ufw portforwarding to virtualbox guest

Posted by user85116 on Server Fault See other posts from Server Fault or by user85116
Published on 2012-02-06T16:20:56Z Indexed on 2012/03/24 17:31 UTC
Read the original article Hit count: 672

Filed under:
|
|

My goal is to be able to connect using remote desktop on my desktop machine, to windows xp running in virtualbox on my linux server.

My setup:

  • server = debian squeeze, 64 bit, with a public IP address (host)
  • virtualbox-ose 3.2.10 (from debian repo)
  • windows xp running inside VBox as a guest; bridged networking mode in VBox, ip = 192.168.1.100
  • ufw as the firewall on debian, 3 ports are opened: 22 / ssh, 80 / apache, and 3389 for remote desktop

My problem: If I try to use remote desktop on my home computer, I am unable to connect to the windows guest. If I first "ssh -X -C" into the debian server, then run "rdesktop 192.168.1.100", I am able to connect without issue. The windows firewall was configured to allow remote desktop connections, and I've even turned it off (as it is redundant here) to see if that was the problem but it made no difference.

Since I am able to connect from inside the local subnet, I suspect that I have not setup my debian firewall correctly to handle connections from outside the LAN. Here is what I've done...

First my ufw status:

ufw status                                                                                                   
Status: active                                                                                                                          

To                         Action      From                                                                                             
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
3389                       ALLOW       Anywhere

I edited /etc/ufw/sysctl.conf and added:

net/ipv4/ip_forward=1

Edited /etc/default/ufw and added:

DEFAULT_FORWARD_POLICY="ACCEPT"

Edited /etc/ufw/before.rules and added:

# setup port forwarding to forward rdp to windows VM
*nat
:PREROUTING - [0:0]

-A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.100
-A PREROUTING -i eth0 -p udp --dport 3389 -j DNAT --to-destination 192.168.1.100

COMMIT

# Don't delete these required lines, otherwise there will be errors
*filter

<snip>

Restarted the firewall etc., but no connection.

My log files on the debian host show this (my public ip address was removed for this posting but it is correct in the actual log):

Feb  6 11:11:21 localhost kernel: [171991.856941] [UFW AUDIT] IN=eth0 OUT=eth0 SRC=aaa.bbb.ccc.dd DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27518 DF PROTO=TCP SPT=54201 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb  6 11:11:21 localhost kernel: [171991.856963] [UFW ALLOW] IN=eth0 OUT=eth0 SRC=aaa.bbb.ccc.dd DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27518 DF PROTO=TCP SPT=54201 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb  6 11:11:24 localhost kernel: [171994.856701] [UFW AUDIT] IN=eth0 OUT=eth0 SRC=aaa.bbb.ccc.dd DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27519 DF PROTO=TCP SPT=54201 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb  6 11:11:24 localhost kernel: [171994.856723] [UFW ALLOW] IN=eth0 OUT=eth0 SRC=aaa.bbb.ccc.dd DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27519 DF PROTO=TCP SPT=54201 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb  6 11:11:30 localhost kernel: [172000.856656] [UFW AUDIT] IN=eth0 OUT=eth0 SRC=aaa.bbb.ccc.dd DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27520 DF PROTO=TCP SPT=54201 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb  6 11:11:30 localhost kernel: [172000.856678] [UFW ALLOW] IN=eth0 OUT=eth0 SRC=aaa.bbb.ccc.dd DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27520 DF PROTO=TCP SPT=54201 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 

Although this is the current setup / configuration, I've also tried several variations of this; I thought maybe the ISP would be blocking 3389 for some reason and tried using different ports, but again there was no connection.

Any ideas...? Did I forget to modify some file somewhere?

© Server Fault or respective owner

Related posts about virtualbox

Related posts about port-forwarding