How to set up a network on a virtualbox virtual machine. System integrator

Original: VirtualBox Networking
Translation to Linux in Russian
Posted by Robin Catling
Publication date: May 2012
Translation: Semenenko V.
Translation date: October 5, 2012
It all started when one day I needed to launch a CMS Wordpress instance in a sandbox. The beginning was simple. It was enough to create a Ubuntu 11.10 virtual server as a guest operating system on VirtualBox. But then I discovered that I knew much less about networks and their configuration than I previously thought. In particular, about packets, switches and routers. I knew even less about setting up networks in VirtualBox, where all hardware is presented in software. Several attempts and unsuccessful network settings, the goal was achieved - and as a result, I present to you this article. Its purpose is to save your nerves based on my own trial and error.

VirtualBox Network Settings

To get started, install any version of the VirtualBox virtual machine, starting with 3.0. And you will find in it approximately the same capabilities compared to those described in this article.
After installing the program, go to the "Settings - Network" menu. The appearance of the opened tab corresponds to the default settings. Any of the virtual machines can be configured to use four network adapters - depending on which one you need in specific case. But most often in practice only one of them is required. Typically, when installing a virtual machine, a simple network adapter is created by default. This is enough to access the Internet.
Depending on your needs, you may need to create multiple network interfaces different types. Or several devices of the same type, but with different settings. This may be required for use on virtual machine both physical and virtual network adapters. It all depends on which ones are connected.

For my web server with CMS Wordpress running on it, things are a little more complicated, so let's move on... The "Adapter Type" tab is responsible for setting up the virtual hardware. VirtualBox copes well with the role of a link between the software network card and the physical interface that is installed on the real machine (host). Open the "Advanced" link and you will have access to the advanced capabilities of the network adapter. In this article I will describe in detail all the settings in the order they appear, starting with setting the adapter type.

Adapter Type

The VirtualBox virtual machine has built-in software emulation of most of the most common types of network cards, for which drivers and protocols are created. The PCnet-FAST III card is the default choice, but in my practice I often choose the Intel PRO/1000MT. I do this if I need to best compatibility with hardware from Intel, which is installed on my computer. If you have problems setting up your network connection, you can try changing the adapter type by selecting a different one. For the most ancient equipment, the PCnet-FAST II network card is suitable.

Mode

The rather strange-sounding “Promiscuous Mode” is usually used to operate a VM as a virtual router on local networks; as a network bridge or host. In this mode, the virtual machine port is able to accept any packets sent to other operating systems; and even for the host. That is, they are accepted network packets, intended not only for this adapter, but also for other network devices. In 99% of cases ordinary users"Promiscuous mode" is not needed. It is used by network administrators to diagnose problems occurring on the network.

MAC Address

A MAC address (MAC is an abbreviation for Media Access Control) is a unique “name” of a device on a network that uniquely identifies and distinguishes it from other adapters and hosts. This address is registered for each network device at the physical level in the memory of the interface itself. When you create a virtual network adapter, VirtualBox automatically generates a MAC address for it.
If you need to change an existing MAC address, then there is a small button on the right that generates a new value. If you clone an existing virtual machine, you must create its own unique MAC address for it, which will be different from the address of the original machine.
The checkbox next to the words “Cable connected” performs the same role as connecting or disconnecting a physical cable in reality. This setting is responsible for connecting the virtual network adapter to the network.
This should not be confused with another more important setting, “Enable network adapter,” which enables or disables the adapter itself in the virtual machine.

The "Port Forwarding" button opens a dialog box in which the rules for traffic behavior on a specific adapter are configured; how certain types of traffic will move between the host and the guest virtual machine. These rules apply to network models, which will be discussed a little later. The network models themselves are defined on the "Connection Type" tab. This setup is the most difficult part of establishing connections in VirtualBox. She gave me the most problems in my experiments.

"Underwater rocks"

There are four types of network connection models and a large number of possible combinations of settings for these connections. In this regard, creating a network in VirtualBox is similar to medieval alchemy - everything here is so confusing and illogical. It would seem that if you follow the correct settings, you will quite easily get the desired result. However, there are several solutions to one problem, which will all be correct initially. But ultimately they will lead to you not achieving your goal. Believe me, I already know...

Network connection types

• VirtualBox has four ready-made models for connecting to the network:
• Network Address Translation (NAT), which is the default setting
• Network bridge (Bridged)

Virtual Host Adapter (Host Only) The "Not Connected" connection is also a network setting, but serves only one purpose - to determine possible problems

. In this mode, VirtualBox tells the guest operating system that the network card is present, but there is no connection to it.

Network Address Translation (NAT) The NAT protocol allows the guest operating system to access the Internet using a private IP that is not accessible from the external network or to all machines on the local physical network. Such network setup allows you to visit web pages, download files, view email
The principle of network address translation is as follows. When a guest OS sends packets to a specific address of a remote machine on the network, the NAT service running under VirtualBox intercepts these packets, extracts from them segments containing the address of the sending point (IP address of the guest operating system) and replaces them with IP host machine address. Then he repackages them and sends them to the specified address.
For example, on your home LAN, the host and other physical network devices have addresses in the range starting with 192.168.x.x. In VirtualBox, NAT adapters have IP addresses in the range starting with 10.0.2.1 and ending with 10.0.2.24. This range is called a sub-network. Typically, this range is not used to assign addresses to devices on the main network, so such a system is not accessible from the outside, from the host side. Guest OS can update software
and web surfing, but remains invisible to the rest of the “participants”.
The VirtualBox manual describes this point in more detail: "In NAT mode, the guest network interface is assigned a default IPv4 address from the range 10.0.x.0/24, where x denotes the specific address of the NAT interface, determined by the formula +2. Thus, x will be equal to 2 if there is only one active NAT interface. In this case, the guest operating system receives an IP address of 10.0.2.15, the network gateway is assigned an address of 10.0.2.2, and the name server (DNS) is assigned an address of 10.0.2.3." (Oracle Corporation, 2012, Chapter 9). The NAT protocol is useful when there is no difference in which IP addresses the guest operating systems on the virtual machine will use, since they will all be unique. However, if you need to configure redirection of network traffic, or expand the functionality of the guest OS by deploying a web server on it (for example), then additional settings are required. In NAT mode, features such as providing public access

Network Address Translation (NAT), which is the default setting

to folders and files.
The adapter in the "Network Bridge" mode connects, bypassing the host, to a device that distributes IP addresses within the local network for all physical network cards. VirtualBox connects to one of the installed network cards and transmits packets through it directly; This results in the operation of a bridge over which data is transmitted. As a rule, an adapter in the “Network Bridge” model receives a standard address from the 192.168.x.x range from the router. Therefore, a virtual machine on the network appears as if it were an ordinary physical device, indistinguishable from the rest.
Several network devices can be active simultaneously on a host; for example, my laptop has a wired connection (called eth0) and wireless connection(called wlan0). The "Name" field allows you to select which network interface you would like to use as a bridge on VirtualBox.
In my case, I use wireless adapter wlan0 since it is connected to the router. While wired interface eth0 doesn't even have a cable.

Therefore, my host is assigned the IP address 192.168.0.2 by the router. The virtual machine in Network Bridge mode is assigned the address 192.168.2.6. In this case, the fact that VirtualBox transmits and receives traffic as if “through” the host, bypassing it, does not matter. The result is that the virtual machine becomes just another computer on the local network. If I count my computer and three virtual machines (VMs) running in Network Bridge mode, then I have four computers on the physical local network.

Further more...

NAT is useful because it protects guest operating systems from the Internet. But in order to access them from the outside (and on some OSes I have installed web servers), you will need additional customization to redirect traffic. The Network Bridge connection type allows access to them, but the systems in this case become unprotected.
If your network access device (this could be a router, a network switch, or the settings provided by your Internet Service Provider) only allows you to provide one IP address per network interface, you may not be able to configure Network Bridge.

Virtual Host Adapter (Host-only)

With a Virtual Host Adapter connection, guest operating systems can communicate with each other as well as with the host. But all this is only inside the VirtualBox virtual machine itself. In this mode, the host adapter uses its own dedicated device called vboxnet0. A sub-network is also created for them and IP addresses are assigned. network cards guest operating systems. Guest operating systems cannot interact with devices located on the external network, since they are not connected to it through a physical interface. Virtual Host Adapter mode provides limited set services useful for creating private networks under VirtualBox for its guest operating systems.
Unlike other virtualization products, an adapter running under NAT in VirtualBox cannot act as a communication bridge between the default network device on the hosts. Therefore, direct access from the outside to machines “hidden” behind NAT is impossible - nor to the programs running on them; nor to data located on the hosts themselves. Let's look at the following example.

Typically, the host has its own network address, which is used to access the Internet. Typically this is 192.168.0.101. In Virtual Host Adapter mode, the host machine also acts as a VirtualBox router and has a default IP address of 192.168.56.1. An internal the local network, serving all guest operating systems configured for Virtual Host Adapter mode and visible to the rest of the physical network. The vboxnet0 adapter uses addresses from the range starting with 192.168.56.101. But if you wish, you can change the default address.
Like an adapter in Network Bridge mode, Virtual Host Adapter mode uses different address ranges. You can easily configure guests to obtain IP addresses using the built-in DHCP server of the VirtualBox virtual machine.
In addition, it must be said that in the “Virtual Host Adapter” mode, the network created by it does not have an external gateway to access the Internet, both for the host and for guest operating systems. It works only as a regular network switch, connecting the host and guest systems. Therefore, an adapter in Virtual Host Adapter mode does not provide Internet access to guest machines; vboxnet0 does not have a default gateway. Additional features This adapter greatly simplifies network setup between the host and guest OSes, but still lacks external access or port forwarding. Therefore, you may need a second adapter in Virtual Host Adapter or Network Bridge mode that connects to the guest operating system to receive full access To her.

Internal Network

If in practice you need to configure the relationship between several guest operating systems running on the same host and can only communicate with each other, then you can use the "Internal network" mode. Of course, you can use the "Network Bridge" mode for this purpose, but the "Internal Network" mode is more secure. In Network Bridge mode, all packets are sent and received through the physical network adapter installed on the host machine. In this case, all traffic can be intercepted (for example, by installing a packet sniffer on the host machine).

The internal network, according to the VirtualBox manual, is " software network, which may be visible to selectively installed virtual machines, but not to applications running on the host or on remote machines located externally." Such a network is a collection of a host and several virtual machines. But none of the above devices has an outlet via physical network adapter- it is completely software, used by VirtualBox as a network router. In general, the result is a private local network only for guest operating systems without Internet access, which makes it as secure as possible. A possible application for such a network is a top-secret server with clients intended for development; penetration testing of systems or any other purposes aimed at creating an internal network for development teams or organizations. This is an ideal way to block your environment from unauthorized installation of software, downloading or uploading files, or visiting services like Facebook during work hours.
So we've looked at Various types network connections. Each of them has its own settings and is designed for specific purposes.

Let's return to the moment where it all began - creating a virtual server to deploy CMS Wordpress on it and test it.

First, I need internet access from the guest system to install updates, download packages, and other similar tasks. I also need access to the Network from the host machine. But I don't need the server to be accessible from the external network.
I select the required virtual machine from the VirtualBox manager and then go to the "Settings - Network" menu.
I leave the default network adapter selected in NAT mode. This will allow the guests to access the Internet through the configured connection of the host on which these machines are installed. Guest systems are not visible from the outside on the local network; I also don't have access to any of the guest systems from the host side; similarly, guest systems cannot communicate with each other.

Configuring a Virtual Host Adapter

The easiest way is to use the adapter in the "Virtual Host Adapter" mode provided by VirtualBox by default. It is named vboxnet0.
You can add as many adapters of this type as you need (if you need to configure several separate “Virtual Host Adapter” networks). By opening the main window of the VirtualBox guest operating system manager and selecting "Settings - Network" in the menu, you can configure the existing vboxnet0 adapter or create several more similar ones (vboxnet1, vboxnet2).


Click on the "Edit" button - the icon with the image of a screwdriver (the third one from top to bottom). Clicking this icon will open the default settings. In them, the address 192.168.56.1 is the address through which guest systems access the host. I left it "as is" without changing it.

By default, the vboxnet0 adapter dynamically obtains an IP address during a connection session from a DHCP server. My Wordpress virtual web server requires that it have a static IP address. Therefore, on the “DHCP server” tab, I unchecked the “Enable server” checkbox. So my DHCP server is disabled.

Adding a Virtual Host Adapter
Therefore, in the guest system settings, I open the "Adapter 2" tab and set the "Connection Type" value to "Virtual Host Adapter". By default, the newly created adapter is named vboxnet0. "Promiscuous Mode" doesn't make a difference to me, so I leave it set to "Disable". I also leave the “Cable connected” message active.

Guest setup

I need the guest virtual server to have a static IP address on the network running in "Virtual Host Adapter" mode. Otherwise, the server address will change from session to session, every time you connect. I will be forced to solve the configuration problem again and again to connect to the host. Therefore, I go into the guest system, open a terminal in it and enter the following two commands in it:
ifconfig eth1 192.168.56.101 netmask 255.255.255.0 up These steps set the specified IP address for the adapter located in the guest system and start that network interface. This address uses the network prefix 192 for home networks, followed by .168 as the starting host ID address, .56 to set the sub-network address range; and finally the final ID.1 (host) for the network. The adapter in NAT mode is named eth0 , so it is logical to assume that the adapter in Virtual Host Adapter mode is named eth1 . I can use this IP address to test the guest from the host via SSH or browser.
However, these settings are temporary. If I reboot the system, they will all disappear without a trace. In order to make them permanent, you need to add (using the root account) the following lines to the /etc/network/interfaces file:
# The hostonly network interface auto eth1 iface eth1 inet static address 192.168.56.101 netmask 255.255.255.0 network 192.168.56.0 broadcast 192.168.56.255 Now, when you reboot, this network interface will start automatically. To check whether it has started, I use the ifconfig command, which I enter in the terminal of the guest operating system.

Naming

Since I am not very good with numbers and IP addresses, for myself I always use names for guest systems instead of assigning IP addresses to them. To do this, I edit the /etc/hosts file on the host machine and add links there. This way I can view running guests by their names.
I add the line to the /etc/hosts file:
192.168.56.101 ocelotsvr If I add several more guest systems from the network, then I just need to edit this file and add the required number of lines.

Thanks to this technique, I can easily access any of these systems.

Alternative route
Network experts may notice that in my configuration there is an alternate route to access the virtual server.
Using the default NAT adapter, I can run an additional configuration that will allow me to access the virtual server from the host without having to use the Virtual Host Adapter network setting.
Using the "Network Adapter" settings panel in the guest operating system, you can configure port forwarding in the VirtualBox virtual machine.
To do this, go to the NAT adapter settings (the button at the bottom of the window) to configure port forwarding. When you click on it, a dialog box will open in which forwarding rules are configured for this network adapter and guest system. I need to configure two rules; one to gain access to the Apache web server on the guest system, the second to throttle all other TCP traffic (mostly http requests). Without further ado, I named these rules Apache and TCP, respectively; both use the TCP protocol. In terms of port number bindings, port 8888 on the host redirects traffic to the guest system for

Apache server ; port 2222 on the host forwards traffic to port 22 located on the guest operating system; This setup gives me access to the guest system to manage its services. Any other traffic will be rejected by the virtual machine as not subject to the rules.

This means that any other guests I run in the virtual machine will not be able to connect to

virtual server , since there simply is no network route under NAT. 05/23/2017 Romchik

We need to add another virtual adapter (one already exists and is used to connect guest OSes to the Internet)

To do this we open VirtualBox settings

You can also configure a DHCP server.

Click "Ok". Now let's move on to setting up the virtual machine.

Setting up a network in a virtual machine.

Open the settings of our virtual machine.

Select “Network” and go to the “Adapter 2” tab

Turn on the network adapter. Then select the connection type “Virtual adapter” and select a name from the list. Click "Ok"

This completes the setup of the virtual machine. Let's start the car.

Setting up an Ubuntu guest

Open a terminal and enter the ifconfig command.

And so, the enp0s3 interface is used to access the Internet, and enp0s8 is used to connect the guest system to the host. Ok, let's set enp0s8 to a static IP. For example, 10.0.1.10.

Open sudo gedit /etc/network/interfaces

And we add:

Auto enp0s8 iface enp0s8 inet static address 10.0.1.10 netmask 255.255.255.0

We save and restart the network with the command:

Sudo /etc/init.d/networking restart

We wait and check, we will launch a ping to 8.8.8.8

Everything works great. Now let's check access from the host to the guest system. We start ping on 10.0.1.10

That's all.

Conclusion.

We have configured access to the guest system from the host, and there is access from the guest system to the Internet (via NAT)

In order not to miss the release of new articles, subscribe.

For each network interface, you can select the hardware that will be connected to the virtual machine. VirtualBox can emulate the following: network equipment:

AMD PCNet PCI II (Am79C970A);

AMD PCNet FAST III ( Am79C973, the default);

Intel PRO/1000 MT Desktop (82540EM);

Intel PRO/1000 T Server (82543GC);

Intel PRO/1000 MT Server (82545EM);

Paravirtualized network adapter (virtio-net).

The PCNet FAST III network card is installed by default because... it is supported by almost all operating systems, as well as the GNU GRUB boot manager.

And indeed, this card in NAT mode installed well and without problems in Windows 98:

PCNet FAST III network cardin NAT mode it can be installed well and without problems in Windows XP:

1.Network Address Translation (NAT)

Network Address Translation (NAT) mode provides the easiest way to access the external environment from a virtual machine. Typically, it does not require any host or guest configuration. Therefore he is network mode, configured by default.

A virtual machine with a network interface in NAT mode connects to the network, just like a real computer connects to the Internet through a router. The “router” in this case is the VirtualBox network module, which processes the network traffic of the virtual machine. The disadvantage of NAT mode, as in the case of a local network behind a router, is that the virtual machine is not accessible to the external network (Internet); you cannot process network requests until you configure port forwarding.

The virtual machine receives the network address and its other settings on the local network from DHCP server built into VirtualBox. Thus, an IP address is assigned to the virtual machine that is different from the network address of the host network. It is possible to configure the use of several network cards in a virtual machine in NAT mode, then the first card will belong to the local network 10.0.2.0, the second 10.0.3.0, etc.

In NAT mode, the guest's network interface is assigned by default an IPv4 address on the network 10.0.x.0/24, where x is equal to the sequence number of the virtual machine interface plus 2. That is, x is equal to 2 if there is only one active NAT interface. In this case, the guest is assigned an address 10.0.2.15 , the gateway address is set to 10.0.2.2 , and the name server (dns) 10.0.2.3 .

Indeed, practice has confirmed that with NAT mode in VirtualBox, the network in virtual Windows machines XP and Windows 98 configure themselves without any difficulties. It is enough to set the NAT mode when installing the system in the VirtualBox virtual machine and the network will be established. Also, the network can be installed without any problems if you connect the card after installing the operating system.

2. Run the ipconfig /all command for the NAT mode of virtual machines.

In Windows 98 the following network settings are:

VirtualBox allows virtual machines use network connections host system, and also create virtual networks for virtual machines.

By means GUI The user can configure up to 4 network adapters for each of the virtual machines registered in VirtualBox.

The procedure for setting up network interfaces is well described in the proprietary Oracle VM VirtualBox® user manual in English.

For each virtual machine, you can emulate up to 4 network adapters. Each of the network adapters can operate in one of 6 modes:

• Not connected. In this mode, the adapter is present in the guest system, but behaves as if the network cable was not included in it.
• NAT. In this mode, the adapter uses the network settings of the main system when interacting with the physical node network and other external networks. The VirtualBox network subsystem translates IP traffic with the source IP address of the virtual machine into traffic with the source address of the host system's network adapter (Network Address Translation). The implementation of NAT in VirtualBox has certain limitations related to support for the ICMP protocol, UDP broadcast traffic and virtual private network technologies. This mode is the default.
• Network bridge. In this mode, the VM network adapter connects to the host system network adapter and processes network packets directly, bypassing the host system network stack (the host system adapter works with the VM adapter in bridge mode).
• Internal network. Network adapters of Virtual machines are combined with each other into an isolated network segment.
• Virtual Host Adapter. A network that unites the host system and virtual machines included in this segment into a given segment. For this mode, VirtualBox creates a software network interface on the host system and sets an IP address on it.
• Universal driver. The user himself selects the network adapter driver, which may be included in VirtualBox or downloaded with an add-on package for VirtualBox. On this moment There are 2 drivers that implement 2 modes of operation of the virtual adapter:
• UDP Tunnel. A mode for connecting virtual machines running on different hosts. Works on existing network infrastructure.
• VDE(Virtual Distributed Ethernet). This mode can be used to connect distributed virtual machines to a Virtual Ethernet switch on Linux or FreeBSD hosts.

For each of the 4 network adapters of the virtual machine, you can choose one of 5 drivers emulating real network adapters from various equipment manufacturers or the Virtio-net driver, which is part of the open-source KVM project. The Virtio-net driver eliminates the complexity of network hardware emulation and improves network performance. Linux guest kernel versions 2.6.25 and older can support the Virtio-net adapter. For guest systems on Windows 2000, XP and Vista, the driver for the Virtio-net adapter can be

To get started, install any version of the VirtualBox virtual machine, starting with 3.0. And you will find in it approximately the same capabilities compared to those described in this article.

After installing the program, go to the “Settings - Network” menu. The appearance of the opened tab corresponds to the default settings. Any of the virtual machines can be configured to use four network adapters, depending on which one you need in a particular case. But most often in practice only one of them is required. Typically, when installing a virtual machine, a simple network adapter is created by default. This is enough to access the Internet.

Depending on your needs, you may need to create several network interfaces of different types. Or several devices of the same type, but with different settings. This may be required to use both physical and virtual network adapters in the virtual machine. It all depends on which ones are connected.

For my web server running on it CMS WordPress things are a little more complicated, so let's move on... The “Adapter Type” tab is responsible for configuring virtual hardware. VirtualBox copes well with the role of a link between the software network card and the physical interface that is installed on the real machine (host). Open the “Advanced” link and you will have access to the advanced capabilities of the network adapter. In this article I will describe in detail all the settings in the order they appear, starting with setting the adapter type.

Adapter Type

The VirtualBox virtual machine has built-in software emulation of most of the most common types of network cards, for which drivers and protocols are created. The PCnet-FAST III card is the default choice, but in my practice I often choose the Intel PRO/1000MT. I do this if I want the best compatibility with the Intel hardware I have on my computer. If you have problems setting up your network connection, you can try changing the adapter type by selecting a different one. For the most ancient equipment, the PCnet-FAST II network card is suitable.

Mode

The rather strange-sounding “Promiscuous Mode” is usually used to operate a VM as a virtual router in local networks; as a network bridge or host. In this mode, the virtual machine port is able to accept any packets sent for other operating systems; and even for the host. That is, network packets intended not only for this adapter, but also for other network devices are accepted. In 99% of cases, ordinary users do not need “Promiscuous Mode”. It is used by network administrators to diagnose problems occurring on the network.

MAC Address

A MAC address (MAC is an abbreviation for Media Access Control) is a unique “name” of a device on a network that uniquely identifies and distinguishes it from other adapters and nodes. This address is registered for each network device at the physical level in the memory of the interface itself. When you create a virtual network adapter, VirtualBox automatically generates a MAC address for it.
If you need to change an existing MAC address, then there is a small button on the right that generates a new value. If you clone an existing virtual machine, you must create its own unique MAC address for it, which will be different from the address of the original machine.

The checkbox next to the words “Cable connected” performs the same role as connecting or disconnecting a physical cable in reality. This setting is responsible for connecting the virtual network adapter to the network. This should not be confused with another more important setting “Enable network adapter”, which enables or disables the adapter itself on the virtual machine.

The “Port Forwarding” button opens a dialog box in which you can configure the rules for traffic behavior on a specific adapter; how certain types of traffic will move between the host and the guest virtual machine. These rules apply to network models, which will be discussed a little later. The network models themselves are defined on the “Connection Type” tab. This setup is the most difficult part of establishing connections in VirtualBox. She gave me the most problems in my experiments.

There are four types of network connection models and a large number of possible combinations of settings for these connections. In this regard, creating a network in VirtualBox is similar to medieval alchemy - everything here is so confusing and illogical. It would seem that if you follow the correct settings, you will quite easily get the desired result. However, there are several solutions to one problem, which will all be correct initially. But ultimately they will lead to you not achieving your goal. Believe me, I already know...

VirtualBox has four ready-made models for connecting to the network:

• VirtualBox has four ready-made models for connecting to the network:
• Network Address Translation (NAT), which is the default setting
• Network bridge (Bridged)

The “Not Connected” connection type is also a network setting, but serves only one purpose - identifying possible problems. In this mode, VirtualBox tells the guest operating system that the network card is present, but there is no connection to it.

. In this mode, VirtualBox tells the guest operating system that the network card is present, but there is no connection to it.

The NAT protocol allows the guest operating system to access the Internet using a private IP that is not accessible from the external network or to all machines on the local physical network. This network setup allows you to visit web pages, download files, and view email. And all this using the guest operating system. However, it is impossible for the outside to directly connect to such a system if it uses NAT.

The principle of network address translation is as follows. When a guest OS sends packets to a specific address of a remote machine on the network, the NAT service running under VirtualBox intercepts these packets, extracts from them segments containing the address of the sending point (IP address of the guest operating system) and replaces them with IP host machine address. Then he repackages them and sends them to the specified address.

For example, on your home LAN, the host and other physical network devices have addresses in the range starting with 192.168.x.x. In VirtualBox, NAT adapters have IP addresses in the range starting with 10.0.2.1 and ending with 10.0.2.24. This range is called a sub-network. Typically, this range is not used to assign addresses to devices on the main network, so such a system is not accessible from the outside, from the host side. The guest OS can perform software updates and web surfing, but remains invisible to other “participants”.

The VirtualBox manual describes this point in more detail:

“In NAT mode, the guest network interface is assigned by default an IPv4 address from the range 10.0.x.0/24, where x denotes the specific address of the NAT interface, determined by the formula +2. Thus, x will be equal to 2 if there is only one active NAT interface. In this case, the guest operating system receives an IP address of 10.0.2.15, the network gateway is assigned an address of 10.0.2.2, and the name server (DNS) is assigned an address of 10.0.2.3.” (Oracle Corporation, 2012, Chapter 9).

The NAT protocol is useful when there is no difference in which IP addresses the guest operating systems on the virtual machine will use, since they will all be unique. However, if you need to configure redirection of network traffic, or expand the functionality of the guest OS by deploying a web server on it (for example), then additional settings are required. In NAT mode, features such as sharing folders and files are also not available.

Network Address Translation (NAT), which is the default setting

In a “Network Bridge” connection, the virtual machine works the same as all other computers on the network. In this case, the adapter acts as a bridge between the virtual and physical networks. On the external network side, it is possible to directly connect to the guest operating system.

The adapter in “Network Bridge” mode connects, bypassing the host, to a device that distributes IP addresses within the local network for all physical network cards. VirtualBox connects to one of the installed network cards and transmits packets through it directly; This results in the operation of a bridge over which data is transmitted. As a rule, an adapter in the “Network Bridge” model receives a standard address from the 192.168.x.x range from the router. Therefore, a virtual machine on the network appears as if it were an ordinary physical device, indistinguishable from the rest.

Several network devices can be active simultaneously on a host; For example, my laptop has a wired connection (called eth0) and a wireless connection (called wlan0). The “Name” field allows you to select which network interface you would like to use as a bridge on VirtualBox.

In my case, I am using the wlan0 wireless adapter since it is connected to the router. While the wired interface eth0 does not even have a cable.

Therefore, my host is assigned the IP address 192.168.0.2 by the router. The virtual machine in the “Network Bridge” mode is assigned the address 192.168.2.6. It does not matter that VirtualBox transmits and receives traffic as if “through” the host, bypassing it. The result is that the virtual machine becomes just another computer on the local network. If I count my computer and three virtual machines (VMs) running in “Network Bridge” mode, then I have four computers on a physical local network.

NAT is useful because it protects guest operating systems from the Internet. But in order to access them from the outside (and on some OSes I have web servers installed), additional configuration will be required to redirect traffic. The “Network Bridge” connection type allows you to access them, but in this case the systems become unprotected.

If your network access device (this could be a router, network switch, or settings provided by your Internet Service Provider) only allows you to provide one IP address per network interface, you may not be able to configure Network Bridge.

Virtual Host Adapter (Host-only)

With a “Virtual Host Adapter” connection, guest operating systems can communicate with each other, as well as with the host. But all this is only inside the VirtualBox virtual machine itself. In this mode, the host adapter uses its own dedicated device called vboxnet0. It also creates a sub-network and assigns IP addresses to the network cards of guest operating systems. Guest operating systems cannot interact with devices located on the external network, since they are not connected to it through a physical interface. The “Virtual Host Adapter” mode provides a limited set of services useful for creating private networks under VirtualBox for its guest operating systems.

Unlike other virtualization products, an adapter running under NAT in VirtualBox cannot act as a communication bridge between the default network device on the hosts. Therefore, direct access from the outside to machines “hidden” behind NAT is impossible - nor to the programs running on them; nor to data located on the hosts themselves. Let's look at the following example.

Typically, a host has its own network address, which is used to access the Internet. Typically this is 192.168.0.101. In “Virtual Host Adapter” mode, the host machine also acts as a VirtualBox router and has a default IP address of 192.168.56.1. An internal local network is created that serves all guest operating systems configured for Virtual Host Adapter mode and visible to the rest of the physical network. The vboxnet0 adapter uses addresses from the range starting with 192.168.56.101. But if you wish, you can change the default address.

Like an adapter in Network Bridge mode, Virtual Host Adapter mode uses different address ranges. You can easily configure guests to obtain IP addresses using the built-in DHCP server of the VirtualBox virtual machine.

In addition, it must be said that in the “Virtual Host Adapter” mode, the network created by it does not have an external gateway to access the Internet, both for the host and for guest operating systems. It works only as a regular network switch, connecting the host and guest systems. Therefore, an adapter in “Virtual Host Adapter” mode does not provide Internet access to guest machines; vboxnet0 does not have a default gateway. Additional features for this adapter greatly simplify network setup between the host and guest OSes, but there is still no external access or port forwarding. Therefore, you may need a second adapter in “Virtual Host Adapter” or “Network Bridge” mode that connects to the guest operating system to gain full access to it.

Internal Network

If in practice you need to configure the relationship between several guest operating systems running on the same host and that can only communicate with each other, then you can use the “Internal Network” mode. Of course, you can use the “Network Bridge” mode for this purpose, but the “Internal Network” mode is more secure. In Network Bridge mode, all packets are sent and received through the physical network adapter installed on the host machine. In this case, all traffic can be intercepted (for example, by installing a packet sniffer on the host machine).

An internal network, according to the VirtualBox manual, is “a software network that can be visible to selectively installed virtual machines, but not to applications running on the host or on remote machines located externally.” Such a network is a set of a host and several virtual machines. But none of the above devices have access through a physical network adapter - it is completely software, used by VirtualBox as a network router. In general, the result is a private local network only for guest operating systems without Internet access, which makes it as secure as possible. A possible application for such a network is a top-secret server with clients intended for development; penetration testing of systems or any other purposes aimed at creating an internal network for development teams or organizations. This is an ideal way to block your environment from unauthorized installation of software, downloading or uploading files, or visiting services like Facebook during work hours.

So we've looked at the different types of network connections. Each of them has its own settings and is designed for specific purposes.