VirtualBox Guest VM with NAT

Posted on Sat 28 April 2018 in linux

By default VirtualBox will create a NAT network interface each time a new VM is created. As a result, the guest VM will reside in a private network that differs from the one the host is living in. This enables the guest VM to access the Internet, but a direct communication between the guest VM and the host machine is not possible. So the question arises how the guest VM can be access from the host machine?

In this scenario there are basically two simple options to access the guest VM, that is using NAT, from the host machine:

  1. Port forwarding
  2. Second Host-only network interface

Both options are discussed in the following.

Port Forwarding

In this context, the idea of port forwarding is to redirect any communication request on a specific port of the host machine to another port of the guest VM. For example, the unused port 2222 of the host machine can be forwarded to port 22 of the guest VM to expose a running ssh server.

To this end, the following steps are required:

  • Open the VirtualBox main window, select the guest VM you want to forward a port to and select the Settings button from the main toolbar.
  • Choose Network from the list on the left and select the first network adapter tab that is attached to NAT (by default the Adapter 1 should already be selected)
  • Click on Advanced to expand the settings dialog, then click on the Port Forwarding button to open the Port Forwarding Rules dialog.
  • Click the upper right + button to add a new forwarding rule and enter the following details:
    • Name: ssh
    • Protocol: TCP
    • Host IP: 127.0.0.1 (to allow only connections from your host, leave empty otherwise)
    • Host Port: 2222
    • Guest IP: leave empty
    • Guest Port: 22
  • Click the OK button and again OK to confirm the changes to your VM.
  • To apply the changes, shutdown and restart the modified VM.

As a result, a new forwarding rule has been set up that says:

"If there is an incoming TCP connection on the host's TCP port 2222, forward it to the guest's TCP port 22".

On the host, make sure that the port forwarding has been set up correctly:

netstat -l | grep 2222

If the result shows a listening 2222 port everything should be fine, so a simple ssh login should be working:

ssh user@127.0.0.1 -p 2222

The setup with port forwarding is pretty straight forward; however, the disadvantage of this approach is that the same procedure must be repeated for each service that should be exposed as well as for each VM that should be accessed. Apart from that you need to keep track of the assigned ports on the host machine.

Second Host-only Network Interface

An alternative to the port forwarding approach, is to create a second network adapter that operates in Host-only mode. The new adapter will create a new loopback interface on the host that can be used to access the guest VM via a separate IP.

Before a host-only adapter can be assigned to VM, a corresponding network interface must be created on the host. To this end, the following steps are required:

  • Open the VirtualBox main window, and select File->Preferences to open the general VirtualBox preferences.
  • Select Network from the list on the left side and switch to the Host-only Networks tab on the right side.
  • Click on the + button on the right to create a new host-only network. A vboxnet0 adapter should appear in the list. Confirm the creation of the new network device by clicking the OK button.

To setup a second network interface in a VM, the following steps are required:

  • Open the VirtualBox main window, select the guest VM you want to add a second interface to and shut it down.
  • Then, select the Settings button from the main toolbar and choose Network from the list on the left.
  • Select the tab of the second network adapter Adapter 2 and enable it by checking the corresponding checkbox.
  • Select Host-only Adapter from the Attached to listbox and confirm its creation by clicking the OK button.
  • To apply the changes, start the modified VM.

In the guest VM check the creation of the second interface, e.g.:

sudo ip a

Make sure that the new network device will get an IP assigned, e.g. by calling dhclient. When using DHCP normally an IP address, such as 192.168.56.101, will be assigned.

On the host, the VM should now be reachable via the new assigned IP address:

ssh user@192.168.56.101

Using the host-only network interface variant each VM is reachable by the host system via its own IP address, which enables a nice separation of VMs.

linux debian stretch virtualbox NAT