VirtualBox

Opened 14 years ago

Closed 14 years ago

#6524 closed defect (fixed)

NAT setup UDP traffic wrong src IP

Reported by: jerryhu Owned by:
Component: network/NAT Version: VirtualBox 3.2.6
Keywords: Cc:
Guest type: Linux Host type: Linux

Description (last modified by vasily Levchenko)

I have a CentOS guest on a CentOS host with NAT setup. On the guest, I run a syslog event collector listening to udp/514. Using port-forwarding syslog events (UDP unicast) are forwarded to guest. Somehow, the src ip of those event become 10.0.2.2 on guest, which on host, it shows the correct src ip.

I also tried ssh port forwarding (TCP), it worked fine. So this is UDP specific issue. Here are tcpdump from both host and guest:

On host:

tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:24.661024 IP (tos 0x0, ttl 64, id 25582, offset 0, flags [none], proto: UDP (17), length: 79) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:24.661197 IP (tos 0x0, ttl 64, id 25583, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:24.745518 IP (tos 0x0, ttl 64, id 25585, offset 0, flags [none], proto: UDP (17), length: 191) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:31.825655 IP (tos 0x0, ttl 64, id 42236, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64626]: Did not receive ident[|syslog]
18:50:31.921804 IP (tos 0x0, ttl 64, id 42239, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64624]: Did not receive ident[|syslog]
18:50:33.086459 IP (tos 0x0, ttl 64, id 42251, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:47 sshd[64628]: Did not receive ident[|syslog]

On guest:

tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:22.252032 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:34 sshd[64618]: Did not receive ident[|syslog]
18:50:27.128257 IP (tos 0x0, ttl 64, id 24506, offset 0, flags [none], proto: UDP (17), length: 79) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:27.128351 IP (tos 0x0, ttl 64, id 24507, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:27.213209 IP (tos 0x0, ttl 64, id 24509, offset 0, flags [none], proto: UDP (17), length: 191) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:34.293485 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [none], proto: UDP (17), length: 116) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 88

Attachments (2)

VBox.log (41.3 KB ) - added by Victor Abramoff 14 years ago.
VBox.2.log (41.5 KB ) - added by Victor Abramoff 14 years ago.

Download all attachments as: .zip

Change History (17)

comment:1 by vasily Levchenko, 14 years ago

Description: modified (diff)

comment:2 by vasily Levchenko, 14 years ago

Could you please attach log file?

comment:3 by vasily Levchenko, 14 years ago

I'm not sure I correctly understand the problem, 10.0.2.2 in your case is address of your host in term of guest behind the NAT. So presence 10.0.2.2 in UDP datagrams when you have done port-forwarding and do connection from host to the guest is something that is expected.

comment:4 by vasily Levchenko, 14 years ago

Ah, now I see what the problem, but not sure why it's specific for UDP. But it looks like the problem you're seeing is default configuration of libalias (NAT in FreeBSD) which are probably is too restrictive for you. Unfortunately 3.1 hasn't got mechanism to configure it, but we can do it for 3.2 of course.

comment:5 by jerryhu, 14 years ago

My understand is that NAT only masquerades INTERNAL IP address (in our case 10.0.2.x), it should keep external IP address. Even if we make this configurable, I think default behavior needs to be the right one (keep external IP address for both in-bound and out-bound traffic).

comment:6 by vasily Levchenko, 14 years ago

Could you please try 3.2 with the following settings:

# VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly 

or with VBoxShell

vbox> nat u10.04 0 alias proxyonly

comment:7 by vasily Levchenko, 14 years ago

Does it still happen with 3.2.6?

comment:8 by Victor Abramoff, 14 years ago

I can confirm this bug on 3.2.6 in my setup:

Host: Windows Server 2003 std x64;
Guest: Windows Server 2003 std;
VirtualBox: 3.2.6 r63112
Network: NAT, guest NIC=Intel PRO/1000 MT Server;
Port forward: Protocol=TCP, HostPort=3390, GuestPort=3389;

RDP client connects from external workstation to Host port tcp/3390. On Guest I see incoming connection from IP 10.0.2.2 (Host IP), like this (netstat -n output on Guest):

TCP    10.0.2.15:3389         10.0.2.2:1848          ESTABLISHED

in reply to:  8 comment:9 by vasily Levchenko, 14 years ago

Replying to abramoff: Please attach your log file.

by Victor Abramoff, 14 years ago

Attachment: VBox.log added

comment:10 by Frank Mehnert, 14 years ago

Logfile attached.

comment:11 by Frank Mehnert, 14 years ago

Version: VirtualBox 3.1.4VirtualBox 3.2.6

comment:12 by vasily Levchenko, 14 years ago

Could you please try to switch proxy mode as it advised in several comments above?

in reply to:  12 comment:13 by Victor Abramoff, 14 years ago

Yes, it helps. Now I see the IP source of client in the VM. Log attached.

by Victor Abramoff, 14 years ago

Attachment: VBox.2.log added

comment:14 by vasily Levchenko, 14 years ago

Thanks for testing.

comment:15 by vasily Levchenko, 14 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use