Menu
I'm trying to configure a simple network structure using Vagrant as depicted in the following figure:
As you can see I aim to simulate a hacker attack which goes from attacker through router and reaches victim, but that's not important for the problem I'm struggling with.
This is my Vagrantfile so far (VritualBox is used as provider):
Vagrant.configure("2") do |config|
config.vm.define "router" do |router|
router.vm.box = "hashicorp/bionic64"
router.vm.network "private_network", ip: "192.168.232.1"
router.vm.network "private_network", ip: "192.168.248.1"
router.vm.provision "shell", inline: <<-SHELL
sudo apt-get install traceroute
echo -e "\nnet.ipv4.ip_forward=1" >> /etc/sysctl.conf
SHELL
router.vm.provision :reload
end
config.vm.define "attacker" do |attacker|
attacker.vm.box = "hashicorp/bionic64"
attacker.vm.network "private_network", ip: "192.168.232.2"
attacker.vm.provision "shell",
inline: "sudo apt-get install traceroute"
attacker.vm.provision "shell",
run: "always",
inline: "sudo route add default gw 192.168.232.1"
end
config.vm.define "victim" do |victim|
victim.vm.box = "hashicorp/bionic64"
victim.vm.network "private_network", ip: "192.168.248.2"
victim.vm.provision "shell",
inline: "sudo apt-get install traceroute"
victim.vm.provision "shell",
run: "always",
inline: "sudo route add default gw 192.168.248.1"
end
end
Please note that I am using the vagrant-reload plugin so you have to install it before doing vagrant up
vagrant plugin install vagrant-reload
What the Vagrantfile does:
net.ipv4.ip_forward to 1 in router machineattacker machinevictim machineJust to confirm that enabling net.ipv4.ip_forward worked on router:
$ cat /proc/sys/net/ipv4/ip_forward
1
Unfortunately, I can't get it to work. When I try to ping 192.168.248.2 from the attacker machine then I get no response. Output from traceroute seems to be going through the router machine but it stucks there and never reaches victim:
traceroute to 192.168.248.2 (192.168.248.2), 30 hops max, 60 byte packets
1 legion (192.168.232.1) 0.300 ms 0.454 ms 0.439 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
Output from netstat -r on attacker machine:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default legion 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.232.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
I don't know why the new gateway I have added is named legion but I assume it's somehow taken from my laptop hostname (it's Lenovo Legion named as legion).
Output from netstat -r on victim machine:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default legion 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.248.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Output from netstat -r on router machine:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.232.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.248.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
Output from ifconfig on attacker machine:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 1271 bytes 129981 (129.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 926 bytes 141073 (141.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.232.2 netmask 255.255.255.0 broadcast 192.168.232.255
inet6 fe80::a00:27ff:fe5f:4829 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:5f:48:29 txqueuelen 1000 (Ethernet)
RX packets 20 bytes 1704 (1.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 137 bytes 10188 (10.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 16 bytes 1628 (1.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1628 (1.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Output from ifconfig on victim machine:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 973 bytes 101812 (101.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 725 bytes 111966 (111.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.248.2 netmask 255.255.255.0 broadcast 192.168.248.255
inet6 fe80::a00:27ff:fe98:9693 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:98:96:93 txqueuelen 1000 (Ethernet)
RX packets 6 bytes 486 (486.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 2812 (2.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 44 bytes 3574 (3.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44 bytes 3574 (3.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Output from ifconfig on router machine:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 1866 bytes 164707 (164.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1301 bytes 165459 (165.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.232.1 netmask 255.255.255.0 broadcast 192.168.232.255
inet6 fe80::a00:27ff:fe90:2720 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:90:27:20 txqueuelen 1000 (Ethernet)
RX packets 1 bytes 60 (60.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2466 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.248.1 netmask 255.255.255.0 broadcast 192.168.248.255
inet6 fe80::a00:27ff:fe3b:238b prefixlen 64 scopeid 0x20<link>
ether 08:00:27:3b:23:8b txqueuelen 1000 (Ethernet)
RX packets 2 bytes 120 (120.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2466 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 714 (714.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 714 (714.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Do you have any ideas on what could be wrong here? Maybe I'm missing something obvious.
779
You've got a redundant default gateway on victim and attacker called _gateway. You should delete it and leave only the one going to the router via eth1 interface.
194
answered Oct 19 '25 05:10
While the answer from @thejazzroot clearly pointed the root cause of my problem, it was not everything I had to do to make it work. For some reason, I was unable to ping victim from attacker (and the other way round) until I pinged one of those machines from router.
That was strange. Why would the network start working only after machines pinged each other? Now I've found an answer: vagrant automatically assigns host machine with the .1 IP in each subnet (so in my case it was 192.168.232.1 and 192.168.248.1). Unluckily, those are exactly the same IPs I assigned to my router VM and which attacker/victim machines have set as their gateways! So there were 2 machines with the very same IPs assigned and it seems that when attacker/victim was pinged from router then it somehow chose router over legion. Now it also makes sense where the legion name came from in the output of netstat -r.
TL;DR
I've changed the router IPs in both subnets because there was a conflict with IPs which vagrant automatically assignes to the host machine:
192.168.232.1 -> 192.168.232.10
192.168.248.1 -> 192.168.248.10
In case someone is looking for the full solution, I'm posting my final Vagrantfile here:
Vagrant.configure("2") do |config|
config.vm.define "attacker" do |attacker|
attacker.vm.box = "hashicorp/bionic64"
attacker.vm.network "private_network", ip: "192.168.232.2"
attacker.vm.provision "shell",
run: "always",
inline: <<-SHELL
ip route delete default
ip route add default via 192.168.232.1
SHELL
end
config.vm.define "victim" do |victim|
victim.vm.box = "hashicorp/bionic64"
victim.vm.network "private_network", ip: "192.168.248.2"
victim.vm.provision "shell",
run: "always",
inline: <<-SHELL
ip route delete default
ip route add default via 192.168.248.1
SHELL
end
config.vm.define "router" do |router|
router.vm.box = "hashicorp/bionic64"
router.vm.network "private_network", ip: "192.168.232.1"
router.vm.network "private_network", ip: "192.168.248.1"
router.vm.provision "shell",
inline: <<-SHELL
echo -e "\nnet.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
SHELL
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With