UDP Port forwarding - solved!
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
UDP Port forwarding - solved!
I am on VBox 6.1.4, windows host, windows guest (10, x64 both)
I am trying to pass udp packets from internet to the host using NAT, forwarding them with a rule. Firewalls down for testing.
I was unable to make it work. I change strategy to use briged networking and everything goes sweet, so I believe that UDP forwarding er... either I do not know how to use it (that looks straiforward to use) or is not working properly. Besides, I can confirm that TCP forwarding works properly.
Anyone can confirm that NAT UDP is working ok for him/her?
Any special configuration trick to know?
Did i spot a bug reincarnated? (I mean this one for example https://www.virtualbox.org/ticket/18029)
Thanks
CT
I am trying to pass udp packets from internet to the host using NAT, forwarding them with a rule. Firewalls down for testing.
I was unable to make it work. I change strategy to use briged networking and everything goes sweet, so I believe that UDP forwarding er... either I do not know how to use it (that looks straiforward to use) or is not working properly. Besides, I can confirm that TCP forwarding works properly.
Anyone can confirm that NAT UDP is working ok for him/her?
Any special configuration trick to know?
Did i spot a bug reincarnated? (I mean this one for example https://www.virtualbox.org/ticket/18029)
Thanks
CT
Last edited by caspertone on 12. Apr 2020, 14:36, edited 1 time in total.
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: UDP Port forwarding
Please provide a zipped VBox.log file from a VM run with the UDP port forwarding configured and not working.
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding
Thanks for caring.fth0 wrote:Please provide a zipped VBox.log file from a VM run with the UDP port forwarding configured and not working.
Here it goes.
What I see is the application on the guest is not receiving udp packets, and changing from Nat using forwarding to bridged network solves the issue. It is not the arrangement that I wish but it provides a workaround.
If needed can generate trafic and capture packet traces.
TIA,
CT
Last edited by caspertone on 7. May 2020, 18:53, edited 1 time in total.
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: UDP Port forwarding
From the VBox.log file, I noticed that you provide the Paravirtualized Network (virtio-net) adapter to the guest. Does the problem persist if you use the standard Intel PRO/1000 MT Desktop (82540EM) network adapter? If not, which network driver do you use inside your guest?
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding
Will check with intel profth0 wrote:From the VBox.log file, I noticed that you provide the Paravirtualized Network (virtio-net) adapter to the guest. Does the problem persist if you use the standard Intel PRO/1000 MT Desktop (82540EM) network adapter? If not, which network driver do you use inside your guest?
Currently I am using 0.1.173, specifically .3 (as the last changes are mostly cosmetic), from https://fedorapeople.org/groups/virt/vi ... /CHANGELOG
Donwloaded here https://fedorapeople.org/groups/virt/vi ... 0.1.173-3/
See atachment for further info
Last edited by caspertone on 7. May 2020, 18:54, edited 1 time in total.
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding
The problem worsens with Intel PRO/1000 MT Desktop, UDP forwarding does not work, NEITHER TPC forwarding. I tried also wit MT Server to same results. I found that PCNET cards are no more supported under W10 (seems that VBOX is getting short in NIC support in W10...)fth0 wrote:From the VBox.log file, I noticed that you provide the Paravirtualized Network (virtio-net) adapter to the guest. Does the problem persist if you use the standard Intel PRO/1000 MT Desktop (82540EM) network adapter? If not, which network driver do you use inside your guest?
I also found this that seems could be related viewtopic.php?f=7&t=91280
I will revert to bridge.
Perhaps the dingy I wish to use is using ICMP to handle UDP errors. So, ICMP => NAT forwarding not working as per VBOX manual.
Thanks for your support. Any other idea is welcomed
CT
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: UDP Port forwarding
I successfully tested the port forwarding in one of my setups which seems to be similar to yours: Windows 10 1909 (current) as host and guest, VirtualBox 6.1.4, Intel PRO/1000 MT Desktop (82540EM) adapter with NAT (IP 10.0.2.15 from DHCP server 10.0.2.2), port forwarding exactly configured like you. Packets originating from outside the host with the host IP as the destination IP are forwarded, as are packets originating from the host itself with the host IP as the destination IP. If you use the localhost IP (127.0.0.1) as the destination, the packets are not forwarded, unless you specify the localhost IP address in the port forwarding rule, which is consistent with the documentation. My whole test took about 10 minutes, so there is no long-time experience included.
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding
Thanks for checking.fth0 wrote:I successfully tested the port forwarding in one of my setups
As said before, I suspect that the client I am using is using ICMP, so it is not a VBOX bug, only a functionality not included as the manual clearly states.
I have filled a request for enhancement (full ICMP forwarding ability), but I am not optimistic as same request was already dismissed more than 10 years ago... but things could have changed - there is some hope... (edited after @fth0 correction - thanks)
https://www.virtualbox.org/ticket/19478
Best,
CT
Last edited by caspertone on 12. Apr 2020, 23:06, edited 1 time in total.
-
- Site Moderator
- Posts: 20965
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: UDP Port forwarding - solved!
The devs have reported that they are over-full supporting Oracle's paying customers' needs & bugs. So such requests have to coincide with what the paying customers desire, if bugs are under control enough to allow time to do enhancements, for the request to show up anytime soon.
In other words, I wouldn't hold my breath...
In other words, I wouldn't hold my breath...
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding - solved!
Thanks for your view. I had same view but trying is cheapscottgus1 wrote:The devs have reported that they are over-full supporting Oracle's paying customers' needs & bugs. ...
joke/irony on
I have been following dev-mails available to outsiders and the volume is so low that it would look that VBox would be abandon-ware... of course I was expecting that not to be the case, due to paying users... so us, freeriders, are the social (digital age) beneficiaries ... being Oracle our supporting charity Notwithstanding that, we pay in kind doing testing and bug identification So there is space to have some (quite small) profit back in terms of enhancements...
joke/irony off
In any case, I do not wish to sound disgrateful, we have to fully appreciate what we have: VBox is an incredible piece of technology make available worldwide at no cost (extension pack free only for personal/educational); of course, we will newer know if this is just an act of philanthropy, either an strategic move against other competitors... or both; but the product is available in full no kind of freemium approach...
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: UDP Port forwarding - solved!
I don't think so. IMO, the old request was about ping (ICMP echo request/reply) not working from the guest to the Internet through NAT, which does work nowadays.caspertone wrote:same request was already dismissed more than 10 years ago...
What doesn't work today, are typical shortcomings of NAT gateways in general (not only the VirtualBox one). For example, NAT gateways have timeouts for "connections" of connection-less protocols like UDP and ICMP. This can sometimes be mitigated by keep-alive packets ...
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding - solved!
I re-read https://www.virtualbox.org/ticket/181fth0 wrote:I don't think so. IMO, the old request was about ping (ICMP echo request/reply) not working from the guest to the Internet through NAT, which does work nowadays.caspertone wrote:same request was already dismissed more than 10 years ago...
...
You are fully right: the request was for Inability to ping from guest, and this works now. I edited the wrong statement to strike through the misleading information, thanks.
"Frank" words distracted me, as he wrote "This is not really a bug but more an issue or an unimplemented feature. Lack of ICMP support with NAT is described in the UserManual chapter 5.3.2. No fix is planned since ICMP is not important for NAT."
From there I got the message that ICMP was not goint to be fixed... and it has not indeed - while there is true that ping was fixed.
On the other hand, not duly handling ICMP has its effects, as you can see here https://success.thousandeyes.com/Public ... ualization
I am not sure I understand the keep alive approach, perhaps you can explain better or PM me...
I might stay using bridget net, or I am wondering if getting into experimentate with proxy/nat sw like win-gate or alike. Instead of using VBox NAT engine I could use that other engines.
Thanks,
CT
Last edited by caspertone on 12. Apr 2020, 23:41, edited 1 time in total.
-
- Site Moderator
- Posts: 20965
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: UDP Port forwarding - solved!
A 'keep-alive' is some form of throw-away information sent through a channel that closes on its own after a period of time, to reset the channel's timer so the channel stays open.
An example: I wrote my own remote-control 'app' for VLC using a very jury-rigged setup of sending text files over wi-fi to a shared folder on the PC running VLC. An HTA script with a "touchpad" on my tablet writes the text files and a vbscript on the VLC PC reads the text files and sends keystrokes to VLC. I found that the HTA script wouldn't responsively send commands if I let it sit while watching something. I finally figured out that the tablet was forgetting the connection to the shared folder and needed to 're-enumerate' it when I sent another command. I made a 30-second timer in the HTA to send another text file with the system time and the channel stayed open, and the HTA stayed responsive.
How you do that in your setup is something you'd have to design.
An example: I wrote my own remote-control 'app' for VLC using a very jury-rigged setup of sending text files over wi-fi to a shared folder on the PC running VLC. An HTA script with a "touchpad" on my tablet writes the text files and a vbscript on the VLC PC reads the text files and sends keystrokes to VLC. I found that the HTA script wouldn't responsively send commands if I let it sit while watching something. I finally figured out that the tablet was forgetting the connection to the shared folder and needed to 're-enumerate' it when I sent another command. I made a 30-second timer in the HTA to send another text file with the system time and the channel stayed open, and the HTA stayed responsive.
How you do that in your setup is something you'd have to design.
-
- Posts: 54
- Joined: 2. Apr 2014, 10:27
Re: UDP Port forwarding - solved!
Thanks!scottgus1 wrote:How you do that in your setup is something you'd have to design.
I mean, I should run the keepalive from the guest or from the host?
-
- Volunteer
- Posts: 5668
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: UDP Port forwarding - solved!
I can try.caspertone wrote:I am not sure I understand the keep alive approach, perhaps you can explain better
For example, consider a typical home router that performs NAT (Network Address Translation) between the home network and the Internet. A PC in the home network starts an UDP session by sending a UDP packet to a server in the Internet. The router replaces source IP and source port, memorizes this translation, and repeats it for the other packets of this session in both directions. When the session ends, the router forgets the memorized translation again. But how can the router recognize that the session ends? Since UDP is a connection-less protocol, the router cannot decide itself when the session ends. The solution is a timer per session (e.g. 90 seconds UDP session timeout) that is restarted for every packet of the session (simplified description), and when the timer elapses, the translation is forgotten. To prevent this from happening ("keeping the session alive"), you can regularly send additional packets (e.g. empty UDP packets) in the direction of the first packet (NAT vs. port forwarding).