I have a CentOS guest on a CentOS host with NAT setup. On the guest, I run a syslog event collector listening to udp/514. Using port-forwarding syslog events are forwarded to guest. Somehow, the src ip of those event become 10.0.2.2 on guest, which on host, it shows the correct src ip. Here are tcpdump from both:
On host:
tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:24.661024 IP (tos 0x0, ttl 64, id 25582, offset 0, flags [none], proto: UDP (17), length: 79) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:24.661197 IP (tos 0x0, ttl 64, id 25583, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:24.745518 IP (tos 0x0, ttl 64, id 25585, offset 0, flags [none], proto: UDP (17), length: 191) 10.155.69.23.syslog > 10.155.69.212.syslog: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:31.825655 IP (tos 0x0, ttl 64, id 42236, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64626]: Did not receive ident[|syslog]
18:50:31.921804 IP (tos 0x0, ttl 64, id 42239, offset 0, flags [none], proto: UDP (17), length: 116) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 88
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:46 sshd[64624]: Did not receive ident[|syslog]
18:50:33.086459 IP (tos 0x0, ttl 64, id 42251, offset 0, flags [none], proto: UDP (17), length: 117) 10.155.69.1.syslog > 10.155.69.212.syslog: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:47 sshd[64628]: Did not receive ident[|syslog]
On guest:
tcpdump -nvp udp port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:50:22.252032 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:43:34 sshd[64618]: Did not receive ident[|syslog]
18:50:27.128257 IP (tos 0x0, ttl 64, id 24506, offset 0, flags [none], proto: UDP (17), length: 79) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 51
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 last message repeated 352 times
18:50:27.128351 IP (tos 0x0, ttl 64, id 24507, offset 0, flags [none], proto: UDP (17), length: 117) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 89
Facility auth (4), Severity info (6)
Msg: Apr 6 18:52:35 sshd[34534]: Did not receive ident[|syslog]
18:50:27.213209 IP (tos 0x0, ttl 64, id 24509, offset 0, flags [none], proto: UDP (17), length: 191) 10.0.2.2.36744 > 10.0.2.15.514: SYSLOG, length: 163
Facility daemon (3), Severity error (3)
Msg: Apr 6 18:52:35 rpd[1318]: RPD_L2VPN_SITE_COLLISIO[|syslog]
18:50:34.293485 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [none], proto: UDP (17), length: 116) 10.0.2.2.514 > 10.0.2.15.514: SYSLOG, length: 88
I also tried ssh port forwarding (TCP), it worked fine. Is this a bug in VBox or I missed something here. Please help!
NAT setup UDP wrong src ip
-
Perryg
- Site Moderator
- Posts: 34369
- Joined: 6. Sep 2008, 22:55
- Primary OS: Linux other
- VBox Version: OSE self-compiled
- Guest OSses: *NIX
Re: NAT setup UDP wrong src ip
See chapter 6.3. Network Address Translation (NAT) in your VirtualBox users guide for an explanation.
-
jerryhu
- Posts: 4
- Joined: 6. Apr 2010, 21:04
- Primary OS: Linux other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: CentOS
Re: NAT setup UDP wrong src ip
Went through that chapter multiple times, not sure which section you were referring.Perryg wrote:See chapter 6.3. Network Address Translation (NAT) in your VirtualBox users guide for an explanation.
My case is UDP unicast, packets were sent from a device to udp/514 on host and then forwarded to guest on udp/514.
As I mentioned, ssh traffic worked fine (src ip is correct on both host and guest).
-
jerryhu
- Posts: 4
- Joined: 6. Apr 2010, 21:04
- Primary OS: Linux other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: CentOS
Re: NAT setup UDP wrong src ip
A ticket has been filed to track this issue: http://www.virtualbox.org/ticket/6524
-
appyface
- Posts: 79
- Joined: 13. Sep 2009, 21:31
- Primary OS: MS Windows 7
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: XP W7 Linux
Re: NAT setup UDP wrong src ip
Solved for me!
I'm using Virutalbox 3.2.8
After getting my TCP and UDP ports forwarded into my Guest VM using the 'modifyvm' parameter to VBoxManage, I was not consistently seeing UDP traffic being received into the Guest. I was also seeing 10.0.2.2 as the source address in some instances.
After banging my head against the wall for the last several days, I found this thread. Many thanks especially for the link to ticket 6524, it contains the fix that worked for me:
My Guest is now happily processing inbound UDP directed to its port. I hope this will help save someone else from senseless head-banging 
Kind regards,
--appyface
I'm using Virutalbox 3.2.8
After getting my TCP and UDP ports forwarded into my Guest VM using the 'modifyvm' parameter to VBoxManage, I was not consistently seeing UDP traffic being received into the Guest. I was also seeing 10.0.2.2 as the source address in some instances.
After banging my head against the wall for the last several days, I found this thread. Many thanks especially for the link to ticket 6524, it contains the fix that worked for me:
Code: Select all
VBoxManage modifyvm <your-vm name> --nataliasmode1 proxyonly Kind regards,
--appyface