Saturday, August 13, 2011

Trying Ubuntu Linux (4)

As discussed in previous posts (here, here, here), I have Ubuntu Linux 11.0.4 running under VirtualBox 4.1.0 on my Powerbook with the host running OS X Lion 10.7 (in a second partition, actually). I set up and tested Apache Server 2.2 on the guest. Now I'd like to access the guest server from the host machine, and later the other machines on my Wi-Fi network. I haven't yet succeeded, so yesterday I asked a question on StackOverflow, which got moved by someone to a related site, "serverfault" (here).

I got a couple of good suggestions, but didn't yet solve my problem. However, there are a bunch of "related questions" in the sidebar that look promising. Time to be (even more) systematic.

The VirtualBox manual (here) has a section: Configuring port forwarding with NAT.

So it's pretty clear that we could stay with NAT. In that case we need to do "port forwarding," although other people have suggested using "bridged mode." In the NAT method, we simply instruct the VM (as we would a router) that packets arriving on certain ports should be "forwarded to the guest, on the same or a different port." The manual says to do this from the command line in the host (the first line is their template, the second my implementation):

VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"
VBoxManage modifyvm Ubuntu --natpf1 "apache,tcp,,8888,,80"

There are six fields in the last argument: a name, which is "purely descriptive", the protocol for forwarding, and then two sets of an ip address and port. So, this example "forwards all TCP traffic arriving on the localhost interface (127.0.0.1) via port 2222 to port 22 in the guest":

VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"

From the docs
Forwarding host ports < 1024 impossible:
On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible to bind to ports below 1024 from applications that are not run by root. As a result, if you try to configure such a port forwarding, the VM will refuse to start.

So that's why we used 8888. Under Port Forwarding we forward (in the second example) from the host port 8888 to the guest port 80.

I used the GUI to set this.




I believe we should not have to do the command line version. Just to be safe, I remove the forwarding rule I set when playing around, by doing this from the command line:

VBoxManage modifyvm Ubuntu --natpf1 delete "apache"

And then repeated setting up forwarding in the GUI (Settings > Network). To be sure that everybody has got the word, we:

Quit Ubuntu
Restart VirtualBox
Restart Ubuntu
Restart Apache with:

sudo /etc/init.d/apache2 restart

But it doesn't work. From the guest, I point Firefox at localhost or 127.0.0.1 and I can see the index page or run my scripts. Note that this works even though the Apache restart gave this message:

apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName

But from Safari on the host with the same ip address I get "Safari can't connect to the server" and if I add the port (127.0.0.1:8888) it just hangs. 127.0.1.1 also doesn't work.

Now, what could be wrong? From serverfault (here):

Iain says to try bridged mode.

I tested that early on but it didn't make any difference. Also, the docs clearly say that NAT should work. I'll have to test some more, but first..

Eric Fortis says:

"then from the host PC browser access the IP of the Ubuntu virtual machine, instead of 127.0.0.1. ifconfig will show you your IP."

te@VB:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:88:33:a4
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe88:33a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:122 errors:0 dropped:0 overruns:0 frame:0
TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43296 (43.2 KB) TX bytes:23263 (23.2 KB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1642 (1.6 KB) TX bytes:1642 (1.6 KB)


If I'm reading this correctly, the second entry is for "local loopback", that is, it doesn't go through the virtual network card. And the first one uses eth0. So that might make a difference (Ethernet v. Wi-Fi)

Also, the ip address is 10.0.2.15, which I think should not be visible beyond the "router"---the VM.

The third comment is from anthonysomerset:

is apache in your vhost configured to listen on the correct ports? this will work in bridged or nat mode, also check any firewall rules in the guest and that network access works out of the guest as well.

So:
- this will work in bridged or NAT
- make sure the Listen directive is correct
- check the firewall
- check that network access works out of the guest

The guest is set up to listen on port 80. That is the standard port set up in Apache. I wrote a Python script to filter comments (filter.py) and do:

python filter.py /etc/apache2/apache2.conf

Include mods-enabled/*.load
Include mods-enabled/*.conf
Include httpd.conf
Include ports.conf
..
Include conf.d/
Include sites-enabled/


So there are lots of places to look for possible conflicts! Luckily, httpd.conf is empty. ports.conf:

..
NameVirtualHost *:80
Listen 80
..


I'm not quite sure about the first one, but the Listen part is correct.

Firewall rules are here (at least, some are):

te@VB:/etc/apache2/sites-available$ python ~/Desktop/filter.py default
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
# Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
..


Skipping the script stuff, this has been edited from my previous rule restricting access to go back to Allow from all.

About checking network access from the guest: if he means accessing a server on the host machine, I haven't tried that yet. But of course, Firefox works.

So, out of all this, the only thing I can see is that I don't know what this stuff is about.

NameVirtualHost *:80
<VirtualHost *:80>


I tried switching from Wi-Fi to Ethernet in the host, but that didn't help.

I'm going to have to look through all the other posts related to this topic. But it seems like it's getting to be too hard, after all, I used VirtualBox to make things easy.