How is it possible for a host-only VM to have internet through a host only network adapter?

This is for discussing general topics about how to use VirtualBox.
Post Reply
jefazo92
Posts: 19
Joined: 3. Mar 2022, 16:00

How is it possible for a host-only VM to have internet through a host only network adapter?

Post by jefazo92 »

For a program I'm installing on the host machine, which requires results from a VM, I need to set my VM (https://utopianknight.com/malware/cucko ... ubuntu-20/) as host-only. Normally, host-only should have no internet, however, in the tutorial I need to follow some steps to give internet access to the VM:
vboxmanage hostonlyif create

vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1
The vboxnet I/F is then selected for the VM. Now using iptables, the following network forwarding rules are set up to provide internet connection to the VM:
sudo iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT

sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Now, IP forwarding in the kernel so that these settings are set to Active (required for WWW Internet access):
echo 1 | sudo tee -a /proc/sys/net/ipv4/ip_forward

sudo sysctl -w net.ipv4.ip_forward=1
My questions are:

1. I would like to know what is going on here exactly and how do these rules allow a host-only VM to have internet when, otherwise, it shouldn't.

2. I have another VM configured with bridged networking. My host is able to ping my host-only VM, but my bridged VM is not able to ping the host only VM even though both host machine (not host VM) and the bridged VM are in the same subnet. Therefore why can't the bridged VM ping the host-only VM? Why do I need to add the host-only interface (vboxnet0) as a 2nd interface to my bridge VM so it can ping the host-only VM?

I would really appreciate it if someone could clarify this to me. Thank you in advance.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: How is it possible for a host-only VM to have internet through a host only network adapter?

Post by scottgus1 »

jefazo92 wrote:I would like to know what is going on here exactly and how do these rules allow a host-only VM to have internet when, otherwise, it shouldn't.
You're using Host-Only in a way for which it was not designed (as implied in the name :D ). So all that iptables & sysctl stuff is Linux wizardry that's beyond Virtualbox. You might get a Linux guru to explain what it all does, but it should be the same concept as if you had a Linux PC with two network adapters: one attached to an internet-connected LAN and the other to a different separate network, and Linux forwards the internet to the separate network.
jefazo92 wrote:why can't the bridged VM ping the host-only VM?
See above about going beyond Virtualbox's intended usage. In the real Linux PC example above, if another computer attached to the internet LAN could be connected to the separate network through more Linux wizardry, such should be possible with the Linux commands available to use on the Host-Only adapter. Virtualbox doesn't provide such commands.
jefazo92 wrote:both host machine (not host VM) and the bridged VM are in the same subnet
The real question is, are the host machine and Bridged VM in the same subnet as the Host-Only VM? If not, and it's likely not, have you applied more Linux wizardry to pass full LAN traffic, not just internet, into Host-Only?

Also, are all OS's firewalls open to ping (ICMP Echo Request)?

A Linux forum or tutorial may help: How to take an internet-connected LAN with a couple of PCs, one of which has another network adapter connected to another completely separate network with a third PC on it, then connect the two networks together.
Post Reply