NAT lost RST packet on Windows host - and then silently drops packets
It appears that the VirtualBox NAT is somehow dropping or mishandling TCP packets in some circumstances. After the RST packet is not passed to the client for a connection, then the NAT seems to drop packets from the guest for that connection (causing timeouts, rather than immediate failure).
Set up a windows host and a windows guest, with the guest configured to use a NAT network.
First lets see what happens normally buy navigating to http://appserver1.timefiler.com/vbox_nat_fail.html using IE on the guest, click the "retry after 3 minutes" and see that you get a "Fetched 2" message at the 3 minute timeout.
To see it fail, open http://appserver1.timefiler.com/vbox_nat_fail.html in Chrome on the guest, click the "retry after 3 minutes" and at the 3 minute mark the response div goes blank because no reply occurs.
- I could only repeat using a windows host (problem found on Windows 7 host, Windows host, but no problem when using an Ubuntu 8.04 LTS host).
- I could repeat the problem on different guests (tested with Windows XP guest, Windows 7 guest, Windows 8 guest, Debian guest).
- The problem only occurs when using Chrome or Chromium browser on the guest (Other browsers work fine because they don't seem to cause the RST packet from the web server - I presume due to different keep-alive implementations such as timeouts).
- Don't use an http proxy (different keep-alive implementation).
- I repeated this problem on two different internet connections, on my work network using a wired LAN, and secondly on my mobile network using USB tethering. (And only one connection was active at one time, the other was disconnected).
This looks like a VirtualBox NAT problem to me, not a problem in Chrome.
I have included two files showing the relevant extract of the virtualbox nictrace from the guest "swan" ( file swan-nictrace-on-weka.pcap - IP address of guest on vbox subnet is 10.0.3.15 ) and a wireshark trace on the host "weka" ( file wireshark-on-weka.pcap - IP address of the host is 192.168.42.8 ). appserver1.timefiler.com is on 18.104.22.168
The important packets are:
A) Packet 28 on the host in wireshark-on-weka.pcap - the RST packet is not passed into the guest.
B) Packet 15 on the guest in swan-nictrace-on-weka.pcap - the HTTP packet of length 1031 to 22.214.171.124 never shows up in the host log.
C) Packet 16 on the guest in swan-nictrace-on-weka.pcap - where does the TCP ACK=1954 message come from? In the host log it can be seen that it doesn't come from 126.96.36.199.
In the logs you can see I manually send a ping to 188.8.131.52 shortly before and shortly after a successful HTTP message, and a ping to 184.108.40.206 shortly after the failed HTTP message.