Ticket #11871 (closed defect: fixed)
NAT drops packets bigger than 388 byte towards guest
| Reported by: | luky37 | Owned by: | |
|---|---|---|---|
| Component: | network/NAT | Version: | VirtualBox 4.2.12 |
| Keywords: | mtu | Cc: | |
| Guest type: | all | Host type: | all |
Description
NAT mode does not work for me, because all packets bigger than 388 byte (IP packet length; 368 byte IP payload or 360 byte ICMP payload) are dropped.
The test is as simple as:
ping google.com -s 360 ping google.com -s 361
or on Windows guests:
ping google.com -l 360 ping google.com -l 361
The former (360 byte ICMP payload) works, while the latter (361 byte ICMP payload) doesn't.
I can reliably reproduce this with both Linux and Windows guests (32 and 64bit), on different hardware. The host always runs Windows Vista or Windows 7, both 64 bit. I did not test different host OS'.
This is with VirtualBox-4.2.12, but I can also reproduce this with the old VirtualBox-3.2.16.
The traffic of the testcase has been captured:
- nictrace.cap
- via the nictrace feature; it is clear that the answer packets do not reach the guests
- host-dump.cap
- via Wireshark on the host; all answer packets are seen (frame >= 25)
I have no clue why others don't see this behavior; on all my VirtualBox installations I see exactly this issue, and they are different installations on different hardware with different software.
Bridging mode works perfectly fine on those installations.
Attachments
-
VBox.log
(72.1 KB) -
added by luky37 10 years ago.
-
nictrace.cap
(14.4 KB) -
added by luky37 10 years ago.
-
host-dump.cap
(19.0 KB) -
added by luky37 10 years ago.
-
vbox-doc-win-nat-icmp-clarification.diff
(841 bytes) -
added by luky37 10 years ago.
- doc clarification patch
Change History
comment:1 Changed 10 years ago by Hachiman
What was initial problem (before you had gone down to ping diagnostic)? (please note: for Windows host ICMP isn't implemented in socket API, instead ICMP API used, which has own bottlenecks and couldn't be used as diagnostic tool).
comment:2 Changed 10 years ago by luky37
The initial problem was that my DNS servers are within the default NAT range 10.0.2.0/24, so the guest could never contact them. I erroneously concluded that DNS wasn't working because of MTU problems and I fixed it only now, by changing the NAT range in VirtualBox to something which doesn't conflict with my upstream DNS servers.
So if I understand this correctly, this is a known limitation impacting ICMP traffic only; when the host is Windows and NAT is used? Perhaps this should be made more clear in the manual?
Chapter 6, NAT limitations:
While ICMP support has been improved with VirtualBox 2.1 (ping should now work), some other tools may not work reliably.
I suppose we should add your statement from above:
Please note: for Windows hosts ICMP isn't implemented in socket API, instead ICMP API used, which has own bottlenecks and couldn't be used as diagnostic tool. This affects all guests.
Changed 10 years ago by luky37
-
attachment
vbox-doc-win-nat-icmp-clarification.diff
added
doc clarification patch
comment:3 Changed 10 years ago by luky37
Kindly requesting review of the attached doc patch. Thank you.
comment:4 follow-up: ↓ 5 Changed 8 years ago by frank
Actually we changed the implementation. Could you check if this build fixes the problem for you?
comment:5 in reply to: ↑ 4 Changed 8 years ago by luky37
I only check it now (no notifications possible here?) and the link doesn't work.
Should I wait for the next Virtualbox 4.3 release?
comment:6 Changed 8 years ago by frank
Re notifications: Check your email address in the preferences. Here is a new build.
