0

I'm having some issues with my deployment of the Cuckoo Sandbox. I have been unable to enable internet access for the VM via the hostonlyif, vboxnet0 and IPtables rules.

Here are some details regarding my configuration:

  • Host - Ubuntu 16.04LTS;
  • Host - hostonlyif (vboxnet0) is 192.168.56.1;
  • Guest - WindowsXP SP3;
  • Guest IP - Static at 192.168.56.19;

I can ping from Guest to Host and vice versa successfully. I am using the following IPtables commands, which are straight from the Cuckoo virtual networking documentation:

    iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
    iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    iptables -A POSTROUTING -t nat -j MASQUERADE

I am using iptables-save and iptables-restore commands to ensure I can reapply the rules after reboot.

All the documentation says that this should work, however, I am still unable to connect to the internet.

I have added a second adaptor using the bridged mode and was able to access the internet just fine, although Cuckoo didn't seem to want to use it, even after I edited the configuration files.

Does anyone have a clue as to how I might resolve this issue?

Kalavasos
  • 3
  • 2

1 Answers1

1

The iptables should really work.

Some more ideas:

  1. You should check if the guest is really configured to use 192.168.56.1 as a gateway.

  2. You should check your overall forwarding settings in the kernel to see whether it is not disabled for your vboxnet0 interface or overall:

    $ sysctl -a |grep -e '\.forwarding'
grochmal
  • 5,877
  • 4
  • 21
  • 31
Michal Ambroz
  • 311
  • 1
  • 5
  • Hi Michal - Thank you for taking the time to respond. I booted my Ubuntu host, restored the iptables, logged into the WinXP guest and took a shot in the dark by loading IE. – Kalavasos Oct 23 '16 at 01:37
  • (Accidentally hit enter). Suffice to say, the guest now seems to be able to access the internet, although for reasons I don't understand. I've been at this for weeks, pulling my hair out until someone suggested here and now I just feel like an amateur. Thank you for your time - I'll see if I can't close this off now. – Kalavasos Oct 23 '16 at 01:38
  • 1
    @MichalAmbroz - I've edited your comment-answer into a more-or-less full answer (e.g. removed all the "please post X" sentences). But really, asking for more info should be done as a comment (and you already have enough rep to add comments). – grochmal Oct 23 '16 at 02:12