No network connection between 2 VMs possible

[dmuensterer]

Describe the issue
There is no ethernet connection between multiple VMs possible. Both VMs are in the same subnet. I have tried host-only as well as the bridged mode. Is this expected behaviour? What is the suggested configuration to have multipl VMs with static IP addresses communicate with each other?

Configuration

• UTM Version: latest
• macOS Version: Monterey 12.6
• Mac Chip (Intel, M1, ...): M1

[conath]

Thanks for reporting this use case. I am unsure if this has been tested.

You should be able to communicate between VMs in Shared Network mode, or by using emulated VLAN with port forwarding.

[evan314159]

Problem occurs on:

UTM Version: 4.1.5 Platform: Apple Silicon (M2) Guest: Ubuntu 22.04 Virtualisation: Apple Network: shared Symptom: tcpdump shows that VM1 attempts to ARP for VM2 and receives no response

Inter-VM networking works as expected with:

• Apple virtualisation with bridged network
• QEMU with shared network

I did not try QEMU with bridged network.

[ea1363]

I'm able to reproduce this issue on my system UTM Version: 4.1.5 Platform: Apple Silicon (M1 Pro) Guest: Oracle Linux 9.1 Virtualization: Apple Network: Shared

Same symptoms as evan314159 commented. VM1 cannot ping VM2 and vice versa. Both VM1 and VM2 can reach the internet. When the VMs ping each other, tcpdump running on the host shows the VMs doing a "who has" arp request but no reply. When the VMs ping the host or the host ping's the VMs, the "who has" arp request receives a reply.

[TensaCoder]

Even I'm facing a similar issue.

UTM Version: 4.1.5 Platform: Apple Silicon (M1 MacBook Air) Guest: Kali Linux Virtualization: Apple

When I'm trying to setup a penetrative testing lab environment on UTM with VM1 connected to the internet and a separate network which is isolated from the internet to perform the tests. But on trying all the network options(Emulated VLAN, Shared Network, Host Only, Bridged), I am unable to ping VM2(isolated/attacked) from VM1(attacker) and vice versa.

Is there any work around I could use to create an isolated environment for penetrative testing with all my VMs in the network. Any help is really appreciated. Thanks.

[dragos-bth]

I have the same issue: neither shared network nor host-only network allows two VMs in the same subnet to communicate.

UTM MacOS: 4.2.5 (81) Platform: Apple Silicon (MacBook Pro M1), MacOS Ventura 13.3.1 Guest: Ubuntu Server ARM 22.04.2 Architecture: ARM64 (aarch64) System: QEMU 7.2 ARM (alias of virt-7.2) (virt) Emulated network card; virtio-net-pci Guest network: 192.168.168.0/24 Guest network (IPv6): empty

Ubuntu configured to use static IP addresses: 192.168.168.10 (VM1) and 192.168.168.11 (VM2)

Strangely I can see ARP requests in shared network mode, but not in host-only.

On the host side (MacOS) I can see that a bridge interface has been configured as shown below:

bridge106: flags=8a63<UP,BROADCAST,SMART,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 options=3<RXCSUM,TXCSUM> ether f6:d4:88:a6:c1:6a inet 192.168.168.1 netmask 0xffffff00 broadcast 192.168.168.255 inet6 fe80::f4d4:88ff:fea6:c16a%bridge106 prefixlen 64 scopeid 0x25 inet6 fdba:4e58:c314:466d:87:4b35:32ac:161a prefixlen 64 autoconf secured Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x0 member: vmenet6 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 35 priority 0 path cost 0 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active

[sarezas]

Even I'm facing a similar issue.

UTM Version: 4.1.5 Platform: Apple Silicon (M1 MacBook Air) Guest: Kali Linux Virtualization: Apple

When I'm trying to setup a penetrative testing lab environment on UTM with VM1 connected to the internet and a separate network which is isolated from the internet to perform the tests. But on trying all the network options(Emulated VLAN, Shared Network, Host Only, Bridged), I am unable to ping VM2(isolated/attacked) from VM1(attacker) and vice versa.

Is there any work around I could use to create an isolated environment for penetrative testing with all my VMs in the network. Any help is really appreciated. Thanks.

This is exactly what I am trying to do also. No success so far.

[dmuensterer]

I ended up switching to Parallels or VMWare. I don’t understand why this trivial usecase is still not possible in 2023.

[marcin-sucharski]

I think you could solve this issue by adapting solution from https://github.com/utmapp/UTM/issues/3238 (see this comment)

I think it might be safe default to not allow network access between VM-s: it is reasonable to assume that a user is running questionably trusted software inside one VM and having trusted data inside another. (Malicious software might access some http server on another VM etc.) But it should be configurable from the UI, not by manually changing NAT rules

[bakabruh]

I have also the same issue. Trying to set up my environnement to attack the metasploitable 2 with my kali machine. I tried to set differents kinds of network options like bridges or host only but the ifconfig command doesn't return me the ip adress.

[stevewatanabe]

Seeing the same issue:

UTM MacOS: 4.4.5 (94) Platform: Apple Silicon (MacBook Pro M1), MacOS 14.4.1 (23E224) - Sonoma Guest: Ubuntu 23.10