netstat -anp | grep ':3000'

this command should give you something like

*:3000 LISTEN

or 

0.0..0.0:LISTEN

that is all ips can connect

compare with the one of the webserver  

netstat -anp | grep ':80'

if still doesnt work, please give more info

include

iptables -L

netstat -anp | grep ':3000'

netstat -anp | grep ':80'

:D

Alvaro.

[Charles]

Alvaro:

Thanks you for pointing me in the right direction!

Indeed, the results of netstat showed a difference between apache and my simple go server:

tcp        0      0 127.0.0.1:3000          0.0.0.0:*               LISTEN      1406/httpbuddy

vs.

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -

So it looks like I need to get my go server to listen on 0.0.0.0, which would let all interfaces access it, vs. loopback which is 127.0.0.1? Not sure how to do that yet, but I'll figure it out.

BTW, iptables is not running on the virtual machine.

[Alvaro Miranda Aguilera]

My suggestion would be set a private nic on vagrant, and then change the program to bind to that specific IP, will be easier.

https://docs.vagrantup.com/v2/networking/private_network.html

Keep going, and don't give up!

Alvaro.

--
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ryan Moore]

Greetings,

I am having a similar problem...I have a rails server running on my vagrant machine serving on port 3000, as shown by the output from netstat.

tcp        0      0 127.0.0.1:3000          0.0.0.0:*               LISTEN      1000       15938       5632/ruby

This works fine on the VM... I can run Firefox on the VM and forward it through X11 and view the website on my host machine that way (through the x11 windowed Firefox), but when I try to go to 127.0.0.1:3000 or 127.0.0.1:30000 on my host machine's web browser, or with curl, it doesn't work.

Here is the bit from my Vagrantfile

  config.vm.network :forwarded_port, guest: 3000, host: 30000
  config.vm.network :private_network, type: "dhcp"


Any suggestions?

Thanks,
Ryan

[Alvaro Miranda Aguilera]

try with firewall

list rules: iptables -L

clean all the rules: iptables -F

Also, paste the output of vagrant up, maybe the host is already using
port 30000 .. that should be an error/warning on the output of vagrant
up

Alvaro.

[Ryan Moore]

Thank you for the suggestions! It turns out that I was to point my web browser to localhost:30000, but needed to be pointing to 0.0.0.0:30000, since localhost is only accessible from within the VM.

[Ed Young]

Alvaro,

 

This thread is very helpful(!), but I'm still unable to access my apache http server on my guest VM. 

( I'm running Vagrant 1.5.3, on a mac osx 10.9.2 host machine. )

I'm running a centos 65 image 

 config.vm.box = "https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140311.box"

and I'm provisioning using puppet.  

Note that when I started with vagrant up I got one warning: 

Warning: Could not retrieve fact fqdn 

and when I start apache httpd I get 

[root@localhost vagrant]# service httpd start

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName

                                                           [  OK  ]

root@localhost vagrant]# service httpd status

httpd (pid  2751) is running... 

My hosts file: 

[root@localhost etc]# cat hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

 

I have the following port forwarding configuration:

  config.vm.network :forwarded_port, host: 4567, guest: 80

  config.vm.network :forwarded_port, host: 4568, guest: 8080

I can access the apache server from the guest vm of course: 

[root@localhost vagrant]# curl -v http://localhost:80

* About to connect() to localhost port 80 (#0)

*   Trying ::1... connected

* Connected to localhost (::1) port 80 (#0)

> GET / HTTP/1.1

> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2

> Host: localhost

> Accept: */*

>

< HTTP/1.1 403 Forbidden

< Date: Wed, 25 Mar 2015 12:13:53 GMT

< Server: Apache/2.2.15 (CentOS)

< Accept-Ranges: bytes

< Content-Length: 4954

< Connection: close

< Content-Type: text/html; charset=UTF-8

<

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

...

but not from the host machine (Mac osx 10.9.2)

 ➜  vagrant-centos65 git:(master) ✗ curl -v http://localhost:4567

* Adding handle: conn: 0x7fb52380aa00

* Adding handle: send: 0

* Adding handle: recv: 0

* Curl_addHandleToPipeline: length: 1

* - Conn 0 (0x7fb52380aa00) send_pipe: 1, recv_pipe: 0

* About to connect() to localhost port 4567 (#0)

*   Trying 127.0.0.1...

I've followed your troubleshooting suggestions, but have not yet figured out the problem: 

 [root@localhost vagrant]# netstat -anp | grep ':80'

tcp        0      0 :::80                       :::*                        LISTEN      2751/httpd

I'm not sure how to interpret this, but I note that the 0 :::80 might indicate a problem since you in your troubleshooting advice suggested it should look like: 

*:80 LISTEN

 

or

 

0.0.0.0:80 LISTEN

yes?  Therefore, It appears that all ips cannot connect and that might be my problem. 

 Next you advise to try 

iptables -L

( But I don't understand how this might help, or diagnose. )

root@localhost vagrant]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     all  --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh

REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination 

 If I clean the iptables

[root@localhost vagrant]# iptables -F

[root@localhost vagrant]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

It has no effect. 

[root@localhost vagrant]# netstat -anp | grep ':80'

tcp        0      0 :::80                       :::*                        LISTEN      2751/httpd 

➜  vagrant-centos65 git:(master) ✗ curl -v http://localhost:4567

* Adding handle: conn: 0x7fe9fb804000

* Adding handle: send: 0

* Adding handle: recv: 0

* Curl_addHandleToPipeline: length: 1

* - Conn 0 (0x7fe9fb804000) send_pipe: 1, recv_pipe: 0

* About to connect() to localhost port 4567 (#0)

*   Trying 127.0.0.1... 

Note that when I run vagrant reload

➜  vagrant-centos65 git:(master) ✗ vagrant reload

==> default: Attempting graceful shutdown of VM...

==> default: Clearing any previously set forwarded ports...

==> default: Clearing any previously set network interfaces...

==> default: Preparing network interfaces based on configuration...

    default: Adapter 1: nat

==> default: Forwarding ports...

    default: 80 => 4567 (adapter 1)

    default: 8080 => 4568 (adapter 1)

    default: 22 => 2222 (adapter 1)

==> default: Booting VM...

==> default: Waiting for machine to boot. This may take a few minutes...

    default: SSH address: 127.0.0.1:2222

    default: SSH username: vagrant

    default: SSH auth method: private key

    default: Warning: Connection timeout. Retrying...

    default: Warning: Remote connection disconnect. Retrying...

==> default: Machine booted and ready!

==> default: Checking for guest additions in VM...

==> default: Mounting shared folders...

    default: /vagrant => /Users/.../vagrant-centos65

    default: /tmp/vagrant-puppet-1/manifests => /Users/../vagrant-centos65/manifests

    default: /tmp/vagrant-puppet-1/modules-0 => /Users/.../vagrant-centos65/modules

==> default: VM already provisioned. Run `vagrant provision` or use `--provision` to force it 

 So, I've provided a lot of information, because it seems you might be able to advise further. 

Thanks and I look forward to your reply. 

Ed

[Alvaro Miranda Aguilera]

Hello

Quick tip

::: is IPV6

: is IPV4

So, LISTEN 0.0.0.0:80 or :80 mean is listening for anything on port 80 for IPV4

Your output have :::80 that mean is only listening for IPV6 and not IPV4

Does this make sense?

add:

config.vm.hostname = "somehostname"

do vagrant reload and check again

if somehostname is not on /etc/hosts, you need to add it. Try an shell
provisioner

Sample script you can use:

---

$etc_hosts_script = <<SCRIPT

#!/bin/bash


cat > /etc/hosts << EOF

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost6 localhost6.localdomain6

192.168.78.50 collabinfra.racattack collabinfra

EOF


SCRIPT


---

then:

config.vm.provision :shell, :inline => $etc_hosts_script




My impression around that, as you have no name, localhost match ::1
and 127.0.0.1


Hope this helps.

Alvaro.

[dragon788]

Ed, OSX is notorious for being helpful, check your overall system settings and ensure when you are trying to do your port forward that the OSX system firewall is off. It will helpfully block connects to your virtual machines even though they originate on your host and are going to a guest on an internal network adapter.

[Ed Young]

Thanks dragon788, I have disabled my macosx firewall temporarily while I work this issue. 

Alvaro, I set my hostname per your suggestion, and I can see it when I ssh in

  config.vm.hostname = "ejyvagrantvm" 

[vagrant@ejyvagrantvm ~]$ hostname

ejyvagrantvm

and the hostname has been added to /etc/hosts: 

127.0.0.1   ejyvagrantvm localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

There does seem to be an issue with the fqdn, however which may be relevant: 

[root@ejyvagrantvm vagrant]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

                                                           [  OK  ]

Might that be the problem?

I still can't see my apache server from my host machine. 

  vagrant-centos65 git:(master) ✗ curl http://localhost:4567

curl: (52) Empty reply from server

[root@ejyvagrantvm vagrant]# netstat -anp | grep ':80'

tcp        0      0 :::80                       :::*                        LISTEN      2681/httpd

udp        0      0 0.0.0.0:803                 0.0.0.0:*                               1051/rpc.statd

[root@ejyvagrantvm vagrant]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     all  --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh

REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@ejyvagrantvm vagrant]# iptables -F

[root@ejyvagrantvm vagrant]# netstat -anp | grep ':80'

tcp        0      0 :::80                       :::*                        LISTEN      2681/httpd

udp        0      0 0.0.0.0:803                 0.0.0.0:*                               1051/rpc.statd

But I still can only see the apache server response from inside the guest vm, and not from the host vm: 

vagrant reload

[root@ejyvagrantvm vagrant]# curl http://localhost

<html>

<body><h1>It (Apache2)  works! (vm box precise32puppet) </h1>

<p>This is the default web page for this vagrant virtualbox server.</p>

<p>The web server software is running but no content has been added, yet.</p>

</body>

</html>

vagrant-centos65 git:(master) ✗ curl -v http://localhost:4567

* Adding handle: conn: 0x7fdf44004000

* Adding handle: send: 0

* Adding handle: recv: 0

* Curl_addHandleToPipeline: length: 1

* - Conn 0 (0x7fdf44004000) send_pipe: 1, recv_pipe: 0

* About to connect() to localhost port 4567 (#0)

*   Trying 127.0.0.1...

* Connected to localhost (127.0.0.1) port 4567 (#0)

> GET / HTTP/1.1

> User-Agent: curl/7.30.0

> Host: localhost:4567

> Accept: */*

>

Any other ideas? 

[Alvaro Miranda Aguilera]

Hello,

per netstat it only show listening on ipv6, no have more information on why

I would suggest iptables -F and try again

but I am out of ideas, .. can you share a zip file with a sample project?

[Ed Young]

Sure: 

https://github.com/EdZilla/vagrant-centos65

Thanks!

[Alvaro Miranda Aguilera]

On Fri, Apr 3, 2015 at 2:50 PM, Ed Young <e...@summitbid.com> wrote:
> https://github.com/EdZilla/vagrant-centos65

Firewall

add

chkconfig iptables off
chkconfig ip6tables off
service iptables stop
service ip6tables stop

as provision script in the meantime, to disable firewall on the guest.

This this the trick for me.. if you still can't see the webpage, then
I will think something like a firewall on the host will be blocking
those ports.. 4567

later if this require a better firewall rule, just then add what you require.

but it's firewall at this stage


It (Apache2) works! (vm box )

This is the default web page for this vagrant virtualbox server.

[Ed Young]

Hoooray!

That did the trick, and I re-enabled the firewall on the host, and it still worked. Thanks!