NAT doesn't work in 4.3.14, works fine after downgrading to 4.3.12

[Nuno Ferreira]

The host is Win7 64 bit, and tried several different linux guest machines. When configured as NAT, ping worked to any internet or LAN IP address but any UDP or TCP connection failed with Network unreachable.

Those same guest machines worked fine when the networking was configured as bridged.

What kind of information may I provide to help you with this?

By the way, originally I posted the problem to the forums to this thread ​https://forums.virtualbox.org/viewtopic.php?f=6&t=63098.

[Valery Ushakov]

Please, can you provide a packet capture of a failed udp/tcp connection? Ideally both from the guest and from the host.

[Nuno Ferreira]

I'll try to get the traces, but as I now have v4.3.12 installed and need it daily for work it may take a few days.

[philbarr]

Problem is also in 4.3.15. I will also try to post a trace later.

[Frank Mehnert]

We are still interested in a packet trace. Preferably from VBox 4.3.16 (just released).

[jianglai]

I also have this problem. Windows 8.1 host & Linux guest. Can someone direct to instructions on how to do a packet capture?

[Valery Ushakov]

Please provide output from your guest

ifconfig -a
netstat -rn

and from your host

ipconfig /all
netstat -rn

In your Linux guest install wireshark package (some distributions have separate package for the wireshark gui, you want that one too). You can get wireshark for Windows from ​https://www.wireshark.org/download.html

Start wireshark in your guest and start capture on your NAT interface (eth0, most likely). Start wireshark on the host and start capture on "pseudodevice that captures on all interfaces".

Make your connection from the guest. After it failed, stop the captures and save them. File type: wireshark pcapng.

[Kartoffelbrei]

I also have this problem.. It only works when i configure Network Bridge.

I Wiresharked in the Win7-64bit host with 4.3.16. and and tcpdumped in the guest (Ubuntu 14.04 LTS SR 1) with guestadditions installed.

HTTP Requests:

I see Syn Packages going out in the guest but they remain unanswered. Also there is a routing problem that the guest cant reach the target net "ICMP net 192.168.100.5 unreachable" I also noted that, when i ask for the routes with the command route it takes up to a minute to get me the route. Maybe here is a problem with the routing. Here is the Log from tcpdump:

09:00:09.843038 IP 10.0.2.15.43064 > 192.168.100.5.80: Flags [S], seq 2368256494, win 29200, options [mss 1460,sackOK,TS val 4294941447 ecr 0,nop,wscale 7], length 0
09:00:09.843510 IP 10.0.2.2 > 10.0.2.15: ICMP net 192.168.100.5 unreachable, length 36
09:00:11.850974 IP 10.0.2.15.43065 > 192.168.100.5.80: Flags [S], seq 941799117, win 29200, options [mss 1460,sackOK,TS val 4294942050 ecr 0,nop,wscale 7], length 0
09:00:11.851721 IP 10.0.2.2 > 10.0.2.15: ICMP net 192.168.100.5 unreachable, length 36

In the Host System i cant see any of the traffic. It just doesnt show up.

Ping Request:

I see normal packages in the guest I see the packages in the host with my host adress and the target adress It works fine!

If i can help any further just ask for it!

[Valery Ushakov]

Replying to Kartoffelbrei:

I see Syn Packages going out in the guest but they remain unanswered. Also there is a routing problem that the guest cant reach the target net "ICMP net 192.168.100.5 unreachable" I also noted that, when i ask for the routes with the command route it takes up to a minute to get me the route. Maybe here is a problem with the routing.

In the Host System i cant see any of the traffic. It just doesnt show up.

Please, can you provide interfaces and routing information (as requested in comment:6)?

[Kouen22]

Hello , i have the same problem here using windows 7 host and ubuntu guest VBx Version 4.3.15 r95286 here is a tcpdump from guest os: ​http://pastebin.com/yLasiMiP Host system ------- Ipconfig: ​http://pastebin.com/0HT6L1gC Netstat ​http://pastebin.com/Twxj9ak5 host------------------ when i use bridged networking it works fine. everything is properly configured

[Kouen22]

i hope it helps solve the problem Salutations

[Valery Ushakov]

Thanks, but tcpdump text output is not quite enough in this case since it doesn't show all the information, like payload of ICMP errors. The actual capture (tcpdump -s 1500 -w ... or, equivalently, saving captured packets from wireshark) would be more useful.

[Kouen22]

tcpdumped while mtr host system working with wireshark

[Kouen22]

netstat and ipconfig of guest system ​http://postimg.org/image/h3vrrscdn/

[Kartoffelbrei]

Information for Nat Problem - pcap and networkfiles

[Kartoffelbrei]

Replying to vushakov:

Replying to Kartoffelbrei:

In the Host System i cant see any of the traffic. It just doesnt show up.

Please, can you provide interfaces and routing information (as requested in comment:6)?

I uploaded the file "filelogs.zip" with all the information you need!

Hope this will help!

[Valery Ushakov]

Does "NAT Network" attachment work? If you don't use NAT Network, you will need to create one first via VM Manager -> File -> Preferences -> Network.

I might need to ask you to test with an instrumented build to obtain more information. I don't see anything obviously wrong with the network settings you posted.

[Kartoffelbrei]

When i activate the NAT Network, it doesnt work at all... I cant get an ARP Resolution - the gateway within the guest 10.0.5.1 cant be reached. There is no arp reply. the Routing and the ip is normal.

Of course i can test a testbuild - no problem at all.

[Valery Ushakov]

So far this looks like WSAGetLastError() is clobbered between connect() and error test in the caller.

What antivirus/firewall do you have installed?

[I would also be interested in investigating NAT Network problem, but it's better to do that under a separate bug report].

[Valery Ushakov]

Please, try https://www.virtualbox.org/download/testcase/VirtualBox-4.3.17-96140-Win.exe

Extra logging is turned off by default. After starting the VM you need to do

VBoxManage debugvm "..." log --release -- +drv_nat.l2

try making a TCP connection. You should see extra "NAT:" messages about connect() in your VBox.log. Please attach that log file.

Extra logging is not persistent across VM runs. If you need to turn it off, you can use

VBoxManage debugvm "..." log --release -- -drv_nat.l2

Thanks in advance.

[Kartoffelbrei]

I have installed the new build on my test computer. It works... But now there is the problem, that I dont know whether it works because of the new build or the fresh windows install.

It doesnt work on my productive system and i cannot install a test release there.

I created the log as you mentioned on my productive system with 4.3.16.and attached it here.

Does this help you?

[Kartoffelbrei]

Oh yeah i forgot something:

I have the Avira virus Scan and the Windows 7 firewall activated.

[Kartoffelbrei]

the extended logging with NAT on a 4.3.16.

[Valery Ushakov]

Replying to Kartoffelbrei:

I have installed the new build on my test computer. It works... But now there is the problem, that I dont know whether it works because of the new build or the fresh windows install.

It doesnt work on my productive system and i cannot install a test release there.

Just to clarify, 4.3.16 NAT did not work on the test computer too, right?

I created the log as you mentioned on my productive system with 4.3.16.and attached it here.

Does this help you?

Unfortunately, not. Since I need the log from that extra instrumentation I added to that test build and that is not present in 4.3.16

[Frank Mehnert]

To all affected users: We are still looking for log files which vushakov requested in comment 17. We need the additional logging to find out why it doesn't work in your environment because we cannot reproduce this problem. The additional logging must be taken from the 4.3.17-96140 test build provided in comment 17, trying to activate this logging with 4.3.16 will not work.

Also, please clearly confirm that

1. NAT was working fine for your with VBox 4.3.12
2. The problem described here started for you with VBox 4.3.14
3. Even with VBox 4.3.16 you have the same problem
4. Do you experience the same problem when switching the network attachment type to "NAT network"?

Thank you!

[Tomz7345]

1. NAT works fine with VBox 4.3.12
2. Don't know. Updated from 4.3.0 to 4.3.16. 4.3.16 did not work.
3. Even with VBox 4.3.16 only icmp is working. Tcp and udp are not working.
4. Yes, problem persists if switching to "NAT network".

With additional logging from comment 17 the Log says "tcp_fconnect error 10106 (was 10106)" when i try to etablish a tcp connection.

The full log can only sent by private mail due to privacy issues.

Antivirus/firewall (Sophos SafeGuard and Sophos Endpoint Security) is installed on my machine.

[Valery Ushakov]

Replying to Tomz7345:

With additional logging from comment 17 the Log says "tcp_fconnect error 10106 (was 10106)" when i try to etablish a tcp connection.

Ah, thanks! That is the crucial bit of information I was looking for. This is WSAEPROVIDERFAILEDINIT. Given this error and since things started failing since 4.3.14 it's most likely that the problem is yet another manifestation of varied issues uncovered by hardening code introduced in 4.3.14 on Windows.

[Kartoffelbrei]

Sorry i have been off the net for a few days..

So you dont need any more Information?

Yes the NAT didnt work before on my test computer..

[bird]

It looks like it's related 4.3.14+ screening DLLs before they get loaded into the VM process (for security raisins). There are a couple of Avira DLLs being failed in LoadLibrary() because they're installed with Administrators (group) instead of TrustedInstaller or LocalSystem as owner. We'll be addressing this in the next release, but there will probably be a test build (/ hot fix) that addresses the issue.

Thanks for the report and patience,

bird.

[bird]

This test build should solve the issue, I hope: https://www.virtualbox.org/download/testcase/VirtualBox-4.3.17-96342-Win.exe

Feedback on whether it works or not would be nice, of course. :-)

[lucatruf]

I just downloaded the build and installed it on my machine. Virtualbox shows version 4.3.17 r96342.

Unfortunatelly it didn't solve the problem. I activating the debug, then I did a telnet <ipaddress> I got the following message on the log: 00:01:28.872901 NAT: tcp_fconnect error 10106 (was 10106)

[bird]

lucatruf: Would you mind uploading the VBoxStartup.log for that (or a similar) session?

[lucatruf]

VBoxStartup.log file

[lucatruf]

In case it might help, I tryed to install and even run VirtualBox as Administrator but the problem persists.

[bird]

Thanks for the quick response. We're getting a bit further now. The next problem is that WinVerifyTrust fails to find a valid signature for the file "C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll". Unsigned DLLs will not be permitted into the VBox VM process, period.

Now, there is a slight chance that there might be a bug in our code that could hypothetically make it reject valid DLLs. Would be great if you could use sigcheck.exe from SysInternals/Microsoft to verify independently validate the signature of the DLL. You can find it at: ​http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx Would be great to have the output of this command:

sigcheck.exe -i "C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll"

[lucatruf]

It seems your code is ok.

Sigcheck v2.1 - File version and signature viewer Copyright (C) 2004-2014 Mark Russinovich Sysinternals - www.sysinternals.com

c:\program files\open text\socks client\HumSOCKS.dll:

Verified: Unsigned Link date: 17:30 24/10/2012 Publisher: Open Text Corporation Description: Open Text SOCKS Client for x64 Product: Open Text SOCKS Client Prod version: 14.0.0.0 File version: 14.0.11.180 MachineType: 64-bit

[lucatruf]

Can I prevent somehow the DLL to be loaded or I have to uninstall Open Text ?

[jianglai]

4.3.17 works for me now. NAT didn't work with 4.3.16.

[lucatruf]

I confirm that removing the unsigned DLL let Virtualbox to work correctly.

[Nuno Ferreira]

I was only able to look at this issue again now.

I confirm that this build also fixes the problem for me.

[Ralf Buehler]

I have a similar issue on my system:

Up to know, I have used Version 4.3.10 and Internet Access worked fine. I am using Windows 7 64Bit as Host and Linux (Debian and Ubuntu) as Guest Operating Systems.

After I updated to Version 4.3.18 the Internet Access (NAT) is not working anymore. Still I am able to Ping the physical router, which means the network itself is OK. Only if I use bridged mode, the Internet works fine.

By downgrading to Version 4.3.10, Internet is back working again.

Thanks for any help to solve the problem, Buehlerra

[Ralf Buehler]

Here my VBoxStartup.log file

[Ralf Buehler]

I have narrowed the problem down to the driver of my network card. It seems, that under 4.3.10 it is working, but under 4.3.18 not. If I install the network driver from the year 2011, it works with 4.3.18. Any newer driver does not.

The used network card is a onboard Bigfoot (now Qualcomm) Killer E2100 Gigabit Ethernet Chipset. The following driver versons have been tested: 6.1.0.179 Working OK, 6.1.0.310 not working with 4.3.18, 6.1.0.602 not working with 4.3.18, 6.1.0.603 not working with 4.3.18 (this is the latest official available driver)

Any possibility to fix this?

[bird]

The "Bigfoot Networks Killer Network Manager" part of your NIC driver is what's causing trouble. We're apparently not the first ones having trouble with it:

• ​http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_programs/bfllr-dynamic-library-bigfoot-networks-inc/023018cb-ee6f-41b5-a9cf-c245f3e88d7c
• ​http://superuser.com/questions/675741/fixing-chrome-incompatibility-with-bfllr-dynamic-library

The issue VBox is having with the "killer network manager" is that Qualcomm/Bigfoot have not signed the BFLLR.DLL file with a cryptographic (digital) signature. Starting with 4.3.14 we refuse to load DLLs that aren't either directly signed or indirectly via a signed driver/installer catalog file. This is for security reasons. See, VBox cannot tell if this BfLLR.dll is from a company/individual that was too lazy to use the signing certificate it/he already has (the actual driver files the kernel uses are signed), or a DLL from an evil adversary of yours that wants your passwords, bank account details, and more.

I'd recommend uninstall the "kill network manager" part, like that iTunes user did in the first link, and/or petition qualcomm to start signing their WinSock components (BfLLR.dll).

[Ralf Buehler]

Finally could resolve the issue. I had to deactivate the "Bigfoot Networks Killer Network Manager" from autostart and in addition to execute netsh winsock reset command in command promt with admin rights.

[russellvt]

I am seeing a problem similar to this with a Debian 7 host under 4.3.22 (as well as some previous versions)... connection fails intermittently. I noticed that the dhclient seems to be re-requesting addresses every ten seconds or so, and spamming /var/log/syslog with those requests (this host is running behind a NAT interface).

A sample of the logged messages...

Feb 24 17:04:36 rvt-debian7 NetworkManager[2601]: <info> (eth1): DHCPv4 state changed nbi -> preinit
Feb 24 17:04:36 rvt-debian7 dhclient: Listening on LPF/eth1/08:00:27:ee:06:4b
Feb 24 17:04:36 rvt-debian7 dhclient: Sending on   LPF/eth1/08:00:27:ee:06:4b
Feb 24 17:04:36 rvt-debian7 dhclient: Sending on   Socket/fallback
Feb 24 17:04:36 rvt-debian7 dhclient: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6
Feb 24 17:04:37 rvt-debian7 NetworkManager[2601]: <warn> error monitoring device for netlink events: error processing netlink message: Object busy
Feb 24 17:04:38 rvt-debian7 avahi-daemon[2581]: Joining mDNS multicast group on interface eth1.IPv6 with address fe80::a00:27ff:feee:64b.
Feb 24 17:04:38 rvt-debian7 avahi-daemon[2581]: New relevant interface eth1.IPv6 for mDNS.
Feb 24 17:04:38 rvt-debian7 avahi-daemon[2581]: Registering new address record for fe80::a00:27ff:feee:64b on eth1.*.

[Valery Ushakov]

Replying to russellvt:

I am seeing a problem similar to this with a Debian 7 host ... connection fails intermittently.

Do you mean Debian guest? What is your host system?

This bug is about fallout from Windows hardening. If some DLL cannot be loaded, it's not an intermittent condition. That alone makes me think you problem is probably unrelated. Please, file a new bug with as much details as possible (VBox.log file and packet capture would be a good start).

[Giangi]

I have created a different ticket #14833 for my NAT problem because I'm running v5.0.10/11 but I got suggestion to better write here... so here I am...

I have upgraded my VB from 4.3.12 directly to 5.0.10 and now none of my guests configured as NAT are able to navigate. Currently I have installed the latest test build 5.0.11 but the problem is still there

This is related to this forum post: ​https://forums.virtualbox.org/viewtopic.php?f=1&t=74498#p344920

I'm primarily using VB on a network which has Microsoft Forefront TMG as proxy/firewall. I do have full admin access on TMG and enabling the logging I do not see any errors but I do not see any "real traffic" too, just the start/close session

On my pc I have the Forefront TMG Client installed and enabled, could it be that its DLLs are being blocked?

In the logs there are many references to these DLLs, like the following.

1388.1bb0: supHardenedWinVerifyImageByHandle: -0 (\Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll) WinVerifyTrust
1388.1bb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll

1388.1bb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Forefront TMG Client\FwcWsp.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007c7b5c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1388.1bb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll
1388.1bb0: supR3HardenedDllNotificationCallback: load 74bb0000 LB 0x001fc000 C:\Program Files\Forefront TMG Client\FwcWsp.dll [fFlags=0x0]
1388.1bb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll

The guest NIC is configured as:

Configurazione IP di Windows
        Nome host . . . . . . . . . . . . . . : TESTXP1NEW
        Suffisso DNS primario  . . . . . . .  :
        Tipo nodo . . . . . . . . . . . . . .  : Ibrido
        Routing IP abilitato. . . . . . . . . : No
        Proxy WINS abilitato . . . . . . . .  : No
        Elenco di ricerca suffissi DNS. . . . : master.local
Scheda Ethernet Lan:
        Suffisso DNS specifico per connessione: master.local
        Descrizione . . . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
        Indirizzo fisico. . . . . . . . . . . : 08-00-27-BB-9E-71
        DHCP abilitato. . . . . . . . . . . . : Sì
        Configurazione automatica abilitata   : Sì
        Indirizzo IP. . . . . . . . . . . . . : 10.0.2.15
        Subnet mask . . . . . . . . . . . . . : 255.255.255.0
        Gateway predefinito . . . . . . . . . : 10.0.2.2
        Server DHCP . . . . . . . . . . . . . : 10.0.2.2
        Server DNS . . . . . . . . . . . . .  : 10.0.2.3
        Lease ottenuto. . . . . . . . . . . . : lunedì 16 novembre 2015 13.39.27
        Scadenza lease . . . . . . . . . . .  : martedì 17 novembre 2015 13.39.27

DNS resolution is working...

C:\Documents and Settings\Utente>nslookup
*** Impossibile trovare nome server per l'indirizzo 10.0.2.3: Non-existent domain
*** I server predefiniti non sono disponibili
Server predefinito:  UnKnown
Address:  10.0.2.3
set q=any
google.com
Server:  UnKnown
Address:  10.0.2.3
Risposta da un server non di fiducia:
google.com      internet address = 173.194.112.137
google.com      internet address = 173.194.112.133
google.com      internet address = 173.194.112.130
google.com      internet address = 173.194.112.131
google.com      internet address = 173.194.112.136
google.com      internet address = 173.194.112.142
google.com      internet address = 173.194.112.134
google.com      internet address = 173.194.112.135
google.com      internet address = 173.194.112.128
google.com      internet address = 173.194.112.132
google.com      internet address = 173.194.112.129
google.com      nameserver = ns1.google.com
google.com      nameserver = ns3.google.com
google.com      nameserver = ns4.google.com
google.com      nameserver = ns2.google.com
google.com
        primary name server = ns1.google.com
        responsible mail addr = dns-admin.google.com
        serial  = 107925622
        refresh = 900 (15 mins)
        retry   = 900 (15 mins)
        expire  = 1800 (30 mins)

On my home network all the guests are connecting to internet without problems.

[Giangi]

for comment 42 https://www.virtualbox.org/ticket/13292#comment:42

[Giangi]

for comment 42 https://www.virtualbox.org/ticket/13292#comment:42

[Giangi]

Fixed how and when? Personally I had to use a workaround for this because it hasn't been fixed!

To use NAT with TMG install cNTLM on host and set on guest host-ip:3128 as proxy

"Fortunately" I currently do not have anymore a TMG server to use so I do not need my workaround...

[techlevel]

Please, reopen this ticket. I'm experiencing the same issues as described with the latest version of VirtualBox.