Network address translation (NAT) explain like I'm 5 (ELI5)

[cluelesscoder]

After reading https://www.virtualbox.org/manual/ch06.html#network_nat I still don't exactly get it. Never been a network expert.

netstat -r -n shows that the default gateway is 10.0.2.2. traceroute shows that it hits that and then 172.16.10.1 - which is the same hop that my host machine takes.

So I get that 10.0.2.2 points to the host machine, but how? is that configured or is that inside the black box of virtualbox?

[scottgus1]

NAT, and its cousin "NAT Network", act like house routers.

A standard home router you buy off the internet or from the big-box electronics store in your area separates your house network from the internet. The internet side connects to the "WAN" (Wide Area Network), and the computers in your house connect to the "LAN" (Local Area Network). The LAN often includes a Wi-Fi access point too. Network traffic that originates from your computers gets out to the internet and the internet and the computers can talk freely. Network traffic originating from the internet, like remote desktop attempts, tests to see if you have a website running, etc., are stopped by the router, unless you have forwarded a "port" (a numbered access point for traffic to go through) to a particular computer in your house network through the router's firewall. See the Wikipedia article.

Virtualbox's NAT and "NAT Network" do the same thing between your host PC's network traffic and the guest OS. They translate traffic attempting to come to the guest from your host's network adapter(s), while putting up a firewall between the host's network and the guest that you can port-forward through. So traffic may appear to come from your host IP address, then get translated to your guest IP address.

NAT is like a house router with only one LAN port, so only one guest can connect to it. That guest will not be able to easily talk to any other guest, unless you put another network in the guest.

NAT Network, is more like a real house router, with as many LAN ports as guests you have attached to it. All the guests attached to a particular NAT Network can talk to each other by IP address, because they're all on the same Virtualbox-generated virtual "LAN" inside your host PC. These guests will not be able to talk to other guests on other NAT networks, or on guests connected to just NAT.

[cluelesscoder]

Nice, that's a great explanation.

How is 10.0.2.2 selected? What's 10.0.2.1? Can I change it? Inside a VM, in the Network preference there's Network CIDR which has 10.0.2.0/24 but changing it doesn't seem to do anything.

[socratis]

How is 10.0.2.2 selected? What's 10.0.2.1? Can I change it?

Those are the hardcoded defaults, you cannot change them AFAIK, plus there is no need to. Think of it as your home router coming pre-configured with a 192.156.123.0/24 address range that cannot be modified. You don't really care, do you?

If you're really hard pressed into changing the NAT options, I would suggest switching from "NAT" to "NATNetwork" (aka "NAT Service"). They're almost identical, with two exceptions: 1) NATNetwork allows for multiple VMs to communicate with each other if they're both using it, and 2) it's configurable, address range and the lot, under VirtualBox » Preferences » Network » NAT Networks.

[cluelesscoder]

By the way, it looks like you can change the NAT address as discussed here with this command:

Code: Select all

VBoxManage modifyvm "VM name" --natnet1 "192.168/16"

I don't care that much about changing the address, but understanding the knobs helps me understand the nuts and bolts a bit. I still don't really know how to create NAT outside of the Virtualbox world, though, which would be ideal.

[scottgus1]

By the way, it looks like you can change the NAT Network address ... with this command:

FTFY See above, re differences between NAT and NAT Network.

[scottgus1]

I still don't really know how to create NAT outside of the Virtualbox world

what exactly do you mean? What are you trying to achieve?

[BillG]

NAT (Network Address Translation) is a well-known procedure and is well documented. Google it. It is not just a VirtualBox thing. Among other things it allows the machines on a LAN to share a single public address. Every DSL router does NAT for the local LAN to share the router's public IP.

If you really want to run your own NAT router and configure it yourself you certainly can. Simply put all of your vms in an internal virtual network and install a routing appliance like pfSense in another vm to do NAT for your vms. You can use any address space you like (once you work out how that works).

You other questions about the actual IP addresses used really belong to another topic - DHCP (also well documented). DHCP in a protocol which automatically allocates IP addresses to the various machines in a network so that they can access each other and other networks. I can assure you that the alternative of doing that yourself becomes pretty tedious very quickly.

CIDR is also well documented if you are a glutton for punishment.