Connecting RPI to a Virtualbox Linux VM in a protected network

2

I'm on a protected network which only gives IP addresses to registered devices. I can register my laptop, a Windows machine, and a RPI, but not every VM on that laptop, so bridged adapter is not an option, I think. I'd like to be able to communicate between the RPI and the VM.

So far I have tried this:

I have 3 entities: (1) A Windows host, with IP 134.58.46.117 (2) A Virtualbox Linux Guest VM, configured, atm, with NAT network and a Host-only Adapter. it has IP 10.0.2.15 on eth0 and IP 192.168.56.102 on eth1 (3) a RPI on Jessie, with IP 134.58.46.172 on eth0.

I can ping 192.168.56.102 from the Windows Host. I can ping the Windows Host from the RPI. I can ping the RPI from the Windows host. I have configured the RPI with the following route:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.56.0    134.58.46.117   255.255.255.0   UG    0      0        0 eth0

When I ping the VM from the RPI ( so execute "ping 192.168.56.10"), I receive no response.

Wireshark on the Windows host does detect packets from 134.58.46.172 with destination 192.168.56.102 however, but nothing is returned.

Any clue what the issue is? Or another way to do what I want?

Sven

Posted 2017-06-01T07:45:48.580

Reputation: 145

Answers

2

You need two steps for this to work:

  1. First, you need to allow IPv4 forwarding on the Windows machine. This will allow it to move packets from one interface to the other. The instructions to do this depend on the Windows version you are using, for instance for XP you can use this reference and for Windows 10 you can use this other reference. At any rate, Google Windows YourVersion IPv4 forwarding for more info. In any case, it is just matter of changing a Windows Registry entry, albeit the exact key changes with Windows version.

  2. You need to instruct your Linux machine to use the Windows host as a gateway for the RPI. It can be done with the following command:

    ip route add RPI_IP_ADDRESS/32 via WINDOWS_HOST_IP_ADDRESS

    This makes sure that packets can flow in the opposite direction with the headers of the Linux VM guest: this way they are recognized as the pertinent reply to conversations started by the RPI. If you did not use this, the packets headers would be changed to reflect the Windows host IP address, which means the RPI would receive replies froma different address than the one it had written to.

That's all.

EDIT:

with reference to the comment:

give your Linux guest a fake MAC address, one which has access to your LAN. Use the RPI to listen on conversations, with tcpdump -i eth0 -n arp. This will display a number of MAC addresses which are present on your net. Change the MAC address of your Linux guest with macchanger, giving it the one you just learned. Now use Bridge adapter for the Linux guest. It will work like a charm. Also, you might consider getting a pc with a real OS, since what you are trying to do is quite sophisticated. Windows falls short there.

  1. stealing an address does not interfere with the other guy's connectivity: packets are numbered, if your pc receives a misnumbered packet it will simply discard it.

  2. you make it permanent on boot as follows: on the VM (I assume you are on Debian or derivatives Ubuntu/Mint,..., if not it is a synch to adapt what follows to whatever you are on), edit /etc/network/interfaces, and paste the following in (assuming eth1 is the interface to connect):

    auto eth1
iface eth1 inet dhcp
         pre-up macchanger -m XX:XX:XX:XX:XX:XX eth1

and that's it.

MariusMatutiae

Posted 2017-06-01T07:45:48.580

Reputation: 41 321

Thanks for the reply. I am having issues with step 1 for Windows 10: enabling Routing and Remote Acces auto-disables with the following message: "the routing and remote access service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."

Any way you can help me out? – Sven – 2017-06-01T09:09:48.657

Also, doing the second step, with the command: " sudo ip route add 134.58.46.172/32 via 134.58.46.117" gives me "RTNETLINK answers: Network is unreachable" – Sven – 2017-06-01T09:11:57.313

Point2: it is indeed the wrong IP address, the vBox Host-only IP is 192.168.51.1 is better.

Point1: I did see that but it is not applicable. Looking further, I encountered "https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/rras-unable-to-start-service-windows-10/90bd99b9-02d7-434a-9aab-38d59dfa809e"

Appears this might be a Windows 10 bug! Which is unfortunate. Any clue on how I can fix it? Or work alternatively?

– Sven – 2017-06-01T09:43:18.727

@Sven give your Linux guest a fake MAC address, one which has access to your LAN. Use the RPI to listen on conversations, with tcpdump -i eth0 -n arp. This will display a number of MAC addresses which are present on your net. Change the MAC address of your Linux guest with macchanger, giving it the one you just learned. Now use Bridge adapter for the Linux guest. It will work like a charm. Also, you migh consider getting a pc with a real OS, since what you are trying to do is quite sophsticated. Windows falls short there. – MariusMatutiae – 2017-06-01T10:03:12.270

Unfortunately, it appears it doesn't. Tried it out, it boots with eth0 and the specific MAC I've given (using the vBox settings though) but no IP address, – Sven – 2017-06-01T12:17:12.147

@Sven that's good news: after boot, from within the guest, issue the command dhclient -v eth0, if eth0 is the interface which is used for the bridge adapter. This should do it. When it works, I will teach you how to make this permanent upon boot. – MariusMatutiae – 2017-06-01T14:58:59.620

@Sven Or you may setup a static IP. If you just copy the IP address of the machine from which you borrowed the MAC address, then it should work right away: this is precisely what I do whenever I find myself in a LAN whose security measure is a registration of MAC addresses for all allowed machines (= I am an academic, in case you wonder). – MariusMatutiae – 2017-06-02T07:20:35.787

Seems like it get stuck on DHCPDISCOVER. It prints : "DHCPDISCOVER ON eth0 to 255.255.255.255 port 67 interval 3 (xid=0x578a771d)"

Stealing an IP address is also less than ideal, since wouldn't that interfere with the connectivity of the other guy? – Sven – 2017-06-02T10:37:29.480

It appears, it works! For some reason eth0 is unavailable (though only 1 adapter is active). Any case, with eth1 works like a charm. How do I now make it permanent on boot? – Sven – 2017-06-02T11:49:37.187

@Sven Please read my Edit. – MariusMatutiae – 2017-06-02T12:25:39.233

Asked: 2017-06-01T07:45:48.580

Viewed: 1 497 times

Active: 2017-06-07T04:51:32.930