Opened 9 years ago
Last modified 8 years ago
#14833 closed defect
NAT doesn't work behind Microsoft Forefront TMG server — at Version 3
| Reported by: | Giangi | Owned by: | |
|---|---|---|---|
| Component: | network/NAT | Version: | VirtualBox 5.0.10 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description (last modified by )
I have upgraded my VB from 4.3.12 directly to 5.0.10 and now none of my guests configured as NAT are able to navigate.
This ticket is related to this forum post: https://forums.virtualbox.org/viewtopic.php?f=1&t=74498#p344920 I have found this bug report #13292 but is for an older VB release (v4)
I'm primarily using VB on a network which has Microsoft Forefront TMG as proxy/firewall. I do have full admin access on TMG and enabling the logging I do not see any errors but I do not see any "real traffic" too, just the start/close session
On my pc I have the Forefront TMG Client installed and enabled, could it be that its DLLs are being blocked?
In the logs there are many references to these DLLs, like the following.
1388.1bb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll) WinVerifyTrust 1388.1bb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll
1388.1bb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Forefront TMG Client\FwcWsp.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007c7b5c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1388.1bb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll 1388.1bb0: supR3HardenedDllNotificationCallback: load 74bb0000 LB 0x001fc000 C:\Program Files\Forefront TMG Client\FwcWsp.dll [fFlags=0x0] 1388.1bb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Forefront TMG Client\FwcWsp.dll
The guest NIC is configured as:
Configurazione IP di Windows
Nome host . . . . . . . . . . . . . . : TESTXP1NEW
Suffisso DNS primario . . . . . . . :
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No
Elenco di ricerca suffissi DNS. . . . : master.local
Scheda Ethernet Lan:
Suffisso DNS specifico per connessione: master.local
Descrizione . . . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Indirizzo fisico. . . . . . . . . . . : 08-00-27-BB-9E-71
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IP. . . . . . . . . . . . . : 10.0.2.15
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . . . : 10.0.2.2
Server DHCP . . . . . . . . . . . . . : 10.0.2.2
Server DNS . . . . . . . . . . . . . : 10.0.2.3
Lease ottenuto. . . . . . . . . . . . : lunedì 16 novembre 2015 13.39.27
Scadenza lease . . . . . . . . . . . : martedì 17 novembre 2015 13.39.27
DNS resolution is working...
C:\Documents and Settings\Utente>nslookup
*** Impossibile trovare nome server per l'indirizzo 10.0.2.3: Non-existent domain
*** I server predefiniti non sono disponibili
Server predefinito: UnKnown
Address: 10.0.2.3
> set q=any
> google.com
Server: UnKnown
Address: 10.0.2.3
Risposta da un server non di fiducia:
google.com internet address = 173.194.112.137
google.com internet address = 173.194.112.133
google.com internet address = 173.194.112.130
google.com internet address = 173.194.112.131
google.com internet address = 173.194.112.136
google.com internet address = 173.194.112.142
google.com internet address = 173.194.112.134
google.com internet address = 173.194.112.135
google.com internet address = 173.194.112.128
google.com internet address = 173.194.112.132
google.com internet address = 173.194.112.129
google.com nameserver = ns1.google.com
google.com nameserver = ns3.google.com
google.com nameserver = ns4.google.com
google.com nameserver = ns2.google.com
google.com
primary name server = ns1.google.com
responsible mail addr = dns-admin.google.com
serial = 107925622
refresh = 900 (15 mins)
retry = 900 (15 mins)
expire = 1800 (30 mins)
On my home network all the guests are connecting to internet without problems.
Change History (5)
by , 9 years ago
by , 9 years ago
| Attachment: | VBoxHardening.zip added |
|---|
comment:1 by , 9 years ago
comment:2 by , 9 years ago
You are probably running into hardening problems. Hardening on Windows was introduced in 4.3.14, so #13292 is relevant.
comment:3 by , 9 years ago
| Description: | modified (diff) |
|---|


Replying to Giangi:
I forgot to mention that I have installed the current test build 5.0.11 but nothing changed