Ticket #7338 (closed defect: fixed)

Opened 5 years ago

Last modified 15 months ago

NAT passes multicast packets from guest to host => Fixed in SVN

Reported by: mackyle Owned by:
Priority: major Component: network/NAT
Version: VirtualBox 4.0.4 Keywords:
Cc: Guest type: Linux
Host type: Mac OS X

Description (last modified by vushakov) (diff)


1. Set up a guest (ubuntu linux for example) with a single network interface connected to NAT

2. Enable avahi (an mDNS server) in that guest

3. Run an mDNS observer on the host (Bonjour Browser on Mac OS X for example)

4. Notice that the host sees the mDNS packets (UDP multicast to from the guest


Running wireshark on the host shows that the mDNS packets appear to originate from the IP address assigned to en0 on the host (Mac OS X).


While there may be a legitimate need to re-broadcast multicast packets from one side of the NAT to the other, that should be an opt-in behavior rather than always on. At the very least there should be a VBoxManage option to disable multicast packets passing through the NAT.


If you have two interfaces configured for your guest, say NAT on one and HOST-only on the other, the expectation is that the host can only connect to the guest via the HOST-only interface. And that is the reality. However, because the NAT is passing multicast DNS packets from the guest to the host, the host sees both of the guest's interfaces' addresses advertised -- the HOST interface address which it legitimately receives via the mDNS packet over the HOST-only interface and the hidden, NAT-assigned address that is completely unreachable from the host (because the NAT rebroadcasts that mDNS announcement). When the host then attempts to lookup a .local mDNS address that resolves to the guest, it often picks just one address if multiple are available and which one is somewhat arbitrary -- if it picks the hidden NAT address, connectivity with the guest fails (this occurs quite frequently).


There is no good workaround, although it is possible to block UDP packets to port 5353 that appear to come from the en0 interface via the host's firewall.


Have tested this with various guests, the problem is independent of the guest OS type. Have only tested with Mac OS X host though.

Change History

comment:1 Changed 5 years ago by castorinop

Same problem with guest: linux, host: linux, net: NAT and bridge

comment:2 Changed 5 years ago by mackyle

Still a problem with VirtualBox 4.0.4

comment:3 Changed 5 years ago by frank

  • Version changed from VirtualBox 3.2.8 to VirtualBox 4.0.4

comment:4 Changed 16 months ago by vushakov

  • Description modified (diff)
  • Summary changed from NAT passes multicast packets from guest to host to NAT passes multicast packets from guest to host => Fixed in SVN

Should be fixed in the forthcoming 4.3.16 release.

comment:5 Changed 15 months ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fix is part of VBox 4.3.16.

Note: See TracTickets for help on using tickets.
ContactPrivacy policyTerms of Use