DNS requests not being forwarded to NAT VM

Discussions related to using VirtualBox on Linux hosts.
Post Reply
Rish
Posts: 5
Joined: 16. Mar 2021, 00:27

DNS requests not being forwarded to NAT VM

Post by Rish »

Hi guys, I've been having trouble with this for months, searched the forums via google and I can't seem to figure out why this is happening. I really desperately need your help!

I have a host machine (disabled firewall) with a VM (with NAT enabled for the VM). I have set the host port to 53/UDP to forward to VM port 5333/UDP. This does not work meaning I do not get any reponses.

However, if I set the host port 5333/UDP to VM port 5333/UDP, I can query the DNS server and get responses. This is driving me insane.

And while insane, I ran VirtualBox as root as well (since I thought maybe it was an under privileged issue) and the same goes, simply cannot get host port 53/UDP to forward to VM port 5333/UDP (no answers)

Here is where it gets really wild, I can run ubuntu dnsproxy on port 53 which queries 127.0.0.1 port 5333 and get responses when I use the host 5333/UDP to VM 5333/UDP - but this results in dns server only seeing requests originating from the host (10.0.2.2) and so this is a no go solution for me. I need the requesters IP addresses.

Can someone help me out here?

Host is running on Ubuntu 18.04.6 LTS. Virtualbox version: 6.1.30 r148432

Thanks so much!
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: DNS requests not being forwarded to NAT VM

Post by scottgus1 »

Please look over the manual, https://www.virtualbox.org/manual/ch09.html#changenat. See if anything there will help. Also see https://www.virtualbox.org/manual/ch06. ... imitations.

The PDF of the manual is text-searchable: https://download.virtualbox.org/virtual ... Manual.pdf
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: DNS requests not being forwarded to NAT VM

Post by fth0 »

Rish wrote:I have set the host port to 53/UDP to forward to VM port 5333/UDP.
In the networking stack of most OSes, only one process can listen on a port at any time, and usually a DNS server/forwarder/proxy process is listening on port 53/UDP. In consequence, a VirtualBoxVM process cannot additionally listen on it, so the port forwarding must fail.

What are you really trying to achieve?
Rish
Posts: 5
Joined: 16. Mar 2021, 00:27

Re: DNS requests not being forwarded to NAT VM

Post by Rish »

scottgus1 wrote:Please look over the manual, https://www.virtualbox.org/manual/ch09.html#changenat. See if anything there will help. Also see https://www.virtualbox.org/manual/ch06. ... imitations.

The PDF of the manual is text-searchable: https://download.virtualbox.org/virtual ... Manual.pdf
Thanks scottgus1 for this manual, I was not aware of it! I just went through it and I don't think my issue is covered by it - the closest thing I found that might have been related was under the limitations section where it is recommended to run the VM as root if you need to bind to port slover than 1024. I have already done this.

I will mess around with the other recommendations related to dnsproxy but I don't think that is it if this is being applies to specific VM as far as I can tell - my reasoning being that I can run dnsproxy on the host and forward to NATed port eg. 127.0.0.1 (host) with port (5333) which has been set to port forward to NAT VM port 5333.

I feel like this might be a host setting issue but I could be wrong.
Rish
Posts: 5
Joined: 16. Mar 2021, 00:27

Re: DNS requests not being forwarded to NAT VM

Post by Rish »

fth0 wrote:
Rish wrote:I have set the host port to 53/UDP to forward to VM port 5333/UDP.
In the networking stack of most OSes, only one process can listen on a port at any time, and usually a DNS server/forwarder/proxy process is listening on port 53/UDP. In consequence, a VirtualBoxVM process cannot additionally listen on it, so the port forwarding must fail.

What are you really trying to achieve?
Hi fth0, thanks for responding, really appreciate it as well. Definitely agree with you here regarding only one process listen to the port. To be clear, when I try doing the port forwarding, the host is clear of any application binding to port 53 udp. In fact, the only reason I decided to run the dnsproxy software on the host was because the NAT forwarding doesn't seem to be working for this particular port. I'm also running these VMs as root to avoid the 1024 limitation. It's really a perplexing situation.

In essence, what I want to do is use the VM as a the DNS server to answer DNS requests. I can only achieve this currently using dnsproxy software on the host which seems to lose the original requester's IP which I need (currently I only see requests from 10.0.2.2 which is the host IP when I keep an eye on the my dns server debug output).
Rish
Posts: 5
Joined: 16. Mar 2021, 00:27

Re: DNS requests not being forwarded to NAT VM

Post by Rish »

Hi guys, okay so I had a look at the logs for this VM via the UI interface (unfortunately I cannot copy and paste from that server) but it shows that indeed for some reason, NAT was unable to bind 0.0.0.0:53 to 0.0.0.0:5333 (according to the actual log). It seems that for some reason on this host, because there is something listening on 127.0.0.53 port 53, this seems to be causing the 0.0.0.0:53 bind to fail (???).

I have seemed to resolve this by setting the Host IP of the port forward for port 53 to the static IP of the host server (thankfully it's a static IP - this would be a pain if you're doing this with a dynamic ip as I think this would have to change everytime you ip changes). Anyways, this seems to work correctly - now I am able to get the original requesting IP.

I hope this helps others out there and thank you to all of you that rendered assistance!
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: DNS requests not being forwarded to NAT VM

Post by fth0 »

Rish wrote:something listening on 127.0.0.53 port 53
Usually this is systemd-resolved.
Post Reply