beautypg.com

3 network address translation (nat), 1 configuring port forwarding with nat, Network address translation (nat) – Sun Microsystems VIRTUALBOX VERSION 3.1.0_BETA2 User Manual

Page 90: Configuring port forwarding with nat

background image

6 Virtual networking

6.3 Network Address Translation (NAT)

Network Address Translation (NAT) is the simplest way of accessing an external net-
work from a virtual machine. Usually, it does not require any configuration on the
host network and guest system. For this reason, it is the default networking mode in
VirtualBox.

A virtual machine with NAT enabled acts much like a real computer that connects

to the Internet through a router. The “router”, in this case, is the VirtualBox network-
ing engine, which maps traffic from and to the virtual machine transparently. The
disadvantage of NAT mode is that, much like a private network behind a router, the
virtual machine is invisible and unreachable from the outside internet; you cannot run
a server this way unless you set up port forwarding (described below).

The virtual machine receives its network address and configuration on the private

network from a DHCP server integrated into VirtualBox. The IP address thus assigned
to the virtual machine is usually on a completely different network than the host. As
more than one card of a virtual machine can be set up to use NAT, the first card is
connected to the private network 10.0.2.0, the second card to the network 10.0.3.0
and so on. If you need to change the guest-assigned IP range for some reason, please
refer to chapter

9.13

,

Fine-tuning the VirtualBox NAT engine

, page

148

.

The network frames sent out by the guest operating system are received by

VirtualBox’s NAT engine, which extracts the TCP/IP data and resends it using the host
operating system. To an application on the host, or to another computer on the same
network as the host, it looks like the data was sent by the VirtualBox application on
the host, using an IP address belonging to the host. VirtualBox listens for replies to
the packages sent, and repacks and resends them to the guest machine on its private
network.

6.3.1 Configuring port forwarding with NAT

As the virtual machine is connected to a private network internal to VirtualBox and
invisible to the host, network services on the guest are not accessible to the host ma-
chine or to other computers on the same network. However, VirtualBox can make
selected services available outside of the guest by using port forwarding. This means
that VirtualBox listens to certain ports on the host and resends all packets which arrive
on them to the guest on the ports used by the services being forwarded.

To an application on the host or other physical (or virtual) machines on the network,

it looks as though the service being proxied is actually running on the host (note that
this also means that you cannot run the same service on the same ports on the host).
However, you still gain the advantages of running the service in a virtual machine
– for example, services on the host machine or on other virtual machines cannot be
compromised or crashed by a vulnerability or a bug in the service, and the service can
run in a different operating system than the host system.

You can set up a guest service which you wish to proxy using the command line

tool VBoxManage. You will need to know which ports on the guest the service uses
and to decide which ports to use on the host (often but not always you will want to

90