Network Address Translation

NAT mode gives you a quick and uncomplicated approach to breaking out of jail. After selecting NAT mode in the Connected to drop-down box, the virtual network card is assigned an address by a simulated DHCP server with a firewall that gives the virtual machine access to the outside world.

Figure 3 shows you how this works. In step one, the adapter in the virtual machine is automatically assigned an IP address by the integrated DHCP server, which normally assigns addresses in the 10.0.x.x. range.

Figure 3: In NAT mode, the virtual machine is assigned an address by the internal DHCP server. The firewall prevents external addresses from accessing the virtual machine.

As soon as the guest starts transmitting packets over the virtual wire, VirtualBox captures the packages and inserts the host system's IP address before sending them onto the Internet.

Although the configuration does not take long, this operating mode involves one functional drawback: IP address implementation (NAT) in combination with the internal firewall lets the guest system send data out into the world; however, the outside world, and the host, are kept out. The only exception here is remote desktop in the commercial version, or you can use VPN tools such as Openvpn to tunnel into the box.

Port Forwarding

In other words, it is impossible to encapsulate production servers in the virtual NAT machine in a meaningful way. Port forwarding gives you a workaround. VirtualBox listens on a port on the host system and forwards packages arriving at this port to a port on the selected virtual machine. From another machine's point of view, it seems that the service is available directly on the host.

Three VBoxManage commands enable port forwarding before launching the virtual machine:

VBoxManage setextradata "UbuntuVM" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/myservice/Protocol" TCP
VBoxManage setextradata "UbuntuVM" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/myservice/GuestPort" 22
VBoxManage setextradata "UbuntuVM" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/myservice/HostPort" 2222

This tells VirtualBox to forward all TCP connections for port 2222 on the host to port 22 on the guest. myservice is a freely assignable name, and UbuntuVM is the name of the virtual machine. If all of these values are empty when the command is called, VirtualBox will disable port forwarding again.

Host Interface

NAT with port forwarding entails noticeable organizational overhead. The administrator must open – and possibly secure – ports on the server; of course, you need to keep track of which ports are mapped to which services on which machine. Host Interface Networking mode gives you a more convenient approach to running a server on VirtualBox, although setting up this mode is quite tricky.

In Host Interface Networking mode, VirtualBox creates an additional virtual network card on the host – for example, vbox0 besides the familiar eth0. After setting up the new network card, VirtualBox uses a virtual cable to patch the connection to the simulated adapter on the guest system (Figure 4).

Figure 4: The Internet request reaches the host, which uses a TAP interface to pass it on to the virtual machine.

For productive applications, VirtualBox typically uses a bridge to connect the physical and virtual networks. This union acts like a single large network in interactions with the outside world.

To set this up, you first need to set up a virtual network interface for each guest on the host.