Able to ping but unable to access web server running in guest VM

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. enter image description here







share|improve this question
















  • 1




    seems firewall related...but then it is your infra-structure. We wont be able to help much.
    – Rui F Ribeiro
    Jan 5 at 17:06














up vote
1
down vote

favorite












In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. enter image description here







share|improve this question
















  • 1




    seems firewall related...but then it is your infra-structure. We wont be able to help much.
    – Rui F Ribeiro
    Jan 5 at 17:06












up vote
1
down vote

favorite









up vote
1
down vote

favorite











In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. enter image description here







share|improve this question












In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. enter image description here









share|improve this question











share|improve this question




share|improve this question










asked Jan 5 at 16:58









jkstar

111




111







  • 1




    seems firewall related...but then it is your infra-structure. We wont be able to help much.
    – Rui F Ribeiro
    Jan 5 at 17:06












  • 1




    seems firewall related...but then it is your infra-structure. We wont be able to help much.
    – Rui F Ribeiro
    Jan 5 at 17:06







1




1




seems firewall related...but then it is your infra-structure. We wont be able to help much.
– Rui F Ribeiro
Jan 5 at 17:06




seems firewall related...but then it is your infra-structure. We wont be able to help much.
– Rui F Ribeiro
Jan 5 at 17:06










1 Answer
1






active

oldest

votes

















up vote
0
down vote













You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.



Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.






share|improve this answer




















  • ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
    – jkstar
    Jan 7 at 9:11










  • I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
    – jkstar
    Jan 11 at 6:09










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f415030%2fable-to-ping-but-unable-to-access-web-server-running-in-guest-vm%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.



Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.






share|improve this answer




















  • ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
    – jkstar
    Jan 7 at 9:11










  • I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
    – jkstar
    Jan 11 at 6:09














up vote
0
down vote













You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.



Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.






share|improve this answer




















  • ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
    – jkstar
    Jan 7 at 9:11










  • I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
    – jkstar
    Jan 11 at 6:09












up vote
0
down vote










up vote
0
down vote









You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.



Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.






share|improve this answer












You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.



Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 6 at 22:52









J_H

26113




26113











  • ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
    – jkstar
    Jan 7 at 9:11










  • I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
    – jkstar
    Jan 11 at 6:09
















  • ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
    – jkstar
    Jan 7 at 9:11










  • I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
    – jkstar
    Jan 11 at 6:09















ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
– jkstar
Jan 7 at 9:11




ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
– jkstar
Jan 7 at 9:11












I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
– jkstar
Jan 11 at 6:09




I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
– jkstar
Jan 11 at 6:09












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f415030%2fable-to-ping-but-unable-to-access-web-server-running-in-guest-vm%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

Peggy Mitchell

The Forum (Inglewood, California)

Palaiologos