Opened 12 years ago
Closed 9 years ago
#10525 closed defect (fixed)
Outbound connect(2) failures are not propagated to guest correctly => Fixed in SVN
| Reported by: | reidpr | Owned by: | |
|---|---|---|---|
| Component: | network/NAT | Version: | VirtualBox 4.1.12 |
| Keywords: | ICMP | Cc: | |
| Guest type: | Linux | Host type: | Mac OS X |
Description
Steps to reproduce (see also notes below):
- Install a Debian Wheezy 64-bit guest on a Mac OS 10.7 host.
- Configure a NAT network interface.
- Install links in the guest.
- Locate a server which gives a "destination unreachable" error when pinged from the host.
- Inside the guest, try to use links to access that server: "links http://example.com".
Expected behavior:
- links immediately displays a "connection refused" error (i.e., the same as what the host does)
Actual behavior:
- links waits until the connection times out and then displays a timeout error
- netstat shows the connection in SYN-SENT state until timeout
Workaround:
- Packets to the host in question can be rejected inside the guest, e.g. "route add -host x.y.z.w reject".
Notes:
- I hypothesize that the ICMP packet reporting the problem is not being passed to the guest.
- I suspect the precise details of which Linux are installed as the guest aren't important.
- I also suspect the problem can be reproduced with a simple connection refused from a reachable server, e.g. "http://google.com:9999".
- See also https://forums.virtualbox.org/viewtopic.php?f=8&t=48644
Thanks for your hard work on VirtualBox!
Change History (4)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
| Summary: | ICMP packets aren't being copied from host to guest under NAT → NAT doesn't report all socket errors to guest via ICMP |
|---|
comment:3 by , 9 years ago
| Summary: | NAT doesn't report all socket errors to guest via ICMP → Outbound connect(2) failures are not propagated to guest correctly => Fixed in SVN |
|---|
The fix for reporting connect(2) failures to guest as either TCP RST (connection refused) or ICMP (unreachable) has been committed to 4.3 branch.
Problems with handling of inbound RST for established connections is covered by #11696.
Note:
See TracTickets
for help on using tickets.
I am also seeing this behaviour. ICMP "destination unreachable" packets are dropped between the host and the guest. I have observed it for NAT and host only networks.
In my opinion this is not a problem with the guest network configuration / packet filtering. My host and guest networks are configured in an almost identical manner, the guest shows this problem but the host does not.
I have also observed this behaviour in the below configuration (where clearly the host and guest networks cannot be configured too similarly).