Opened 15 years ago
Closed 15 years ago
#6524 closed defect (fixed)
NAT setup UDP traffic wrong src IP
Reported by: | jerryhu | Owned by: | |
---|---|---|---|
Component: | network/NAT | Version: | VirtualBox 3.2.6 |
Keywords: | Cc: | ||
Guest type: | Linux | Host type: | Linux |
Description (last modified by )
I have a CentOS guest on a CentOS host with NAT setup. On the guest, I run a syslog event collector listening to udp/514. Using port-forwarding syslog events (UDP unicast) are forwarded to guest. Somehow, the src ip of those event become 10.0.2.2 on guest, which on host, it shows the correct src ip.
I also tried ssh port forwarding (TCP), it worked fine. So this is UDP specific issue. Here are tcpdump from both host and guest:
On host:
tcpdump -nvp udp port 514 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:50:24.661024 IP (tos 0x0, ttl 64, id 25582, offset 0, flags [none], proto: UDP (17), length: 79) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 51 Facility daemon (3), Severity error (3) Msg: Apr 6 18:52:35 last message repeated 352 times 18:50:24.661197 IP (tos 0x0, ttl 64, id 25583, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 89 Facility auth (4), Severity info (6) Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog] 18:50:24.745518 IP (tos 0x0, ttl 64, id 25585, offset 0, flags [none], proto: UDP (17), length: 191) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 163 Facility daemon (3), Severity error (3) Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog] 18:50:31.825655 IP (tos 0x0, ttl 64, id 42236, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88 Facility auth (4), Severity info (6) Msg: Apr 6 18:43:46 sshd[64626]: Did not receive ident[|syslog] 18:50:31.921804 IP (tos 0x0, ttl 64, id 42239, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88 Facility auth (4), Severity info (6) Msg: Apr 6 18:43:46 sshd[64624]: Did not receive ident[|syslog] 18:50:33.086459 IP (tos 0x0, ttl 64, id 42251, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 89 Facility auth (4), Severity info (6) Msg: Apr 6 18:43:47 sshd[64628]: Did not receive ident[|syslog]
On guest:
tcpdump -nvp udp port 514 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:50:22.252032 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 89 Facility auth (4), Severity info (6) Msg: Apr 6 18:43:34 sshd[64618]: Did not receive ident[|syslog] 18:50:27.128257 IP (tos 0x0, ttl 64, id 24506, offset 0, flags [none], proto: UDP (17), length: 79) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 51 Facility daemon (3), Severity error (3) Msg: Apr 6 18:52:35 last message repeated 352 times 18:50:27.128351 IP (tos 0x0, ttl 64, id 24507, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 89 Facility auth (4), Severity info (6) Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog] 18:50:27.213209 IP (tos 0x0, ttl 64, id 24509, offset 0, flags [none], proto: UDP (17), length: 191) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 163 Facility daemon (3), Severity error (3) Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog] 18:50:34.293485 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [none], proto: UDP (17), length: 116) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 88
Attachments (2)
Change History (17)
comment:1 by , 15 years ago
Description: | modified (diff) |
---|
comment:2 by , 15 years ago
comment:3 by , 15 years ago
I'm not sure I correctly understand the problem, 10.0.2.2 in your case is address of your host in term of guest behind the NAT. So presence 10.0.2.2 in UDP datagrams when you have done port-forwarding and do connection from host to the guest is something that is expected.
comment:4 by , 15 years ago
Ah, now I see what the problem, but not sure why it's specific for UDP. But it looks like the problem you're seeing is default configuration of libalias (NAT in FreeBSD) which are probably is too restrictive for you. Unfortunately 3.1 hasn't got mechanism to configure it, but we can do it for 3.2 of course.
comment:5 by , 15 years ago
My understand is that NAT only masquerades INTERNAL IP address (in our case 10.0.2.x), it should keep external IP address. Even if we make this configurable, I think default behavior needs to be the right one (keep external IP address for both in-bound and out-bound traffic).
comment:6 by , 15 years ago
Could you please try 3.2 with the following settings:
# VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly
or with VBoxShell
vbox> nat u10.04 0 alias proxyonly
follow-up: 9 comment:8 by , 15 years ago
I can confirm this bug on 3.2.6 in my setup:
Host: Windows Server 2003 std x64;
Guest: Windows Server 2003 std;
VirtualBox: 3.2.6 r63112
Network: NAT, guest NIC=Intel PRO/1000 MT Server;
Port forward: Protocol=TCP, HostPort=3390, GuestPort=3389;
RDP client connects from external workstation to Host port tcp/3390. On Guest I see incoming connection from IP 10.0.2.2 (Host IP), like this (netstat -n output on Guest):
TCP 10.0.2.15:3389 10.0.2.2:1848 ESTABLISHED
by , 15 years ago
comment:11 by , 15 years ago
Version: | VirtualBox 3.1.4 → VirtualBox 3.2.6 |
---|
follow-up: 13 comment:12 by , 15 years ago
Could you please try to switch proxy mode as it advised in several comments above?
comment:13 by , 15 years ago
Yes, it helps. Now I see the IP source of client in the VM. Log attached.
by , 15 years ago
Attachment: | VBox.2.log added |
---|
comment:15 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Could you please attach log file?