I'm trying to use VirtualBox to set up an Ubuntu Linux VM to emulate the server I'm developing for. The server has three network interfaces.
On the server, there is a web page hosted by ng and an instance of Mosquitto. We want these to be available from one interface, the management interface, but not the other two. We use a VRF to isolate the management interface.
The VirtualBox adapters are configured for:
- Adapter 1 - Host-only Adapter (this is intended to be the management interface). In the VM it is ensp0s3 with address 192.168.56.104.
- Adapter 2 - NAT. In the VM it is enp0s8 with address 10.0.3.15.
- Adapter 3 - NAT. In the VM it is enp0s9 with address 10.0.4.15.
On the host-only network, the host is 192.168.56.103.
In the VM I don't care about the isolation but I am running into a problem where I can't reach the web page from the host computer.
The web page is served by ng serve --host 0.0.0.0 --disable-host-check and configuration puts it on port 4200. I understand that 0.0.0.0 to mean "all addresses".
lsof shows:
$ sudo lsof | grep :4200
ng\x20ser 30802 root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30803 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30804 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30805 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30806 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30807 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30808 node root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30916 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30917 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30918 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
ng\x20ser 30802 30919 ng\x20ser root 20u IPv4 330718 0t0 TCP *:4200 (LISTEN)
netstat and ss show similar open bindings:
$ sudo netstat -tln | grep :4200
tcp 0 0 0.0.0.0:4200 0.0.0.0:* LISTEN
$ sudo ss -tln | grep :4200
LISTEN 0 511 0.0.0.0:4200 0.0.0.0:*
But trying to navigate to http://192.168.56.104:4200 in a browser on the host computer gives "connection refused."
I know it's not an issue with network reachability because
- I can
ping the VM from the host
- I can
ssh into the VM from the host
- If I do
watch -n 1 "ifconfig enp0s3" in the VM I see the counters increment a few packets each time I refresh the browser.
In the VM, curl http://0.0.0.0:4200 and curl http://127.0.0.1:4200 both return the page but curl http://192.168.56.104 says:
curl: (7) Failed to connect to 192.168.56.104 port 4200: Connection refused
I don't seem to be blocked on the VM because sudo ufw status says "Status: inactive" and sudo iptables-save says:
# Generated by iptables-save v1.8.4 on Tue Nov 29 14:13:18 2022
*filter
:INPUT ACCEPT [160:15704]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [219:23422]
-A FORWARD -m physdev --physdev-in enp0s8 --physdev-out enp0S9 -j ACCEPT
-A FORWARD -m physdev --physdev-in enp0S9 --physdev-out enp0s8 -j ACCEPT
COMMIT
# Completed on Tue Nov 29 14:13:18 2022
I might think this was some odd ng thing but I see the same failures with a MQTT broker in the VM.
So, when bound to 0.0.0.0, why can't I use the "real" IP address from a browser on the host or with curl on the VM?
