Monday, 18 June 2012

How-to: VirtualBox Networking Part Two - NAT and Bridged

Fiber Optic Cable, Creative Commons
This all started when I needed to run a sandboxed instance of Wordpress and thought a virtual Ubuntu 11.10 server would the simple answer under VirtualBox. It is - provided you understand how to network virtual machines in that environment. That includes a basic understanding of what is an IP, or network, address.

Last time, we ran through the Network Adapter options available to our guest machine, except the most important one...

The most interesting option is Attached to. This determines how your virtual network adapters, sitting on your virtual network inside VirtualBox, will interface with existing physical hardware.

'Here be dragons'
There are four types of network attachment available, and many possible combinations of settings across the other controls. This is where VirtualBox networking can seem like medieval sorcery. Following through the right selection for your given purpose can be simple. There may even be multiple right answers to achieve your goal. But everything else looks doomed to failure: I know...  

Attached to Network types
We have four workable options here:
  • Network Address Translation (NAT), which is the default,
  • Bridged,
  • Internal network
  • Host Only.
'Not attached' is also a type, but for the purpose of keeping an adapter in place for troubleshooting. In this mode, VirtualBox reports to the guest that a network card is present, but that there is no connection.
  
NAT setup in VirtualBoxNetwork Address Translation (NAT) NAT enables the guest machine to see out onto the Internet, but via a private IP address that cannot be seen from the host, or indeed, the rest of your physical network. It will allow you to browse the web, download files and view e-mail inside the guest, but the outside world will never be able to communicate with the guest machine directly.

When a guest machine sends an IP packet to some remote machine, the VirtualBox NAT service will intercept the packet, extracts the TCP/IP segments, change the IP address to the IP address of the host machine, then send it. The outside world only sees the IP address of the host machine. Replies are received by the host machine and sent on to the Guest Machine.

For example, on your home network, your host and other physical machines will typically have addresses starting in the 192.168.x.x range. In VirtualBox, NAT adapters will be begin at 10.0.2.1, incrementing addresses up to 10.0.2.24 in what's called a sub-net. This is not usually routed onto the main network, so this sub-net will be inaccessible from your host. Your guest is able to see out onto the Internet for software updates and web-surfing, but is invisible to the rest of your network.

The VirtualBox manual is a little more explicit:
"In NAT mode, the guest network interface is assigned to the IPv4 range 10.0.x.0/24 by default where x corresponds to the instance of the NAT interface +2. So x is 2 when there is only one NAT instance active. In that case the guest is assigned to the address 10.0.2.15, the gateway is set to 10.0.2.2 and the name server can be found at 10.0.2.3."


NAT is useful when you don't really care what IP addresses your guest machines use so long as they are individual. You will need to do more configuration when you need to forward traffic or expose services like a web-server to the outside world. Nor can you enable file and folder sharing over the network.  

Bridged steup on VirtualBoxBridged Adapter
Under the Bridged Adapter, your virtual machines behave as any other computer on the network where the hosting system resides; it bridges the virtual and physical networks. The outside world can directly communicate with the guest machine.

The Bridged Adapter connects through the host to whatever is your default network device that allocates IP addresses for your physical network. VirtualBox connects to one of your installed network cards and exchanges network packets directly; it bridges the virtual and physical networks. In normal use it will try to get a standard 192.168.x.x IP address from your router, so that your virtual machine can look like a perfectly respectable physical device alongside all the other iron-mongery on your network.

You may have more than one active network device available to your host, for example, my laptop has a wired ethernet port (called eth0) and a wireless card (called wlan0). The Name options allows you to choose which one you want to bridge with VirtualBox.

In my case, I use the Wireless adapter wlan0, because that is connected to the router, while eth0 doesn't even have a cable.

So my host connects as 192.168.0.2, allocated by the router. My bridged virtual machine pops up and requests its own IP address which the router allocates as 192.168.2.6, neither knowing nor caring that VirtualBox is handling the pass-through of traffic via the host. My virtual machines become just another device on the local network; if I count my host and three VM's under Bridged, then I have four machines visible on my physical network.  

Come here, there's more...
NAT is useful because it protects our guest systems from the Internet at large; but in order to access the them, we need to set up port forwarding to access the guests from the host (I have servers on some of my guests). Bridged Networking allows access, but the guests are exposed.

If your network access device (be it a router, switch, or hard configuration by your ISP) will not allocate more than one IP address, you probably can't use Bridged networking.

We'll take a look at the other two networking types in VirtualBox next time. RC

Image credit: Fiber Optic Cable, Creative Commons