CentOS and VirtualBox NAT Port Forwarding

In my recent experiments, and while preparing for my next post, I stumbled on problems when trying to forward ports of my CentOS Guest VM to my Mac OS based browser. For some reason, even if Port forwarding was properly configured, like so :

Virtual Box Port NAT port forwarding on CentOS
Virtual Box Port NAT port forwarding on CentOS

…my Host system browser could not connect to services on my VM, with the exception of SSH. The solution was simple, CentOS comes with default netfilters rules built-in. These rules allow outgoing trafic, and incoming SSH requests only. The firewall configuration needed to be changed. The simplest way to do so is to disable the firewall completely:

# Run as root !
# Flush (discard) all rules
iptables -F
# Save configuration permanently
/sbin/service iptables save

While this may be very good for VM usage, I don’t like to disable a whole firewall (I feel unclean afterwards when I do). Here is a more sensible solution, that could be a starting point for a more solid security setup :

#Again... as root !
#See config
iptables -L
#save config
iptables-save > /root/iptables-save.txt
#edit config (see below for example)
vim /root/iptable-save.txt
# flush + load config
iptables-restore < /root/iptables-save.txt
# Validate
iptables -L
# Save for good
/sbin/service iptables save

For reference, here is my iptable-save.txt file:

# Generated by iptables-save v1.4.7 on Thu Jul 24 08:28:03 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [471:1082248]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 7222 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8777 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Thu Jul 24 08:28:03 2014

It should work immediately, but to test the “iptables-restore”, you should reboot. Main reference: https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s1-iptables-saving.html http://wiki.centos.org/HowTos/Network/IPTables

3 thoughts on “CentOS and VirtualBox NAT Port Forwarding”

  1. Am trying to solve this problem from within Windows 10 using VirtualBox 5.1.4 and CentOS Linux 7 (Core).

    I could be wrong but it seems the firewall software in this CentOS version is now:

    firewalld

Comments are closed.