Able to ping but unable to access web server running in guest VM

Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. 
linux networking
add a comment |Â
up vote
1
down vote
favorite
In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. 
linux networking
1
seems firewall related...but then it is your infra-structure. We wont be able to help much.
â Rui F Ribeiro
Jan 5 at 17:06
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. 
linux networking
In my network setup below, I'm able to ping guest vm1 from my external client machine. But, I can't access apache web server running in guest vm1 from my external client. I'm able to ping after updating the routing table in my physical router to route traffic for guest vm network but accessing webserver doesn't work. Please help to figure out the issue. Hypervisor is KVM and used open vSwitch for for bridging. 
linux networking
asked Jan 5 at 16:58
jkstar
111
111
1
seems firewall related...but then it is your infra-structure. We wont be able to help much.
â Rui F Ribeiro
Jan 5 at 17:06
add a comment |Â
1
seems firewall related...but then it is your infra-structure. We wont be able to help much.
â Rui F Ribeiro
Jan 5 at 17:06
1
1
seems firewall related...but then it is your infra-structure. We wont be able to help much.
â Rui F Ribeiro
Jan 5 at 17:06
seems firewall related...but then it is your infra-structure. We wont be able to help much.
â Rui F Ribeiro
Jan 5 at 17:06
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.
Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.
Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
add a comment |Â
up vote
0
down vote
You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.
Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.
Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.
You're saying that the .1.6 client has ICMP connectivity to the .100.1 VM, but cannot send a TCP SYN port 80 packet there. Or at least, client never hears the SYN ACK.
Sounds like inbound NAT filtering, especially if VM1 can do outbound ping or TCP connects to your windows client. Verify with tcpdump on the debian host and also on VM1.
answered Jan 6 at 22:52
J_H
26113
26113
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
add a comment |Â
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
ICMP connectivity is there but seems TCP is not working.As you suggested, I will look into tcpdump on debian host and VM1. Thank you.
â jkstar
Jan 7 at 9:11
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
I ran tcpdump on router VM and VM1. The tcpdump of both shows only one packet that is coming from external client. There is no response from VM1. I've checked the firewall of router VM and VM1. They accept all connections by default. There is no rule to reject any connection.
â jkstar
Jan 11 at 6:09
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f415030%2fable-to-ping-but-unable-to-access-web-server-running-in-guest-vm%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
seems firewall related...but then it is your infra-structure. We wont be able to help much.
â Rui F Ribeiro
Jan 5 at 17:06