Understanding Virtualbox network interfaces Rumi, March 17, 2016 To create and experiment with all kinds of networks without the risk (or taking the trouble) of creating an actual one. And here is where VirtualBox excels by providing several options for networking out of the box. VirtualBox installs an additional NIC (Network Interface Card) on your host computer to identify itself while communicating with the guest. By default the host gets an IP address of 192.168.56.1. You can change the network modes, IP and other network settings by right-clicking your virtual machine on the left and clicking Settings. These are the networking modes that work with VirtualBox guest computers: NAT (Default) Host-only Network (Most secure) Bridged Network (Least secure) Internal-Network (Betweeen guests only) Not Attached (No connectivity, guest isolated) NAT: By default, the networking mode for your virtual machine is NAT (Network Address Translation) mode. This works something like this: Assume that on your laptop, you are accessing internet through a router (typical in most home or wifi network scenarios). NAT works in the same way. This is a very secure way to access a network. In this case, your Guest computer sits behind the VirtualBox router. It can even access internet from through the host computer’s modem or LAN. However it is completely hidden from the rest of your network and the host computer thanks to the VirtualBox router-cum-firewall. Any traffic coming from the guest computer will be seen as originating from your host computer. Host-only Network: This is the second mode allowed by VirtualBox. Obviously, this is the most secure method among the three as there the “virtual-cable” is just laid between the guest and host computers, no other computer on the network will be visible to the guest. Think of this as a peer-to-peer computers between any two computers on a LAN: In this case, the guest is actually (or rather “virtually”) cut off from the rest of the world, except the host computer. In this case, if you want to provide internet connectivity to the guest, you will have to turn your host into a proxy server. Then the guest can indirectly access the internet through your guest’s proxy server. This scenario is very useful when say, you are developing a proxy server and you want to test it. Other scenario is when you don’t need network in the guest at all. Of course, VirtualBox also provides an additional “Not Attached” mode if you want to totally isolate your guest from even the host computer too. Bridged-Network: This is the preferred mode to establish full-fledged networking on your guest. In this case, your guest actually becomes a peer on your network. All other computers can “see” the guest as a different peer from the host. In other words, it is as good as setting up another peer with network and cabling on your LAN. VirtualBox achieves this by “sniffing” the incoming network packets on all your NICs directed at the guest, and in-turn “injecting” packets that are send by the guest to other peers: Be warned however, that this mode is the least secure way to connect the guest, and use it only when you know what you are doing, and you really need to. Use the NAT mode as far as possible. I’ve myself never yet found a use for this mode. Especially, when you are connecting to the Internet without a proxy, remember that you are connecting directly without a router in between. In this case, you need a firewall which is quite strong. The Windows built-in firewall is preferred for windows guests which is on by default. On RHEL-like system such as Fedora or CentOS, there is a built-in firewall that you have to initially configure. Similarly on debian based systems like Ubuntu and MintOS, there is the ufw package which stands for “Uncomplicated firewall”. Internal-Network: If, for some reason, you want all or some guests to internally communicate, while still keeping them isolated from host and the rest of your network, VirtualBox provides this mode out of the box: Just set this mode for those guests you want to keep internally connected. By default all guests are assigned a dynamic IP address in the range of 10.0.2.0 (in all modes) by the built-in DNS servers in the VirtualBox. You will not want to change this to a static IP-address unless you have a specific reason to do so. Also, remember to keep all guests that you want internally connected in the same domain (for linux or Win-Server hosts), or the same workgroup (Windows hosts). Not Attached: Finally, there is the mode for complete isolation, wherein the “virtual-cable” is as good as non-existent between the guest and host. In this mode, there is zero connectivity between your guest and host: However, do remember that the guest can still access your CD-drive or an ISO depending on your setup. There is also a feature for “Shared Folders” which you can set in the virtual machine’s “Shared Folders” settings. When you map a folder on your guest, you have the option to “auto-mount” it when your gust starts. For example, you have shared your host machine’s C:\library folder as and mapped as library folder in guest. When your linux guest starts, it will be automatically mounted as “/media/sf_library” by default. Hopefully, the above instructions should suffice. However, with the complexity involved in Virtualization, there is a big chance that anything has gone wrong or some components did not work as expected. In that case these are the holy sites to visit: Administrations Virtualbox virtualbox