Expected access with "NAT Network"

[DerekSmall]

I've fought with the network types alot with VirtualBox. I think I understand what each one is and how each one works, but I can't find anything that does this, which is shocking.

I want to allow my guest VMs to talk to each other, AND to talk to the host, AND they need to be NAT'd to whatever IP my host (laptop) is using for Internet access. If my laptop is on a wired connection, I just use a bridge adapter on my VMs and everything can talk correctly over the local LAN, host, VMs and they cal all reach the Internet. However, if my laptop is on wireless connection, bridging only seems to work on non-secure wireless SSIDs (as I would expect). So when I only have access to the Internet from my laptop via wireless, there doesn't seem to be a network option in VirtualBox which will let my VMs talk to my laptop (host) and allow them all to talk to the Internet.

I would think that using "NAT Network" would work for this. It does allow the VMS to the Internet, and to talk to each other, but they can't talk to the host, and I've read several places which has stated "this will never work". So why is that? Is it some limitation of VirtualBox, or just something the developers haven't every try to address. And why is it impossible with VirtualBox for my VMs to talk to each other, to my host, and to the Internet over anything but a bridged hardwired connection?

[scottgus1]

Bridged may not always work with a Wifi adapter, due to strict implementation of the Wifi protocols by either the wifi adapter driver or the access point firmware, neither of which are controllable by Virtualbox. Technically Wifi cannot Bridge, but some combinations of wifi adapter drivers and access point firmware implement these protocols in a lax fashion so Bridged can squeeze through. This appears to not be related to secure vs non-secure wi-fi: I can Bridge with my laptop via Wi-fi to my house Wi-fi router, with WPA2 active. It is more likely the non-secure Wi-fi's you're connecting to happen to also be lax in implementing the Wi-Fi protocols, so Bridged can work.

NAT and NAT network act like house network routers. They allow traffic on the "LAN" and out over the internet, and allow solicited traffic that the OS's behind the NAT asked for to respond. They do not allow unsolicited internet traffic unless ports are opened, same as a house network router would do. NAT network is like a typical house router with a NAT device and a LAN switch, to connect to as many guests as you want. NAT has only one "LAN" port to go to only one guest network card, so it is a private channel for just that one guest.

To NAT and NAT network, the host is on the WAN side, same as the internet. NAT & NAT network can get to the host's services via the host's IP address, or by name if you tell the guests what IP address to use when you type the host's name (HOSTS file?). The host cannot access the guest unless you open ports in NAT or NAT network.

Free unconstrained host/guest/physical-LAN/internet communication requires Bridged.

We often recommend that if you want Wi-fi and host/guest/Internet communication, use two network cards in each guest: one to NAT for internet, the other to Host-Only. Host-Only allows all guests and the host on a private network. Host-Only can't access the LAN though.

[DerekSmall]

Everything you said aligns with my understanding of bridged, NAT, and NAT Network interfaces with VirtualBox, except for one thing. When you create a VM with a NAT network interface, VirtualBox creates a new NIC on the host. The default is to use 192.168.45.x/24 on that network. Then VirtualBox creates a DHCP server for that network and gives out IP address to; your host, and any VMs which are bought up. For anything on that network to talk to the Internet, that traffic gets NAT'd to the IP address of your host (laptop), by VitualBox. So VirtualBox (which is the default gateway for the NAT network, 192.168.45.1) acts just like your home router, and NATs anything on your private home network (usually 192.168.0.0/24) to some public IP address on the WAN port of your home router. So the private address is not on the WAN side of that NAT device (either your home router or VirtualBox depending on the senario), The private address is the 192.168.x.x addressed network, or the "NAT Network" in VirtualBox. So There is absolutely no reason why the host should not be able to talk to anything on that NAT network. If VirtualBox didn't create a new local NIC on the host and give it an IP address on the NAT network, then I agree it would be like trying to access a system on your internal home network from the outside of your home router.

VirtualBox allows you to configure port forwarding, which I also tried, but I haven't had any luck with that either. I tried using the IP address of the VirtualBox NAT network on the host, as the source, a loopback interface on the host, and the NIC on the host with has Internet access, but none of them would allow me to map a connection through to the VM for the port I was trying.

[scottgus1]

Sorry if I'm going over things you already know, but just to clarify, the 'host' is the physical PC that Virtualbox runs on, and the 'guests' are the virtual machines.

When you create a VM with a NAT network interface, VirtualBox creates a new NIC on the host. The default is to use 192.168.45.x/24 on that network.

Not on any Virtualbox that I have ever used. Host-Only makes the virtual NIC on the host, and the default is 192.168.56.### with the host at 192.168.56.1 and DHCP server to attached guests starting at 192.168.56.100 (or 101). NAT network does not make a virtual NIC on the host.

I have never seen NAT or NAT network make a new NIC in the host.

The default network IP range on a NAT or NAT network is 10.0.2.###, though for NAT network this can be changed manually.

VirtualBox (which is the default gateway for the NAT network, 192.168.45.1) acts just like your home router, and NATs anything on your private home network (usually 192.168.0.0/24) to some public IP address on the WAN port of your home router.

Virtualbox does not route anything on the host's LAN or host traffic anywhere. (unless you have put a second physical NIC in your host and physically place the host between the LAN and the router, then Bridge both NICs into a guest that acts as a router, and finagle the host Bindings so the host only can use the second NIC's Bridge. Special setup that requires much intentional action, you will never accidentally fall into such a setup.)

The default 192.168.45.# makes me wonder if you are running Vagrant or Docker or any other Virtualbox-dependent 3rd-party program?

The way NAT and NAT network works is like this:

NAT network.png (70.8 KiB) Viewed 4423 times

NAT only allows one guest, NAT network allows multiple guests. Neither routes host or physical LAN traffic on the LAN side of the NAT network 'router' (the little Linksys shown in the middle). Host and physical LAN stay on the WAN side of the 'router' and have to be requested by the 'router's' LAN side or through pre-opened ports. (the 'unmanaged switch' may not actually be created by Virtualbox, but that's the final result: all host & NAT/NAT network traffic get thrown together down tho the Ethernet wall port, just as if there were an unmanaged switch behind your PC.)