Vista - Networking - Loopback - Wincap

  • Carl Frederick

    Carl Frederick - 2008-06-15

    I have been runing coLinux on Windows XP for several years and mounting my XP drives from the Linux side using TAP.
    I am now trying to get it to work on Vista SP 1. $%#%^@#$^
    As TAP does not work (Blue Screen of Death), I upgrade to 4.02 of Wincap and tried to use the Microsoft Loopback adaptor.
    My Vista machine is, I set the loopback adapter to, coLinux is configured as
    I can ping the coLinux VM from Vista, but I can't ping Vista from coLinux. I also can't make any TCP/IP connections from Linux to Vista. I see an ARP entry in coLinux for the adaptor, I see the packet count increasing in Linux both sent and received, but linux does not seem to pass this on to the application. I even upgrade to 0.7.3 of coLinux with exactly the same result.

    The linux kernel is: colinux #1 PREEMPT

    Any suggestions would be appreciated. Remember the kernel still works under XP and I need to be able to access my Vista drives from Linux.



    • Henry N.

      Henry N. - 2008-06-15

      TAP before version 8.4 have a problem with Vista. Here is an update: - The same version comes with coLinux 0.7.3.

      Perhaps Vista has blocked all incoming network requests, and you need to allow this in the firewall setup? Sorry, I don't have Vista running.

      An other idea: Use cofs for file sharing.
      Set "cofs=C:\SomePath" in your config, and inside coLinux mount it as "mount -t cofs cofs0 /windows".
      Details you will find in "cofs.txt" in your install directory of coLinux 0.7.3


    • visidarte

      visidarte - 2008-06-30

      I have been working on getting Vista and colinux to play nicely together this last month.  Your ping and TAP problems probably have separate causes.  I have some suggestions for the ping issue here and I'll follow up in another message about getting TAP and Vista to play nicely.

      For ping: 

      ping requires ICMP but Windows Vista configures its firewall by default to prevent incoming ICMP messages.  There is some MSDN documentation on how to turn it back on and even a nice checkbox in the advanced firewall configuration utility to turn on all message types, BUT this will not solve your problems.  Some of the key incoming ICMP message codes don't get turned on this way (sigh).  You can work around this by defining a custom inbound rule. (Click on Start orb, enter "Advan" in white box on bottom, click on "Windows Firewall with Advanced Security".  After UAC propmt and a wait, the configuration window will appear.  In right panel select inbound rules.  In left panel, select New Rule....  When prompted for rule type choose "Custom")

      In inbound rule, when you get to the "Protocols and ports" section of the wizard,  choose ICMPv4 as your protocol.  Then click the customize button on the bottom.  And (this is the important point), click on "Specific ICMP types" (***NOT*** "All ICMP types).  At the bottom see where it says Type: 0, Code: Any, and click on the Add button.  This is the only way to "really" turn on all ICMP codes.  The other Wizard rules you can fill in according to your liking. 

      If you want to do IPv6 pings, you will need to create a second rule choosing ICMPv6 as your rule.

      If you aren't a GUI/Wizard fan you can also use netsh (in a command prompt run as Administrator) to create the rules:

         netsh advfirewall firewall add rule ....

      For help replace ... with /?

         netsh advfirewall firewall add rule /?

      My rule is named "ICMP-v4-All" and when printed out with the "netsh advfirewall firewall show rule "ICMP-v4-All"

      Rule Name:                            ICMP-v4-All
      Enabled:                              Yes
      Direction:                            In
      Profiles:                             Domain,Private,Public
      LocalIP:                              Any
      RemoteIP:                             Any
      Protocol:                             ICMPv4
                                            Type    Code
                                            0       Any
      Edge traversal:                       No
      Action:                               Allow

      I hope this helps.

      • visidarte

        visidarte - 2008-06-30

        minor corrections to previous post
        * inbound rules on left, "New Rules..." on right

    • visidarte

      visidarte - 2008-06-30

      TAP (and slirp + TAP) can be made to work on Vista if one makes a few tweeks: three on the Vista side and one on the Colinux side.  TAP-Win32 sets up a point-to-point network and Vista is much fussier about the configuration of these things.  As this is a bit involved, I use a script to set up the TAP device (which I'm happy to share).

      Windows Vista side

      Unless you make it amply clear to Vista that the TAP device is point to point, Vista's firewall technology will insist that the TAP-Win32 device is a gateway to the public internet.  This has to be done by tweaking registry settings: Microsoft forgot to include these settings in the GUI to configure network interfaces. (see\). 

      Secondly, you will need to add a firewall rule to open up communication between colinux and Vista.  By default, Vista is set to refuse all incoming communication.  This is easiest to set up if both end points of the point to point connection have a static IP address. Just define a rule that uses the TAP device's IP as the local IP and the colinux node as a remote IP.  You can define the rule via Windows Firewall with Advanced Security or via an Administrator-mode command prompt using netsh.  My script uses a command that looks something like this:

          netsh advfirewall firewall add rule name=colinux dir=in action=allow profile=any protocol=any interfacetype=any localip=tapIP remoteip=colinuxIP description="all ports open between host and colinux"

      Obviously you would want to substitute your chosen IP addresses for "tapIP" and "colinuxIP".

      Which gets us to the third and final Vista side tweek: setting a static IP address for your TAP device. (The colinux side will be dealt with later).  Vista and earlier Windows operating systems have a backup to DCHP, APIPA, that automatically assigns IP addresses in the range when a DCHP server is unreachable and a dynamic address is requested.  Unfortunately, there is a rather old (4yrs!) bug in the TAP device that causes it get a 167 APIPA address even when you have used the Windows GUI or the netsh command line tool to assign a static IP address.  The TAP device ends up with 2! IP addresses and the static one always gets ignored in preference to the 167. APIPA address.

      The work around is to put the TAP device into always connected mode. (see\).  You can do this via either a GUI or command line.  The command line involves editing the registry and then restarting the device with tapcontrol.exe (found in the netdriver subdirectory of your colinux installation).  

      #1 Click on start orb
      #2 In white box on bottom, enter: "Control Panel\Network Connections"
      #3 When the Network connections window opens, right click on the tap device and choose properties
      #4 Click on the "Configure ..." button
      #5 Choose the Advanced tab
      #6 In left panel choose "Media Status"
      #7 In the value combo box on the right, choose "Always connected"
      #8 Hit OK until all dialogs are closed

      Once you have put the TAP device into always on mode, Vista will stop ignoring the TAP-WIn32 static IP address.  To assign a static IP address to the TAP device:

      #1-#3 same as above
      #4 In list of services, click on "Internet Protocol Version 4"
      #5 Below the list, click on "Properties"
      #6 Choose "Use the following IP address"
      #7 Fill in the IP address and netmask of your chosen IP address
      #8 Hit OK until all dialogs are closed

      Colinux side

      The colinux side also needs to know that the TAP device is point to point.  Otherwise colinux keeps trying to reach the internet via the tap device.  This causes intermittant problems with apt-get and anything else trying to reach the internet (verified by inspecting arp tables after each internet access attempt).

      Fortunately this is *a lot* easier to fix on the colinux side.
      # Open /etc/network/interfaces in an editor
      # In the stanza for configuring your TAP device, change "gateway" to "pointtopoint".
      # Save your changes

      That's it.  If you want immediate gratification (without rebooting colinux), use ifdown and ifup to restart the TAP network interface.

      Hope this helps.

      • Henry N.

        Henry N. - 2008-06-30

        Many thanks for all your details!



Log in to post a comment.