VirtualBox

Ticket #6524 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

NAT setup UDP traffic wrong src IP

Reported by: jerryhu Owned by:
Priority: major Component: network/NAT
Version: VirtualBox 3.2.6 Keywords:
Cc: Guest type: Linux
Host type: Linux

Description (last modified by Hachiman) (diff)

I have a CentOS guest on a CentOS host with NAT setup. On the guest, I run a syslog event collector listening to udp/514. Using port-forwarding syslog events (UDP unicast) are forwarded to guest. Somehow, the src ip of those event become 10.0.2.2 on guest, which on host, it shows the correct src ip.

I also tried ssh port forwarding (TCP), it worked fine. So this is UDP specific issue. Here are tcpdump from both host and guest:

On host:

tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:24.661024 IP (tos 0x0, ttl 64, id 25582, offset 0, flags [none], proto: UDP (17), length: 79) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:24.661197 IP (tos 0x0, ttl 64, id 25583, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:24.745518 IP (tos 0x0, ttl 64, id 25585, offset 0, flags [none], proto: UDP (17), length: 191) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:31.825655 IP (tos 0x0, ttl 64, id 42236, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64626]: Did not receive ident[|syslog]
18:50:31.921804 IP (tos 0x0, ttl 64, id 42239, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64624]: Did not receive ident[|syslog]
18:50:33.086459 IP (tos 0x0, ttl 64, id 42251, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:47 sshd[64628]: Did not receive ident[|syslog]

On guest:

tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:22.252032 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:34 sshd[64618]: Did not receive ident[|syslog]
18:50:27.128257 IP (tos 0x0, ttl 64, id 24506, offset 0, flags [none], proto: UDP (17), length: 79) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:27.128351 IP (tos 0x0, ttl 64, id 24507, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:27.213209 IP (tos 0x0, ttl 64, id 24509, offset 0, flags [none], proto: UDP (17), length: 191) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:34.293485 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [none], proto: UDP (17), length: 116) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 88

Attachments

VBox.log Download (41.3 KB) - added by abramoff 4 years ago.
VBox.2.log Download (41.5 KB) - added by abramoff 4 years ago.

Change History

comment:1 Changed 4 years ago by Hachiman

  • Description modified (diff)

comment:2 Changed 4 years ago by Hachiman

Could you please attach log file?

comment:3 Changed 4 years ago by Hachiman

I'm not sure I correctly understand the problem, 10.0.2.2 in your case is address of your host in term of guest behind the NAT. So presence 10.0.2.2 in UDP datagrams when you have done port-forwarding and do connection from host to the guest is something that is expected.

comment:4 Changed 4 years ago by Hachiman

Ah, now I see what the problem, but not sure why it's specific for UDP. But it looks like the problem you're seeing is default configuration of libalias (NAT in FreeBSD) which are probably is too restrictive for you. Unfortunately 3.1 hasn't got mechanism to configure it, but we can do it for 3.2 of course.

comment:5 Changed 4 years ago by jerryhu

My understand is that NAT only masquerades INTERNAL IP address (in our case 10.0.2.x), it should keep external IP address. Even if we make this configurable, I think default behavior needs to be the right one (keep external IP address for both in-bound and out-bound traffic).

comment:6 Changed 4 years ago by Hachiman

Could you please try 3.2 with the following settings:

# VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly 

or with VBoxShell

vbox> nat u10.04 0 alias proxyonly

comment:7 Changed 4 years ago by Hachiman

Does it still happen with 3.2.6?

comment:8 follow-up: ↓ 9 Changed 4 years ago by abramoff

I can confirm this bug on 3.2.6 in my setup:

Host: Windows Server 2003 std x64;
Guest: Windows Server 2003 std;
VirtualBox: 3.2.6 r63112
Network: NAT, guest NIC=Intel PRO/1000 MT Server;
Port forward: Protocol=TCP, HostPort=3390, GuestPort=3389;

RDP client connects from external workstation to Host port tcp/3390. On Guest I see incoming connection from IP 10.0.2.2 (Host IP), like this (netstat -n output on Guest):

TCP    10.0.2.15:3389         10.0.2.2:1848          ESTABLISHED

comment:9 in reply to: ↑ 8 Changed 4 years ago by Hachiman

Replying to abramoff: Please attach your log file.

Changed 4 years ago by abramoff

comment:10 Changed 4 years ago by frank

Logfile attached.

comment:11 Changed 4 years ago by frank

  • Version changed from VirtualBox 3.1.4 to VirtualBox 3.2.6

comment:12 follow-up: ↓ 13 Changed 4 years ago by Hachiman

Could you please try to switch proxy mode as it advised in several comments above?

comment:13 in reply to: ↑ 12 Changed 4 years ago by abramoff

Yes, it helps. Now I see the IP source of client in the VM. Log attached.

Changed 4 years ago by abramoff

comment:14 Changed 4 years ago by Hachiman

Thanks for testing.

comment:15 Changed 4 years ago by Hachiman

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use