VirtualBox networking explained virtualbox networking

VirtualBox networking explained

July 27, 2018 Virtualization and Oracle VM 10 Comments

VirtualBox networking is extremely flexible. With this flexibility comes the challenge of making the correct choices. In this blog, the different options are explained and some example use cases are elaborated. Access between guests, host and other members of the network is explained and the required configuration is shown. This information is also available in the following presentation.

VirtualBox networking explained virtualbox networking overview

Networking options

Internal network

VirtualBox networking explained virtualbox internal network

Overview

VirtualBox makes available a network interface inside a guest. If multiple guests share the same interface name, they are connected like a switch and can access each other.

Benefits

  • Easy to use. Little configuration required
  • No VirtualBox virtual host network interface (device + driver) required
  • Guests can access each other
  • Secure (access from outside the host is not possible)

Drawbacks

  • The host can’t access the guests
  • Guests can’t access the host
  • Guests can’t access the internet
  • The VirtualBox internal DHCP server has no GUI support, only a CLI

Configuration

VirtualBox networking explained virtualbox internal network configuration

NAT

VirtualBox networking explained virtualbox nat

Overview

VirtualBox makes available a single virtual isolated NAT router on a network interface inside a guest. Every guest gets his own virtual router and can’t access other guests. DHCP (Dynamic Host Configuration Protocol) requests on the interface are answered with an IP for the guest and address of the NAT router as gateway. The DHCP server can be configured using a CLI (no GUI support). The NAT router uses the hosts network interface. No specific VirtualBox network interface needs to be created. External parties only see a single host interface. The NAT router opens a port on the hosts interface. The internal address is translated to the hosts IP. The request to the destination IP is done. The response is forwarded back towards the guest (a table of external port to internal IP is kept by the router). Port mappings can be made to allow requests to the host on a specific port to be forwarded to the guest.

Benefits

  • Easy to use. Little configuration required
  • Isolated. Every guest their own virtual router
  • No VirtualBox virtual host network interface (device + driver) required
  • Internet access
  • Fixed IP possible

Drawbacks

  • Guests can’t access each other or the host
  • The virtual NAT router DHCP server can be configured using a CLI only
  • To access the guest from the host requires port forwarding configuration and might require an entry in the host’s hosts file for specific web interfaces

Configuration

VirtualBox networking explained virtualbox nat configuration

NAT network

VirtualBox networking explained virtualbox nat network

Overview

VirtualBox makes available a virtual NAT router on a network interface for all guests using the NAT network. Guests can access each other. The NAT network needs to be created. DHCP (Dynamic Host Configuration Protocol) requests on the interface are answered with an IP for the guest and address of the NAT router as gateway. The DHCP server can be configured. The NAT router uses the hosts network interface. No specific VirtualBox network interface needs to be created. External parties only see a single host interface. The NAT router opens a port on the hosts interface. The internal address is translated to the hosts IP to a specific port per host. The request to the destination IP is done. The response is forwarded back towards the guest (a table of external port to internal IP is kept by the router). Port mappings can be made to allow requests to the host on a specific port to be forwarded to a guest.

Benefits

  • Guests can access each other
  • No VirtualBox virtual host network interface (device + driver) required
  • DHCP server can be configured using the GUI
  • Internet access
  • Fixed IP possible

Drawbacks

  • To access the guest from the host requires port forwarding configuration and might require an entry in the hosts hosts file for specific webinterfaces
  • Requires additional VirtualBox configuration to define the network / DHCP server

Configuration

VirtualBox networking explained virtualbox nat network configuration

Host only

VirtualBox networking explained virtualbox host only

Overview

VirtualBox creates a host interface (a virtual device visible on the host). This interface can be shared amongst guests. Guests can access each other. DHCP (Dynamic Host Configuration Protocol) requests on the interface are answered with an IP for the guest and address of the Host only adapter. The DHCP server can be configured using the VirtualBox GUI The virtual host interface is not visible outside of the host. The internet cannot be accessed via this interface from the guest. The host can access the guests by IP. Port mappings are not needed.

Benefits

  • Guests can access each other
  • You can create separate guest networks
  • DHCP server can be configured using the GUI
  • Fixed IP possible

Drawbacks

  • To access the guest from the host requires port forwarding configuration and might require an entry in the hosts hosts file for specific webinterfaces
  • Requires additional VirtualBox configuration to define the network / DHCP server
  • VirtualBox virtual host network interface (device + driver) required
  • No internet access

Configuration

VirtualBox networking explained virtualbox host only configuration

Bridged

VirtualBox networking explained virtualbox bridged

Overview

The guest uses a host interface. On the host interface a net filter driver is applied to allow VirtualBox to send data to the guest. This requires a so-called promiscuous mode to be used by the adapter. Promiscuous mode means the adapter can have multiple MAC addresses. Most wireless adapters do not support this. In that case VirtualBox replaces the MAC address of packages which are visible to the adapter. An external DHCP server is used. Same way the host gets its IP / gateway. No additional configuration required. It might not work if the DHCP server only allows registered MACs (some company networks) Easy access. The guest is directly available from the network (every host) the host is connected to. Port mappings are not required. The host can access the guests by IP. Guests can access the host by IP.

Benefits

  • Guests can access each other
  • Host can access guests and guests can access the host. Anyone on the host network can access the guests
  • No virtual DHCP server needed
  • Easy to configure / use
  • Same access to internet as the host has

Drawbacks

  • Guests can’t be split into separate networks (not isolated)
  • Sometimes doesn’t work; dependent on external DHCP server and ability to filter packets on a host network interface. Company networks might block your interface
  • No easy option for a fixed IP since host network is a variable
  • Not secure. The guest is exposed on the hosts network

Configuration

VirtualBox networking explained virtualbox bridged configuration

Use cases

Case 1: ELK stack

I’m trying out the new version of the ELK stack (Elasticsearch, Logstash, Kibana)

Requirements:

  • I do not require internet access inside the guest
  • I want to access my guest from my host
  • I do not want my guest to be accessible outside of my host
  • I do not want to manually configure port mappings

Solution: Host only adapter

Case 2: SOA Suite for security workshop

I’m using Oracle SOA Suite for a security workshop. SOA Suite consists of 3 separate VMs, DB, Admin Server, Managed Server

Requirements:

  • The VMs require fixed (internal) IPs
  • The VMs need to be able to access each other
  • Course participants need to call my services from the same network
  • I only want to expose specific ports

Solution: NAT + Host only (possibly NAT network)

Case 3: VM for distribution during course

I’ve created an Ubuntu / Spring Tool Suite VM for a course. The VM will be distributed to participants.

Requirements:

  • The VM to distribute requires internet access. During the course several things will need to be downloaded
  • I am unaware of the VirtualBox created interfaces present on the host machines and don’t want the participants to manually have to select an adapter
  • I want the participants to do as little networking configuration as possible. VirtualBox networking is not the purpose of this course.

Solution: NAT

Case 4: Server hosting application

I’ve created a server inside a VM which hosts an application.

Requirements:

  • The MAC of the VM is configured inside the routers DHCP server so it will always get the same IP. Use the external DHCP server to obtain an IP
  • The application will be used by (and thus needs to be accessible for) different people on the network.
  • The application uses many different ports for different features. These ports change regularly. Some features use random ports. Manual port mappings are not an option
  • The application accesses different resources (such as a print server) on the hosts network

Solution: Bridged

Related Posts

Tags:, , , , , , , , , , ,

About The Author

Maarten Smeets

Maarten is a Software Architect at AMIS Conclusion. Over the past years he has worked for numerous customers in the Netherlands in developer, analyst and architect roles on topics like software delivery, performance, security and other integration related challenges. Maarten is passionate about his job and likes to share his knowledge through publications, frequent blogging and presentations.

10 Comments

  1. Robert Rodriguez Jr February 9, 2022

    Hi,

    I am trying to emulate 5 separate hosts on the same network. I have 5 NICs, one for each VM. I want each VM to talk to the other VMs as well as any device on the NIC assigned to each VM. They don’t need to talk to the host’s NIC network.

    I was successful in having each VM talk to the network the NIC was assigned to on the VM. But the VMs cannot talk to each other. I thought using Bridged Adapter would work and it does allow each VM to talk to other devices on the network but not to the other VMs.

    Is there something on Virtualbox that I am missing? I tried all forms of Promiscuous Mode with no change in behavior.

    Thanks

  2. Daxesh November 27, 2021

    in oracle virtualbox i have configured as NAT with two windows server guest installed but still guests are able to access eachother with same network data on both guest machines

  3. Leo June 12, 2020

    I dont quite understand this about nat network:
    The NAT router opens a port on the hosts interface. The internal address is translated to the hosts IP to a specific port per host. The request to the destination IP is done. The response is forwarded back towards the guest (a table of external port to internal IP is kept by the router). Port mappings can be made to allow requests to the host on a specific port to be forwarded to a guest.

    Can you elaborate ?

  4. Craige May 20, 2020

    Perfect, thanks!

  5. Mikael Fransson November 19, 2019

    Hi! Good overview but it’s a little confusing on the NAT description as you use a guest IP that’s not the default on a Virtualbox install unless you customize the install via the CLI. The default ip for the first NIC is 10.0.2.15. Using the 192.168.0.8 and 192.168.0.9 in your example is a bit misleading. Using NAT all NAT guests also have the same default 10.0.2.15 address as they are in thier own isolated subnets.

    Thanks
    Mikael

  6. Gary McCaskill October 16, 2019

    Thank you very much for this post. It was just what I needed to configure a Windows 7 guest on Mac OS Catalina to access another Windows 7 system on my LAN.

  7. Ahmad July 22, 2019

    This is very comprehensive explanation of how VirtualBox handles different situations. Thank you for this great article.

  8. Doctor99 June 16, 2019

    When you say “the hosts hosts file”, I think it would be clearer if you were to use the apostrophe by saying “host’s hosts file”, if that is what you actually mean.

  9. navr February 22, 2019

    Hi,

    on my LAN, only 1 IP address is allowed on the host. I have a web app running in the ubuntu guest where I configured a static ip address 192.168.56.102 in /etc/network/interfaces. The web server application runs on the port 3000, while four client web applications run on ports 3006, 3007, 3008, 3009 (these are injected into the browser when Browser access them from either Host or from LAN). Web server application on port 3000 also establishes a Websocket (over http) to each Browser session for notifications.

    I installed nginx on the Host (Windows 10) so that users from LAN can access web apps by entering the hostname of my host. nginx proxy rule then forwards the request to that 192.168.56.102 address in the Guest ubuntu.
    I configured 3 adapters in VirtualBox: NAT with port forwarding (from 127.0.0.1 to 192.168.56.102, for each of 3006/3007/3008/3009 ports) plus Host-only adaptor plus Bridged adaptor. For each adaptor I allow All access.

    But everything works only when I access apps from my Host and if Websocket URL in the app is configured for localhost or for 192.168.56.102. When I first access the web app by entering Host hostname:3006, nginx translates that to 192.168.56.102 and the page is rendered. The page itself has a field for Websocket URL and if that field is also Host hostname, then that part of the web app will not work i.e. socket cannot bind. Only when I change manually the URL of the Websocket to localhost, everything works, but in that case users from LAN cannot use the app as they only see Host hostname.

    What would be best way to configure VirtualBox for this scenario?

  10. Chang Broot February 17, 2019

    Thanks for this great post. I’m trying to build a VirtualBox lab with a Domain Controller (+ DNS + DHCP), SCCM Server, and a Win 10 client so that they can talk to each other on a separate network but at the same time can access the internet. Currently I’m using pfSense, but I am wondering if it’s possible without a third party software.