UDP Port forwarding - solved!

Discussions related to using VirtualBox on Windows hosts.
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

UDP Port forwarding - solved!

Post by caspertone »

I am on VBox 6.1.4, windows host, windows guest (10, x64 both)

I am trying to pass udp packets from internet to the host using NAT, forwarding them with a rule. Firewalls down for testing.

I was unable to make it work. I change strategy to use briged networking and everything goes sweet, so I believe that UDP forwarding er... either I do not know how to use it (that looks straiforward to use) or is not working properly. Besides, I can confirm that TCP forwarding works properly.

Anyone can confirm that NAT UDP is working ok for him/her?
Any special configuration trick to know?
Did i spot a bug reincarnated? (I mean this one for example https://www.virtualbox.org/ticket/18029)

Thanks
CT
Last edited by caspertone on 12. Apr 2020, 14:36, edited 1 time in total.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: UDP Port forwarding

Post by fth0 »

Please provide a zipped VBox.log file from a VM run with the UDP port forwarding configured and not working.
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding

Post by caspertone »

fth0 wrote:Please provide a zipped VBox.log file from a VM run with the UDP port forwarding configured and not working.
Thanks for caring.

Here it goes.

What I see is the application on the guest is not receiving udp packets, and changing from Nat using forwarding to bridged network solves the issue. It is not the arrangement that I wish but it provides a workaround.

If needed can generate trafic and capture packet traces.

TIA,
CT
Last edited by caspertone on 7. May 2020, 18:53, edited 1 time in total.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: UDP Port forwarding

Post by fth0 »

From the VBox.log file, I noticed that you provide the Paravirtualized Network (virtio-net) adapter to the guest. Does the problem persist if you use the standard Intel PRO/1000 MT Desktop (82540EM) network adapter? If not, which network driver do you use inside your guest?
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding

Post by caspertone »

fth0 wrote:From the VBox.log file, I noticed that you provide the Paravirtualized Network (virtio-net) adapter to the guest. Does the problem persist if you use the standard Intel PRO/1000 MT Desktop (82540EM) network adapter? If not, which network driver do you use inside your guest?
Will check with intel pro

Currently I am using 0.1.173, specifically .3 (as the last changes are mostly cosmetic), from https://fedorapeople.org/groups/virt/vi ... /CHANGELOG
Donwloaded here https://fedorapeople.org/groups/virt/vi ... 0.1.173-3/

See atachment for further info
Last edited by caspertone on 7. May 2020, 18:54, edited 1 time in total.
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding

Post by caspertone »

fth0 wrote:From the VBox.log file, I noticed that you provide the Paravirtualized Network (virtio-net) adapter to the guest. Does the problem persist if you use the standard Intel PRO/1000 MT Desktop (82540EM) network adapter? If not, which network driver do you use inside your guest?
The problem worsens with Intel PRO/1000 MT Desktop, UDP forwarding does not work, NEITHER TPC forwarding. I tried also wit MT Server to same results. I found that PCNET cards are no more supported under W10 (seems that VBOX is getting short in NIC support in W10...)

I also found this that seems could be related viewtopic.php?f=7&t=91280

I will revert to bridge.

Perhaps the dingy I wish to use is using ICMP to handle UDP errors. So, ICMP => NAT forwarding not working as per VBOX manual.

Thanks for your support. Any other idea is welcomed

CT
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: UDP Port forwarding

Post by fth0 »

I successfully tested the port forwarding in one of my setups which seems to be similar to yours: Windows 10 1909 (current) as host and guest, VirtualBox 6.1.4, Intel PRO/1000 MT Desktop (82540EM) adapter with NAT (IP 10.0.2.15 from DHCP server 10.0.2.2), port forwarding exactly configured like you. Packets originating from outside the host with the host IP as the destination IP are forwarded, as are packets originating from the host itself with the host IP as the destination IP. If you use the localhost IP (127.0.0.1) as the destination, the packets are not forwarded, unless you specify the localhost IP address in the port forwarding rule, which is consistent with the documentation. My whole test took about 10 minutes, so there is no long-time experience included.
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding

Post by caspertone »

fth0 wrote:I successfully tested the port forwarding in one of my setups
Thanks for checking.

As said before, I suspect that the client I am using is using ICMP, so it is not a VBOX bug, only a functionality not included as the manual clearly states.

I have filled a request for enhancement (full ICMP forwarding ability), but I am not optimistic as same request was already dismissed more than 10 years ago... but things could have changed - there is some hope... (edited after @fth0 correction - thanks)

https://www.virtualbox.org/ticket/19478

Best,
CT
Last edited by caspertone on 12. Apr 2020, 23:06, edited 1 time in total.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: UDP Port forwarding - solved!

Post by scottgus1 »

The devs have reported that they are over-full supporting Oracle's paying customers' needs & bugs. So such requests have to coincide with what the paying customers desire, if bugs are under control enough to allow time to do enhancements, for the request to show up anytime soon.

In other words, I wouldn't hold my breath... :lol:
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding - solved!

Post by caspertone »

scottgus1 wrote:The devs have reported that they are over-full supporting Oracle's paying customers' needs & bugs. ...
Thanks for your view. I had same view but trying is cheap :wink:

joke/irony on
I have been following dev-mails available to outsiders and the volume is so low that it would look that VBox would be abandon-ware... of course I was expecting that not to be the case, due to paying users... so us, freeriders, are the social (digital age) beneficiaries ... being Oracle our supporting charity :? Notwithstanding that, we pay in kind doing testing and bug identification ;-) So there is space to have some (quite small) profit back in terms of enhancements...
joke/irony off

In any case, I do not wish to sound disgrateful, we have to fully appreciate what we have: VBox is an incredible piece of technology make available worldwide at no cost (extension pack free only for personal/educational); of course, we will newer know if this is just an act of philanthropy, either an strategic move against other competitors... or both; but the product is available in full no kind of freemium approach...
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: UDP Port forwarding - solved!

Post by fth0 »

caspertone wrote:same request was already dismissed more than 10 years ago...
I don't think so. IMO, the old request was about ping (ICMP echo request/reply) not working from the guest to the Internet through NAT, which does work nowadays.

What doesn't work today, are typical shortcomings of NAT gateways in general (not only the VirtualBox one). For example, NAT gateways have timeouts for "connections" of connection-less protocols like UDP and ICMP. This can sometimes be mitigated by keep-alive packets ... ;)
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding - solved!

Post by caspertone »

fth0 wrote:
caspertone wrote:same request was already dismissed more than 10 years ago...
I don't think so. IMO, the old request was about ping (ICMP echo request/reply) not working from the guest to the Internet through NAT, which does work nowadays.
...
I re-read https://www.virtualbox.org/ticket/181

You are fully right: the request was for Inability to ping from guest, and this works now. I edited the wrong statement to strike through the misleading information, thanks.

"Frank" words distracted me, as he wrote "This is not really a bug but more an issue or an unimplemented feature. Lack of ICMP support with NAT is described in the UserManual chapter 5.3.2. No fix is planned since ICMP is not important for NAT."

From there I got the message that ICMP was not goint to be fixed... and it has not indeed :? - while there is true that ping was fixed.

On the other hand, not duly handling ICMP has its effects, as you can see here https://success.thousandeyes.com/Public ... ualization

I am not sure I understand the keep alive approach, perhaps you can explain better or PM me...
I might stay using bridget net, or I am wondering if getting into experimentate with proxy/nat sw like win-gate or alike. Instead of using VBox NAT engine I could use that other engines.

Thanks,
CT
Last edited by caspertone on 12. Apr 2020, 23:41, edited 1 time in total.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: UDP Port forwarding - solved!

Post by scottgus1 »

A 'keep-alive' is some form of throw-away information sent through a channel that closes on its own after a period of time, to reset the channel's timer so the channel stays open.

An example: I wrote my own remote-control 'app' for VLC using a very jury-rigged setup of sending text files over wi-fi to a shared folder on the PC running VLC. An HTA script with a "touchpad" on my tablet writes the text files and a vbscript on the VLC PC reads the text files and sends keystrokes to VLC. I found that the HTA script wouldn't responsively send commands if I let it sit while watching something. I finally figured out that the tablet was forgetting the connection to the shared folder and needed to 're-enumerate' it when I sent another command. I made a 30-second timer in the HTA to send another text file with the system time and the channel stayed open, and the HTA stayed responsive.

How you do that in your setup is something you'd have to design.
caspertone
Posts: 54
Joined: 2. Apr 2014, 10:27

Re: UDP Port forwarding - solved!

Post by caspertone »

scottgus1 wrote:How you do that in your setup is something you'd have to design.
Thanks!

I mean, I should run the keepalive from the guest or from the host?
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: UDP Port forwarding - solved!

Post by fth0 »

caspertone wrote:I am not sure I understand the keep alive approach, perhaps you can explain better
I can try. ;)

For example, consider a typical home router that performs NAT (Network Address Translation) between the home network and the Internet. A PC in the home network starts an UDP session by sending a UDP packet to a server in the Internet. The router replaces source IP and source port, memorizes this translation, and repeats it for the other packets of this session in both directions. When the session ends, the router forgets the memorized translation again. But how can the router recognize that the session ends? Since UDP is a connection-less protocol, the router cannot decide itself when the session ends. The solution is a timer per session (e.g. 90 seconds UDP session timeout) that is restarted for every packet of the session (simplified description), and when the timer elapses, the translation is forgotten. To prevent this from happening ("keeping the session alive"), you can regularly send additional packets (e.g. empty UDP packets) in the direction of the first packet (NAT vs. port forwarding).
Post Reply