I'm trying to use VirtualBox to set up an Ubuntu Linux VM to emulate the server I'm developing for. The server has three network interfaces.
On the server, there is a web page hosted by ng
and an instance of Mosquitto. We want these to be available from one interface, the management interface, but not the other two. We use a VRF to isolate the management interface.
The VirtualBox adapters are configured for:
- Adapter 1 - Host-only Adapter (this is intended to be the management interface). In the VM it is ensp0s3 with address 192.168.56.104.
- Adapter 2 - NAT. In the VM it is enp0s8 with address 10.0.3.15.
- Adapter 3 - NAT. In the VM it is enp0s9 with address 10.0.4.15.
On the host-only network, the host is 192.168.56.103.
In the VM I don't care about the isolation but I am running into a problem where I can't reach the web page from the host computer.
The web page is served by ng serve --host 0.0.0.0 --disable-host-check
and configuration puts it on port 4200. I understand that 0.0.0.0 to mean "all addresses".
lsof
shows:
$ sudo lsof | grep :4200
ng\x20ser 30802 root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30803 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30804 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30805 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30806 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30807 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30808 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30916 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30917 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30918 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30919 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
netstat
and ss
show similar open bindings:
$ sudo netstat -tln | grep :4200
tcp 0 0 0.0.0.0:4200 0.0.0.0:* LISTEN
$ sudo ss -tln | grep :4200
LISTEN 0 511 0.0.0.0:4200 0.0.0.0:*
But trying to navigate to http://192.168.56.104:4200
in a browser on the host computer gives "connection refused."
I know it's not an issue with network reachability because
- I can
ping
the VM from the host - I can
ssh
into the VM from the host - If I do
watch -n 1 "ifconfig enp0s3"
in the VM I see the counters increment a few packets each time I refresh the browser.
In the VM, curl http://0.0.0.0:4200
and curl http://127.0.0.1:4200
both return the page but curl http://192.168.56.104
says:
curl: (7) Failed to connect to 192.168.56.104 port 4200: Connection refused
I don't seem to be blocked on the VM because sudo ufw status
says "Status: inactive" and sudo iptables-save
says:
# Generated by iptables-save v1.8.4 on Tue Nov 29 14:13:18 2022
*filter
:INPUT ACCEPT [160:15704]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [219:23422]
-A FORWARD -m physdev --physdev-in enp0s8 --physdev-out enp0S9 -j ACCEPT
-A FORWARD -m physdev --physdev-in enp0S9 --physdev-out enp0s8 -j ACCEPT
COMMIT
# Completed on Tue Nov 29 14:13:18 2022
I might think this was some odd ng
thing but I see the same failures with a MQTT broker in the VM.
So, when bound to 0.0.0.0, why can't I use the "real" IP address from a browser on the host or with curl
on the VM?
ssh
to it from the host. The VM can also ping itself by IP (192.168.56.104) but notcurl
to that address. I'm only concerned about access from the host, not an any external system.sudo ufw status
says "Status: inactive"