Port forwarding with VZVmnetNetworkDeviceAttachment

Question

Created 4d

Replies 7

Boosts 0

Participants 2

I have the following code for port forwarding in mac os virtualization

        var ipAddr = in_addr()
        
        // 1. Convert String to in_addr
        inet_pton(AF_INET, guestIP, &ipAddr)
        
        let status = vmnet_network_configuration_add_port_forwarding_rule(
            config,
            UInt8(IPPROTO_TCP),                        // TCP protocol
            sa_family_t(AF_INET),     // address family
            guestPort,                // internal port (guest)
            externalPort,             // external port (host)
            &ipAddr                   // internal address (guest IP)
        )
        
        if status == .VMNET_SUCCESS {
            print("✅ Port Forwarding set: Mac:\(externalPort) -> VM(\(guestIP)):\(guestPort)")
        } else {
            print("❌ Port Forwarding failed for \(guestIP): \(status.rawValue)")
        }

It is returning success but when i test it it does not work. Is there anything i am doing wrong? Please help me also in fixing this problem. Note: The app runs in sandbox i tried without sandboxing and it does not work either. Please refer to this link https://developer.apple.com/forums/thread/822025?login=true&page=1#884236022 how i am creating the VZVmnetNetworkDeviceAttachment

Answered by DTS Engineer in 884854022

Wow. that worked.

Cool.

The good news is that this confirms a theory that was raised during my discussion of your issues with the vmnet team. The bad news is that this is a known limitation of vmnet (FB7731708).

We hope to fix it sooner rather than later, but I don’t have any concrete timeline to share.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

3d

Is there anything i am doing wrong?

It’s hard to say without more context. Specifically:

What network have you assigned to the interface?
Has the guest successfully acquired an IP address?
Does that IP address match the IP address you’re passing in here (ipAddr)?
What value as you using for guestPort?
Are you sure that the guest is listening on the port? If you run a command on the guest to connect to it’s IP address and port (so ipAddr and guestPort), does that go through?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

rbmanian75 OP

3d

ard to say without more context. Specifically:

The guest acquiring the ip address correct for test i have created web server on the guest listen on port 5264 when i try to acces the port directly with the ip address of the guest it is working. i can reach the guest ip from the host with the port 5264. so i forward port 8000 of host as external port in the sample code what i have provided and i access http://localhost:8000 on the host and it does not work. Hope i have give enough details.

0

Answer 3

DTS Engineer OP

Apple

2d

Thanks for the clarification.

Before we get further into this, I want to better understand the big picture. I’m already talking with you about this in your other thread. I’m going to follow up there shortly [1]. Once we drive that to a conclusion, I can come back here if necessary.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Well, it’s be in an hour or so, because right now it’s lunchtime!

0

Answer 4

rbmanian75 OP

1d

I tried to manually port forward using pfctl temporarily and found that it also does not work for the scenario. But i found that reaching http://guestip:port worked fine. not sure is there any check i have to do at os level to make it work.

0

Answer 5

DTS Engineer OP

Apple

1d

I’ve been discussing your issue with the vmnet folks and I think I have a handle on what’s going on here. However, I want to run some things past you before I say anything definitive.

Consider this setup:

---+--------+--------- Wi-Fi to Internet
   |        |
host Mac    X
   |
---+---+-------------- vmnet
       |
    guest VM

My understanding is that software running on the host Mac is unable to connect to a server running on the VM via the public port (8000), even though you have forwarding configured in vmnet. Have you tried doing the same from some other machine on the host’s network, so X in this case?

Well, using the host Mac’s Wi-Fi IP address, obviously, not using localhost (-:

Also, you wrote:

But i found that reaching http://guestip:port worked fine.

Is that when only using the API? Or with pfctl hackery?

If it’s the latter, I’d appreciate you concentrating on the former, because that’s the only thing we support [1].

Assuming you do this this with the API, what is port in this example? 8000? Or 5264?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] See TN3165: Packet Filter is not API.

0

Answer 6

rbmanian75 OP

1d

My understanding is that software running on the host Mac is unable to connect to a server running on the VM via the public port (8000), even though you have forwarding configured in vmnet. Have you tried doing the same from some other machine on the host’s network, so X in this case?

Wow. that worked. If i try to access from computer x in my host network with the ip address of the host:8000 it worked. when i try the same in the host itlsef with localhost or host ip it is not working. Is this is the way by design. Why it is not working if i do it from the host itself strange. Do i need to make some changes for this to work. Please enlighten me. thank you very much

Now i know the port forwarding api is working as exected witht the limitation of not able to access the public port 8000 from the host itself.

0

Answer 7

DTS Engineer OP

Apple

10h

Recommended

Wow. that worked.

Cool.

The good news is that this confirms a theory that was raised during my discussion of your issues with the vmnet team. The bad news is that this is a known limitation of vmnet (FB7731708).

We hope to fix it sooner rather than later, but I don’t have any concrete timeline to share.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0