VirtualBox

Ticket #13292 (closed defect: fixed)

Opened 5 years ago

Last modified 18 months ago

NAT doesn't work in 4.3.14, works fine after downgrading to 4.3.12

Reported by: NunoF Owned by:
Component: network/NAT Version: VirtualBox 4.3.14
Keywords: Cc:
Guest type: Linux Host type: Windows

Description

The host is Win7 64 bit, and tried several different linux guest machines. When configured as NAT, ping worked to any internet or LAN IP address but any UDP or TCP connection failed with Network unreachable.

Those same guest machines worked fine when the networking was configured as bridged.

What kind of information may I provide to help you with this?

By the way, originally I posted the problem to the forums to this thread  https://forums.virtualbox.org/viewtopic.php?f=6&t=63098.

Attachments

mydump.dat Download (22.6 KB) - added by Kouen22 5 years ago.
tcpdumped while mtr host system working with wireshark
filelogs.zip Download (3.0 KB) - added by Kartoffelbrei 5 years ago.
Information for Nat Problem - pcap and networkfiles
NAT-Log-extended.zip Download (53.4 KB) - added by Kartoffelbrei 5 years ago.
the extended logging with NAT on a 4.3.16.
VBoxStartup.zip Download (24.7 KB) - added by lucatruf 5 years ago.
VBoxStartup.log file
VBoxStartup.2.zip Download (42.5 KB) - added by Buehlerra 5 years ago.
Here my VBoxStartup.log file
VBox.zip Download (23.1 KB) - added by Giangi 4 years ago.
for comment 42 https://www.virtualbox.org/ticket/13292#comment:42
VBoxHardening.zip Download (29.8 KB) - added by Giangi 4 years ago.
for comment 42 https://www.virtualbox.org/ticket/13292#comment:42

Change History

comment:1 follow-up: ↓ 2 Changed 5 years ago by vushakov

Please, can you provide a packet capture of a failed udp/tcp connection? Ideally both from the guest and from the host.

comment:2 in reply to: ↑ 1 Changed 5 years ago by NunoF

I'll try to get the traces, but as I now have v4.3.12 installed and need it daily for work it may take a few days.

comment:3 Changed 5 years ago by philbarr

Problem is also in 4.3.15. I will also try to post a trace later.

comment:4 Changed 5 years ago by frank

We are still interested in a packet trace. Preferably from VBox 4.3.16 (just released).

comment:5 Changed 5 years ago by jianglai

I also have this problem. Windows 8.1 host & Linux guest. Can someone direct to instructions on how to do a packet capture?

comment:6 Changed 5 years ago by vushakov

Please provide output from your guest

ifconfig -a
netstat -rn

and from your host

ipconfig /all
netstat -rn

In your Linux guest install wireshark package (some distributions have separate package for the wireshark gui, you want that one too). You can get wireshark for Windows from  https://www.wireshark.org/download.html

Start wireshark in your guest and start capture on your NAT interface (eth0, most likely). Start wireshark on the host and start capture on "pseudodevice that captures on all interfaces".

Make your connection from the guest. After it failed, stop the captures and save them. File type: wireshark pcapng.

Last edited 5 years ago by vushakov (previous) (diff)

comment:7 follow-up: ↓ 8 Changed 5 years ago by Kartoffelbrei

I also have this problem.. It only works when i configure Network Bridge.

I Wiresharked in the Win7-64bit host with 4.3.16. and and tcpdumped in the guest (Ubuntu 14.04 LTS SR 1) with guestadditions installed.

HTTP Requests:

I see Syn Packages going out in the guest but they remain unanswered. Also there is a routing problem that the guest cant reach the target net "ICMP net 192.168.100.5 unreachable" I also noted that, when i ask for the routes with the command route it takes up to a minute to get me the route. Maybe here is a problem with the routing. Here is the Log from tcpdump:

09:00:09.843038 IP 10.0.2.15.43064 > 192.168.100.5.80: Flags [S], seq 2368256494, win 29200, options [mss 1460,sackOK,TS val 4294941447 ecr 0,nop,wscale 7], length 0
09:00:09.843510 IP 10.0.2.2 > 10.0.2.15: ICMP net 192.168.100.5 unreachable, length 36
09:00:11.850974 IP 10.0.2.15.43065 > 192.168.100.5.80: Flags [S], seq 941799117, win 29200, options [mss 1460,sackOK,TS val 4294942050 ecr 0,nop,wscale 7], length 0
09:00:11.851721 IP 10.0.2.2 > 10.0.2.15: ICMP net 192.168.100.5 unreachable, length 36

In the Host System i cant see any of the traffic. It just doesnt show up.

Ping Request:

I see normal packages in the guest I see the packages in the host with my host adress and the target adress It works fine!

If i can help any further just ask for it!

Last edited 5 years ago by vushakov (previous) (diff)

comment:8 in reply to: ↑ 7 ; follow-up: ↓ 13 Changed 5 years ago by vushakov

Replying to Kartoffelbrei:

I see Syn Packages going out in the guest but they remain unanswered. Also there is a routing problem that the guest cant reach the target net "ICMP net 192.168.100.5 unreachable" I also noted that, when i ask for the routes with the command route it takes up to a minute to get me the route. Maybe here is a problem with the routing.

In the Host System i cant see any of the traffic. It just doesnt show up.

Please, can you provide interfaces and routing information (as requested in comment:6)?

comment:9 Changed 5 years ago by Kouen22

Hello , i have the same problem here using windows 7 host and ubuntu guest VBx Version 4.3.15 r95286 here is a tcpdump from guest os:  http://pastebin.com/yLasiMiP Host system ------- Ipconfig:  http://pastebin.com/0HT6L1gC Netstat  http://pastebin.com/Twxj9ak5 host------------------ when i use bridged networking it works fine. everything is properly configured

Last edited 5 years ago by Kouen22 (previous) (diff)

comment:10 Changed 5 years ago by Kouen22

i hope it helps solve the problem Salutations

comment:11 Changed 5 years ago by vushakov

Thanks, but tcpdump text output is not quite enough in this case since it doesn't show all the information, like payload of ICMP errors. The actual capture (tcpdump -s 1500 -w ... or, equivalently, saving captured packets from wireshark) would be more useful.

Changed 5 years ago by Kouen22

tcpdumped while mtr host system working with wireshark

comment:12 Changed 5 years ago by Kouen22

netstat and ipconfig of guest system  http://postimg.org/image/h3vrrscdn/

Changed 5 years ago by Kartoffelbrei

Information for Nat Problem - pcap and networkfiles

comment:13 in reply to: ↑ 8 Changed 5 years ago by Kartoffelbrei

Replying to vushakov:

Replying to Kartoffelbrei:

In the Host System i cant see any of the traffic. It just doesnt show up.

Please, can you provide interfaces and routing information (as requested in comment:6)?

I uploaded the file "filelogs.zip" with all the information you need!

Hope this will help!

Last edited 5 years ago by Kartoffelbrei (previous) (diff)

comment:14 Changed 5 years ago by vushakov

Does "NAT Network" attachment work? If you don't use NAT Network, you will need to create one first via VM Manager -> File -> Preferences -> Network.

I might need to ask you to test with an instrumented build to obtain more information. I don't see anything obviously wrong with the network settings you posted.

comment:15 Changed 5 years ago by Kartoffelbrei

When i activate the NAT Network, it doesnt work at all... I cant get an ARP Resolution - the gateway within the guest 10.0.5.1 cant be reached. There is no arp reply. the Routing and the ip is normal.

Of course i can test a testbuild - no problem at all.

comment:16 Changed 5 years ago by vushakov

So far this looks like WSAGetLastError() is clobbered between connect() and error test in the caller.

What antivirus/firewall do you have installed?

[I would also be interested in investigating NAT Network problem, but it's better to do that under a separate bug report].

comment:17 Changed 5 years ago by vushakov

Please, try https://www.virtualbox.org/download/testcase/VirtualBox-4.3.17-96140-Win.exe

Extra logging is turned off by default. After starting the VM you need to do

VBoxManage debugvm "..." log --release -- +drv_nat.l2

try making a TCP connection. You should see extra "NAT:" messages about connect() in your VBox.log. Please attach that log file.

Extra logging is not persistent across VM runs. If you need to turn it off, you can use

VBoxManage debugvm "..." log --release -- -drv_nat.l2

Thanks in advance.

comment:18 follow-up: ↓ 20 Changed 5 years ago by Kartoffelbrei

I have installed the new build on my test computer. It works... But now there is the problem, that I dont know whether it works because of the new build or the fresh windows install.

It doesnt work on my productive system and i cannot install a test release there.

I created the log as you mentioned on my productive system with 4.3.16.and attached it here.

Does this help you?

comment:19 Changed 5 years ago by Kartoffelbrei

Oh yeah i forgot something:

I have the Avira virus Scan and the Windows 7 firewall activated.

Changed 5 years ago by Kartoffelbrei

the extended logging with NAT on a 4.3.16.

comment:20 in reply to: ↑ 18 Changed 5 years ago by vushakov

Replying to Kartoffelbrei:

I have installed the new build on my test computer. It works... But now there is the problem, that I dont know whether it works because of the new build or the fresh windows install.

It doesnt work on my productive system and i cannot install a test release there.

Just to clarify, 4.3.16 NAT did not work on the test computer too, right?

I created the log as you mentioned on my productive system with 4.3.16.and attached it here.

Does this help you?

Unfortunately, not. Since I need the log from that extra instrumentation I added to that test build and that is not present in 4.3.16

comment:21 Changed 5 years ago by frank

To all affected users: We are still looking for log files which vushakov requested in comment 17. We need the additional logging to find out why it doesn't work in your environment because we cannot reproduce this problem. The additional logging must be taken from the 4.3.17-96140 test build provided in comment 17, trying to activate this logging with 4.3.16 will not work.

Also, please clearly confirm that

  1. NAT was working fine for your with VBox 4.3.12
  2. The problem described here started for you with VBox 4.3.14
  3. Even with VBox 4.3.16 you have the same problem
  4. Do you experience the same problem when switching the network attachment type to "NAT network"?

Thank you!

Last edited 5 years ago by frank (previous) (diff)

comment:22 follow-up: ↓ 23 Changed 5 years ago by Tomz7345

  1. NAT works fine with VBox 4.3.12
  2. Don't know. Updated from 4.3.0 to 4.3.16. 4.3.16 did not work.
  3. Even with VBox 4.3.16 only icmp is working. Tcp and udp are not working.
  4. Yes, problem persists if switching to "NAT network".

With additional logging from comment 17 the Log says "tcp_fconnect error 10106 (was 10106)" when i try to etablish a tcp connection.

The full log can only sent by private mail due to privacy issues.

Antivirus/firewall (Sophos SafeGuard and Sophos Endpoint Security) is installed on my machine.

comment:23 in reply to: ↑ 22 Changed 5 years ago by vushakov

Replying to Tomz7345:

With additional logging from comment 17 the Log says "tcp_fconnect error 10106 (was 10106)" when i try to etablish a tcp connection.

Ah, thanks! That is the crucial bit of information I was looking for. This is WSAEPROVIDERFAILEDINIT. Given this error and since things started failing since 4.3.14 it's most likely that the problem is yet another manifestation of varied issues uncovered by hardening code introduced in 4.3.14 on Windows.

comment:24 Changed 5 years ago by Kartoffelbrei

Sorry i have been off the net for a few days..

So you dont need any more Information?

Yes the NAT didnt work before on my test computer..

comment:25 Changed 5 years ago by bird

It looks like it's related 4.3.14+ screening DLLs before they get loaded into the VM process (for security raisins). There are a couple of Avira DLLs being failed in LoadLibrary() because they're installed with Administrators (group) instead of TrustedInstaller or LocalSystem as owner. We'll be addressing this in the next release, but there will probably be a test build (/ hot fix) that addresses the issue.

Thanks for the report and patience,

bird.

comment:26 follow-up: ↓ 35 Changed 5 years ago by bird

This test build should solve the issue, I hope: https://www.virtualbox.org/download/testcase/VirtualBox-4.3.17-96342-Win.exe

Feedback on whether it works or not would be nice, of course. :-)

Last edited 5 years ago by bird (previous) (diff)

comment:27 Changed 5 years ago by lucatruf

I just downloaded the build and installed it on my machine. Virtualbox shows version 4.3.17 r96342.

Unfortunatelly it didn't solve the problem. I activating the debug, then I did a telnet <ipaddress> I got the following message on the log: 00:01:28.872901 NAT: tcp_fconnect error 10106 (was 10106)

comment:28 Changed 5 years ago by bird

lucatruf: Would you mind uploading the VBoxStartup.log for that (or a similar) session?

Changed 5 years ago by lucatruf

VBoxStartup.log file

comment:29 Changed 5 years ago by lucatruf

In case it might help, I tryed to install and even run VirtualBox as Administrator but the problem persists.

comment:30 Changed 5 years ago by bird

Thanks for the quick response. We're getting a bit further now. The next problem is that WinVerifyTrust fails to find a valid signature for the file "C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll". Unsigned DLLs will not be permitted into the VBox VM process, period.

Now, there is a slight chance that there might be a bug in our code that could hypothetically make it reject valid DLLs. Would be great if you could use sigcheck.exe from SysInternals/Microsoft to verify independently validate the signature of the DLL. You can find it at:  http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx Would be great to have the output of this command:

sigcheck.exe -i "C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll"

comment:31 Changed 5 years ago by lucatruf

It seems your code is ok.

Sigcheck v2.1 - File version and signature viewer Copyright (C) 2004-2014 Mark Russinovich Sysinternals - www.sysinternals.com

c:\program files\open text\socks client\HumSOCKS.dll:

Verified: Unsigned Link date: 17:30 24/10/2012 Publisher: Open Text Corporation Description: Open Text SOCKS Client for x64 Product: Open Text SOCKS Client Prod version: 14.0.0.0 File version: 14.0.11.180 MachineType: 64-bit

comment:32 Changed 5 years ago by lucatruf

Can I prevent somehow the DLL to be loaded or I have to uninstall Open Text ?

comment:33 Changed 5 years ago by jianglai

4.3.17 works for me now. NAT didn't work with 4.3.16.

comment:34 Changed 5 years ago by lucatruf

I confirm that removing the unsigned DLL let Virtualbox to work correctly.

comment:35 in reply to: ↑ 26 Changed 5 years ago by NunoF

I was only able to look at this issue again now.

I confirm that this build also fixes the problem for me.

comment:36 Changed 5 years ago by Buehlerra

I have a similar issue on my system:

Up to know, I have used Version 4.3.10 and Internet Access worked fine. I am using Windows 7 64Bit as Host and Linux (Debian and Ubuntu) as Guest Operating Systems.

After I updated to Version 4.3.18 the Internet Access (NAT) is not working anymore. Still I am able to Ping the physical router, which means the network itself is OK. Only if I use bridged mode, the Internet works fine.

By downgrading to Version 4.3.10, Internet is back working again.

Thanks for any help to solve the problem, Buehlerra

Changed 5 years ago by Buehlerra

Here my VBoxStartup.log file

comment:37 Changed 5 years ago by Buehlerra

I have narrowed the problem down to the driver of my network card. It seems, that under 4.3.10 it is working, but under 4.3.18 not. If I install the network driver from the year 2011, it works with 4.3.18. Any newer driver does not.

The used network card is a onboard Bigfoot (now Qualcomm) Killer E2100 Gigabit Ethernet Chipset. The following driver versons have been tested: 6.1.0.179 Working OK, 6.1.0.310 not working with 4.3.18, 6.1.0.602 not working with 4.3.18, 6.1.0.603 not working with 4.3.18 (this is the latest official available driver)

Any possibility to fix this?

comment:38 Changed 5 years ago by bird

The "Bigfoot Networks Killer Network Manager" part of your NIC driver is what's causing trouble. We're apparently not the first ones having trouble with it:

The issue VBox is having with the "killer network manager" is that Qualcomm/Bigfoot have not signed the BFLLR.DLL file with a cryptographic (digital) signature. Starting with 4.3.14 we refuse to load DLLs that aren't either directly signed or indirectly via a signed driver/installer catalog file. This is for security reasons. See, VBox cannot tell if this BfLLR.dll is from a company/individual that was too lazy to use the signing certificate it/he already has (the actual driver files the kernel uses are signed), or a DLL from an evil adversary of yours that wants your passwords, bank account details, and more.

I'd recommend uninstall the "kill network manager" part, like that iTunes user did in the first link, and/or petition qualcomm to start signing their WinSock components (BfLLR.dll).

comment:39 Changed 5 years ago by Buehlerra

Finally could resolve the issue. I had to deactivate the "Bigfoot Networks Killer Network Manager" from autostart and in addition to execute "netsh winsock reset" command in command promt with admin rights.

Last edited 5 years ago by Buehlerra (previous) (diff)

comment:40 follow-up: ↓ 41 Changed 5 years ago by russellvt

I am seeing a problem similar to this with a Debian 7 host under 4.3.22 (as well as some previous versions)... connection fails intermittently. I noticed that the dhclient seems to be re-requesting addresses every ten seconds or so, and spamming /var/log/syslog with those requests (this host is running behind a NAT interface).

A sample of the logged messages...

Feb 24 17:04:36 rvt-debian7 NetworkManager[2601]: <info> (eth1): DHCPv4 state changed nbi -> preinit
Feb 24 17:04:36 rvt-debian7 dhclient: Listening on LPF/eth1/08:00:27:ee:06:4b
Feb 24 17:04:36 rvt-debian7 dhclient: Sending on   LPF/eth1/08:00:27:ee:06:4b
Feb 24 17:04:36 rvt-debian7 dhclient: Sending on   Socket/fallback
Feb 24 17:04:36 rvt-debian7 dhclient: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6
Feb 24 17:04:37 rvt-debian7 NetworkManager[2601]: <warn> error monitoring device for netlink events: error processing netlink message: Object busy
Feb 24 17:04:38 rvt-debian7 avahi-daemon[2581]: Joining mDNS multicast group on interface eth1.IPv6 with address fe80::a00:27ff:feee:64b.
Feb 24 17:04:38 rvt-debian7 avahi-daemon[2581]: New relevant interface eth1.IPv6 for mDNS.
Feb 24 17:04:38 rvt-debian7 avahi-daemon[2581]: Registering new address record for fe80::a00:27ff:feee:64b on eth1.*.

comment:41 in reply to: ↑ 40 Changed 5 years ago by vushakov

Replying to russellvt:

I am seeing a problem similar to this with a Debian 7 host ... connection fails intermittently.

Do you mean Debian guest? What is your host system?

This bug is about fallout from Windows hardening. If some DLL cannot be loaded, it's not an intermittent condition. That alone makes me think you problem is probably unrelated. Please, file a new bug with as much details as possible (VBox.log file and packet capture would be a good start).

comment:42 Changed 4 years ago by Giangi

I have created a different ticket #14833 for my NAT problem because I'm running v5.0.10/11 but I got suggestion to better write here... so here I am...

I have upgraded my VB from 4.3.12 directly to 5.0.10 and now none of my guests configured as NAT are able to navigate. Currently I have installed the latest test build 5.0.11 but the problem is still there

This is related to this forum post:  https://forums.virtualbox.org/viewtopic.php?f=1&t=74498#p344920

I'm primarily using VB on a network which has Microsoft Forefront TMG as proxy/firewall. I do have full admin access on TMG and enabling the logging I do not see any errors but I do not see any "real traffic" too, just the start/close session

On my pc I have the Forefront TMG Client installed and enabled, could it be that its DLLs are being blocked?

In the logs there are many references to these DLLs, like the following.

1388.1bb0: supHardenedWinVerifyImageByHandle: -0 (\Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll) WinVerifyTrust
1388.1bb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll
1388.1bb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Forefront TMG Client\FwcWsp.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007c7b5c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1388.1bb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll
1388.1bb0: supR3HardenedDllNotificationCallback: load 74bb0000 LB 0x001fc000 C:\Program Files\Forefront TMG Client\FwcWsp.dll [fFlags=0x0]
1388.1bb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll

The guest NIC is configured as:

Configurazione IP di Windows
        Nome host . . . . . . . . . . . . . . : TESTXP1NEW
        Suffisso DNS primario  . . . . . . .  :
        Tipo nodo . . . . . . . . . . . . . .  : Ibrido
        Routing IP abilitato. . . . . . . . . : No
        Proxy WINS abilitato . . . . . . . .  : No
        Elenco di ricerca suffissi DNS. . . . : master.local
Scheda Ethernet Lan:
        Suffisso DNS specifico per connessione: master.local
        Descrizione . . . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
        Indirizzo fisico. . . . . . . . . . . : 08-00-27-BB-9E-71
        DHCP abilitato. . . . . . . . . . . . : Sì
        Configurazione automatica abilitata   : Sì
        Indirizzo IP. . . . . . . . . . . . . : 10.0.2.15
        Subnet mask . . . . . . . . . . . . . : 255.255.255.0
        Gateway predefinito . . . . . . . . . : 10.0.2.2
        Server DHCP . . . . . . . . . . . . . : 10.0.2.2
        Server DNS . . . . . . . . . . . . .  : 10.0.2.3
        Lease ottenuto. . . . . . . . . . . . : lunedì 16 novembre 2015 13.39.27
        Scadenza lease . . . . . . . . . . .  : martedì 17 novembre 2015 13.39.27

DNS resolution is working...

C:\Documents and Settings\Utente>nslookup
*** Impossibile trovare nome server per l'indirizzo 10.0.2.3: Non-existent domain
*** I server predefiniti non sono disponibili
Server predefinito:  UnKnown
Address:  10.0.2.3
set q=any
google.com
Server:  UnKnown
Address:  10.0.2.3
Risposta da un server non di fiducia:
google.com      internet address = 173.194.112.137
google.com      internet address = 173.194.112.133
google.com      internet address = 173.194.112.130
google.com      internet address = 173.194.112.131
google.com      internet address = 173.194.112.136
google.com      internet address = 173.194.112.142
google.com      internet address = 173.194.112.134
google.com      internet address = 173.194.112.135
google.com      internet address = 173.194.112.128
google.com      internet address = 173.194.112.132
google.com      internet address = 173.194.112.129
google.com      nameserver = ns1.google.com
google.com      nameserver = ns3.google.com
google.com      nameserver = ns4.google.com
google.com      nameserver = ns2.google.com
google.com
        primary name server = ns1.google.com
        responsible mail addr = dns-admin.google.com
        serial  = 107925622
        refresh = 900 (15 mins)
        retry   = 900 (15 mins)
        expire  = 1800 (30 mins)

On my home network all the guests are connecting to internet without problems.

Changed 4 years ago by Giangi

Changed 4 years ago by Giangi

comment:43 Changed 3 years ago by vushakov

  • Status changed from new to closed
  • Resolution set to fixed

comment:44 Changed 3 years ago by Giangi

Fixed how and when? Personally I had to use a workaround for this because it hasn't been fixed!

To use NAT with TMG install cNTLM on host and set on guest host-ip:3128 as proxy

"Fortunately" I currently do not have anymore a TMG server to use so I do not need my workaround...

comment:45 Changed 18 months ago by techlevel

Please, reopen this ticket. I'm experiencing the same issues as described with the latest version of VirtualBox.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use