VirtualBox

Ticket #1247 (closed defect: fixed)

Opened 1 year ago

Last modified 7 months ago

ping doesn't work with NAT network interfaces

Reported by: bvassche Assigned to:
Priority: major Component: network
Version: VirtualBox 1.5.6 Keywords:
Cc: Guest type: other
Host type: other

Description

Run a Windows XP guest on a Linux host, and configure the network interface as NAT. In the guest, run a ping command to a live host.

Expected: Windows guest reports that the host is alive.

Actual result: Windows guest reports that the request timed out.

Technical background: VirtualBox NAT translates the outgoing ICMP request in an UDP echo request (port 7). If the echo service is not enabled on this host (which is e.g. the case on OpenSolaris? servers), that host will send back an ICMP error (destination unreachable). VirtualBox does not translate this ICMP error into an ICMP response for the guest. This can be easily verified by running Wireshark simultaneously on the guest OS and on the host OS.

Attachments

host.snoop (320 bytes) - added by bvassche on 2008-02-26 10:33:41.
guest.snoop (114 bytes) - added by bvassche on 2008-02-26 10:34:01.

Change History

2008-02-26 10:33:41 changed by bvassche

  • attachment host.snoop added.

2008-02-26 10:34:01 changed by bvassche

  • attachment guest.snoop added.

2008-02-26 14:58:26 changed by Fenix*NBK*

Yea, this bug came from the Qemu codebase.

This is because ICMP protocol, unlike TCP or UDP, has no "ports".

Technically it can be resolved, by doing NAT map, based on the "ICMP message number" rather than TCP/UDP port.

This way first stream may start with ICMP message #0, second stream may start with ICMP message #1000, and so on... so the NAT logic will have to remember map of all those things.

-Technologov

2008-02-26 16:09:57 changed by klaus

Attributing this "bug" to QEMU doesn't isn't really accurate. It's slirp which has that what you call bug. Both VirtualBox and QEMU use slirp as their NAT engine, because it's so nicely portable.

The hinted solution however doesn't get us anywhere. I've read the relevant documentation up and down, and there is simply no way of receiving (leave alone sending, that would make the whole discussion redundant) ICMP messages from a process not running with root privileges. Which is something we resisted so far. So unless I'm completely wrong there (if I am please let me know), the suggestions are not implementable.

2008-02-26 17:55:08 changed by bvassche

Do you know that it is possible to detect asynchronous errors (=ICMP errors) on connected UDP sockets from userspace ? See also Unix Network Programming: The Sockets Networking API (R. Stevens), pages 252-253.

2008-02-26 18:11:45 changed by klaus

I know. But this is getting way too indirect for my taste, especially as the "destination unreachable" ICMP is pretty unreliable outside your nice and cozy LAN. Another aspect is that the slirp code will get even more complicated, because it requires distinguishing between UDP initiated by guests or by guest ICMP.

Just to fake success for ICMP echo which doesn't always work either. So far I'm not thrilled to say the least.

2008-03-08 17:38:40 changed by xt4mhz

Hi guys.

I read this information from VirtualBox Manual.

Probably this is not a but, just the way it works.

"By default, virtual network cards are set up to use network address translation, which is well suited to standard networking needs (accessing the Internet from programs running in the guest and providing network services for machines in a local intranet). In particular, if all you want is to browse the Web, download files and view e-mail inside the guest then the default configuration of the NAT network should be sufficient for you, and you can safely skip the rest of this section. Please note that the ping utility does not work over NAT, and that there are certain limitations when using Windows file sharing." Source: Page 58 from Innotek VirtualBox User Manual. Version 1.5.4. December 29 2007.

2008-07-09 22:50:55 changed by frank

  • owner changed.
  • component changed from other to network.

2008-12-17 13:55:37 changed by sandervl73

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in 2.1.

© 2009 Sun Microsystems, Inc.
ContactPrivacy policy