| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="nat-limitations">
|
|---|
| 4 | <title>NAT Limitations</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p>There are some limitations of NAT mode which users should be aware of, as follows: </p>
|
|---|
| 8 | <ul>
|
|---|
| 9 | <li>
|
|---|
| 10 | <p><b outputclass="bold">ICMP protocol limitations.</b>
|
|---|
| 11 | Some frequently used network debugging tools, such as
|
|---|
| 12 | <userinput>ping</userinput> or <userinput>traceroute</userinput>,
|
|---|
| 13 | rely on the ICMP protocol for sending and receiving
|
|---|
| 14 | messages. <ph conkeyref="vbox-conkeyref-phrases/product-name"/> ICMP support has some limitations,
|
|---|
| 15 | meaning <userinput>ping</userinput> should work but some other
|
|---|
| 16 | tools may not work reliably.
|
|---|
| 17 | </p>
|
|---|
| 18 | </li>
|
|---|
| 19 | <li>
|
|---|
| 20 | <p><b outputclass="bold">Receiving of UDP broadcasts.</b> The guest does not reliably
|
|---|
| 21 | receive UDP broadcasts. In order to save resources, it only listens for a certain amount
|
|---|
| 22 | of time after the guest has sent UDP data on a particular port. As a consequence, NetBios
|
|---|
| 23 | name resolution based on broadcasts does not always work, but WINS always works. As a
|
|---|
| 24 | workaround, you can use the numeric IP of the required server in the
|
|---|
| 25 | <filepath>\\<varname>server</varname>\<varname>share</varname></filepath> notation. </p>
|
|---|
| 26 | </li>
|
|---|
| 27 | <li>
|
|---|
| 28 | <p><b outputclass="bold">Some protocols are not
|
|---|
| 29 | supported.</b> Protocols other than TCP and UDP are
|
|---|
| 30 | not supported. GRE is not supported. This means some VPN
|
|---|
| 31 | products, such as PPTP from Microsoft, cannot be used. There
|
|---|
| 32 | are other VPN products which use only TCP and UDP.
|
|---|
| 33 | </p>
|
|---|
| 34 | </li>
|
|---|
| 35 | <li>
|
|---|
| 36 | <p><b outputclass="bold">Forwarding host ports below
|
|---|
| 37 | 1024.</b> On UNIX-based hosts, such as Linux, Oracle
|
|---|
| 38 | Solaris, and macOS, it is not possible to bind to ports
|
|---|
| 39 | below 1024 from applications that are not run by
|
|---|
| 40 | <codeph>root</codeph>. As a result, if you try to
|
|---|
| 41 | configure such a port forwarding, the VM will refuse to
|
|---|
| 42 | start.
|
|---|
| 43 | </p>
|
|---|
| 44 | </li>
|
|---|
| 45 | </ul>
|
|---|
| 46 | <p>These limitations normally do not affect standard network use. But the presence of NAT has also subtle effects
|
|---|
| 47 | that may interfere with protocols that are normally working. One example is NFS, where the server is often
|
|---|
| 48 | configured to refuse connections from non-privileged ports, which are those ports above 1024. </p>
|
|---|
| 49 | </body>
|
|---|
| 50 |
|
|---|
| 51 | </topic>
|
|---|
