VirtualBox

Ticket #16478 (closed defect: fixed)

Opened 7 months ago

Last modified 5 days ago

--natbindip1 not binding TCP traffic to interface => Fixed in 5.1.28

Reported by: wrunning Owned by:
Priority: major Component: network/NAT
Version: VirtualBox 5.1.2 Keywords: bind NAT
Cc: Guest type: Windows
Host type: Windows

Description

Hello! I am experiencing what seems to be the issue laid out previously here  https://forums.virtualbox.org/viewtopic.php?f=7&t=34878. To describe the situation myself: Host OS has several external connections, a WAN and several OpenVPN connections and I want a certain VM to route its traffic through one of the vpn connections, vpn1. vpn1 has a route to 0.0.0.0/0, but with a higher metric than WAN. I set up a NAT adapter for the guest VM, then used vboxmanage modifyvm vm1 --natbindip1 vpn1_IP. What happens is that UDP traffic gets properly bind-ed to vpn1 and gets sent out through it, while TCP traffic goes out via WAN connection.I checked this both with wireshark, netstat and by setting up an outside listening endpoint for both UDP and TCP. I have written myself a program that actually binds to the vpn1 connection and use it for both TCP and UDP traffic and everything works fine, so it isn't a routing issue. Please let me know if there is any more information needed from my side in order to pinpoint the issue. Thanks!

Change History

comment:1 Changed 7 months ago by vushakov

Please, can you make an outbound tcp connection from the VM and check what does netstat shows for that connection on the host.

Does your test program use SO_BINDTODEVICE? Or just bind(2)?

comment:2 Changed 7 months ago by wrunning

Sure, netstat says "TCP 10.10.10.199:45968 78.46.94.13:80 ESTABLISHED", 10.10.10.199 being the IP address of the WAN connection, not the specified one.

My test program, which is actually a DLL injected in processes to force them to be bound to certain interfaces, just uses bind.There are a bit more weird things it does, but those are just for the proper hooking for newly created sockets, not related to the interface binding. For the few programs that I use it for, I have not found a need to set any other specific socket options and I can't find a reference for SO_BINDTODEVICE for Windows sockets.

I did have a short look through the vbox sources, but found it to be getting rather complicated rather fast and without any familiarity on my side with the actual inner workings, decided it might be better to open an issue for someone with better knowledge on the subject.If you can pinpoint me in the proper direction within the sources, maybe I can try to have another look myself too at some point.

Thanks!

comment:3 Changed 6 weeks ago by zarzarel2

I can confirm that natbindip does not work as intended. I have two static IP addresses on one interface on a Windows host (let's say 10.10.4.10 and 10.10.5.10) which are on the same subnet. 10.10.4.10 is the default IP address for the system. If I use --natbindip1 "10.10.5.10" I can see the modification in the configuration file, but when I watch the traffic on the network gateway I can see only DNS requests being routed from 10.10.5.10, all the normal TCP traffic still comes from 10.10.4.10. I can also confirm that all the connections which are in the "ESTABLISHED" state on the host are bound only to 10.10.4.10, with nothing being bound on 10.10.5.10.

This is with VirtualBox 5.1.20.

comment:4 Changed 4 weeks ago by vushakov

  • Summary changed from --natbindip1 not binding TCP traffic to interface to --natbindip1 not binding TCP traffic to interface => Fixed in SVN

This should be fixed in the next 5.1.* release and next 5.2 beta.

comment:5 Changed 5 days ago by michael

  • Status changed from new to closed
  • Resolution set to fixed
  • Summary changed from --natbindip1 not binding TCP traffic to interface => Fixed in SVN to --natbindip1 not binding TCP traffic to interface => Fixed in 5.1.28
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use