2
I want to support connecting to the guest on privileged ports—such as port 80—when using Vagrant with VirtualBox but it doesn’t seem to work. What is the best option on how to handle this?
I am running Vagrant w/ Virtualbox on my Mac, and have a CentOS 7 guest. Inside the guest I'm experimenting with Docker, and have a few different containers running.
In my Vagrantfile I've setup minimal port forwarding rules and these get created properly within VirtualBox by vagrant.
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
config.vm.network "forwarded_port", guest: 8080, host: 8080
config.vm.network "forwarded_port", guest: 80, host: 8081
config.vm.network "forwarded_port", guest: 3306, host: 3306
From Virtualbox, everything is setup as expected (Nat networking, forwarding rules)
When I run lsof
on the macOS, I see this which looks and works as expected:
VBoxHeadl 1265 david 15u IPv4 0x54ccbd2a67321437 0t0 TCP localhost:2222 (LISTEN)
VBoxHeadl 1265 david 16u IPv4 0x54ccbd2a602a3b3f 0t0 TCP *:3306 (LISTEN)
VBoxHeadl 1265 david 17u IPv4 0x54ccbd2a672ad627 0t0 TCP *:8080 (LISTEN)
VBoxHeadl 1265 david 18u IPv4 0x54ccbd2a6539fd2f 0t0 TCP *:8081 (LISTEN)
The Problem
If I attempt to forward a privileged port (:80 in this case), the port forwarding does not work. There is no OSX process listening on :80.
Inside the VM I can wget the page from the running webserver, and really nothing should appear to be any different to the Guest VM.
The Virtualbox manual says this shouldn't work?
In the virtual box manual NAT networking section, there is a section titled 6.3.3. NAT limitations
Forwarding host ports < 1024 impossible: On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible to bind to ports below 1024 from applications that are not run by root. As a result, if you try to configure such a port forwarding, the VM will refuse to start.
So, perhaps this is stating that this should not work, however, it is not true that the VM won't start. It runs fine in my case, which makes me question if the manual is talking about running the host OS for virtual box, or the guest os's.
Is this the reason that Virtualbox w/NAT and port forwarding doesn't start a listener for Port 80?
A message seems to have popped up at Vagrant up that I haven't seen before:
==> default: You are trying to forward to privileged ports (ports <= 1024). Most
==> default: operating systems restrict this to only privileged process (typically
==> default: processes running as an administrative user). This is a warning in case
==> default: the port forwarding doesn't work. If any problems occur, please try a
==> default: port higher than 1024.
So that certainly seems to remove any confusion.
Conclusion
A Private network or a bridged network are both viable solutions to allow me to utilize natural Guest ports even if they are privileged (< 1024) on the Host.
This also removes the need to setup individual port forwarding. In my case, the Private network seems like the best option, as it's a bit more secure in that only my Mac can see the Guest.
Here is the necessary Vagrantfile configuration:
# Create a private network, which allows host-only access to the machine
# using a specific IP.
config.vm.network "private_network", ip: "192.168.20.20"
This also facilitates adding one or more entries to the mac's /etc/hosts file for the guest, providing convenience.
I have been experimenting with vagrant share, and I just want to state the it will not read the configuration and use the Private Network option properly. So if you do want to do that you still need to map a > 1024 host only port redundantly so that the Vagrant Share can find it and map it with Ngrok. – gview – 2017-07-18T20:54:49.750