0

I have the network:

Computer A (MacOS) (192.168.0.10) <--(Wi-Fi)--> Computer B (Ubuntu) (192.168.0.15).

Computer A has VM (Kali) with NAT interface connection (172.16.219.128).

I want ping 172.16.219.128 (A's VM) from 192.168.0.15 (B).

I added route in 192.168.0.15 (B):

# route add -net 172.16.219.0 netmask 255.255.255.0 gw 192.168.0.10
# route
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default���        192.168.0.1     0.0.0.0         UG    600    0        0 wlp7s0
link-local      *               255.255.0.0     U     1000   0        0 wlp7s0
172.16.219.0    192.168.0.10    255.255.255.0   UG    0      0        0 wlp7s0
192.168.0.0     *               255.255.255.0   U     600    0        0 wlp7s0

# traceroute 172.16.219.128
traceroute to 172.16.219.128 (172.16.219.128), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * *^C

Of course, ping also not receive packets. I think computer B even tot send packets through gateway... why?

If I do "ping 172.16.219.128" from computer A it works very well.

P.S: When I change VM interface to Bridge adapter then computer B can ping it (of course, with new IP 192.168.0.20) without adding a route.

Improve this question
4
  • apple.stackexchange.com/questions/192089/…
    – Ipor Sircer
    Commented Nov 20, 2016 at 17:48
  • not really my situation
    – Alex Yeremenko
    Commented Nov 20, 2016 at 21:29
  • Have you enabled ip forwarding with sudo sysctl -w net.inet.ip.forwarding=1 sudo sysctl -w net.inet.ip.fw.enable=1?
    – Ipor Sircer
    Commented Nov 20, 2016 at 21:33
  • Hi, yes, I've enabled net.inet.ip.forwarding=1 and ping is working pretty good now, but I can't access VM by cURL either SSH... From MacOS to Kali it works.
    – Alex Yeremenko
    Commented Nov 20, 2016 at 22:12

1 Answer 1

Reset to default
1

A, running OSX is the router between the VM and B, and it's doing NAT for the VM: that means the VM's IP should never be seen on the wire(less) between A and B. So with this setup B shouldn't have any knowledge of 172.16.219.128 at all.

Either:

  • add port forwarding nat rules on A (with MacOS specific NAT commands, if A was running Linux that would mostly be DNAT rules with iptables) to have all or part of connections from B to A to be port-forwarded to the VM and forget about using the VM's IP on B. B will simply connect to A (or even to an other IP set aside for the VM, it all depends on A's NAT settings). Here's a page talking about port forwarding on MacOS: https://www.cyberciti.biz/faq/howto-configure-macosx-as-nat-router/ . I Didn't test it as I don't have any MacOS. It also seems last version switched tools (no natd anymore): https://apple.stackexchange.com/questions/192089/how-can-i-setup-my-mac-os-x-yosemite-as-an-internet-gateway

  • or change the VM setting to not use NAT at all, but basic routing: A, the router, knows routes to VM and to B, and you explicitely told B the route to the VM. So if only those three systems are concerned (and not the whole internet), there's no NAT needed for B to access the VM. I don't know if Wifi settings (instead of real ethernet) on A will give a problem.

Actually a mix of both would be best: some rules (still on A) adding exceptions to NAT, to not use NAT between VM and B only, because I suppose VM still needs internet. You'll have to figure those out. I'd say, using the example from apple.stackexchange above, you'd replace "to any" with "to ! 192.168.0.15" in the file called "nat-rules"

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .