virtualbox.org

Hi,

I'm using virtualbox to simulate our network for test purposes - the backup images of our machines lets me load them directly into virtualbox and use them.

I have some servers running on a host-only network (10.1.1.0/24) - this is the same network they run on in the real world, so isolated to host-only network.
They get there internet access via a Microsoft ISA 2004 server with two NIC's - one on the host-only network and the other nic using NAT for internet access (I used this same arrangement successfully with vmware server last year, but virtualbox now has better integration with our backup images so trying to make this work).

So as I don't have to modify all the firewall rules everytime I reload this server from a backup image, due to changed network addresses, I want to specify the NAT addresses to simulate the real world.
For this client machine I want its NAT address to be 123.45.67.108.
I want to find the NAT gateway (preferably) at 123.45.67.105.
This fits a network of 123.45.67.104/29.

To set this network I tried to use the command:
vboxmanage modifyvm "ISA2004-A" --natnet1 "123.45.67.104/29"

However, this doesn't really give me what I need. Can't find any gateway address that is working.
The documentation seems to hint that I can only set my NAT to a network with a mask of 16 where I want to use 29.

Is it possible to be specific about the NAT addressing with VirtualBox?
If so, how do I do it?

Thanks,
Bryce Stenberg.

I would not try to modify the built-in NAT server to do something like that. I would run my own NAT server in a vm and configure it myself. I would also not use the host-only network for this.

I would run the NAT router in a vm with one NIC linked to the physical network and one in an internal network. I would then have the servers in a different internal network and the ISA server linking the two internal networks. eg

Internet
|
public IP
NAT
pseudo public IP (gateway 123...105)
|
pseudo public IP (123....108)
ISA
private IP (gateway for 10.1.1 servers)
|
servers 10.1.1.x

Thanks Bill.

I hadn't considered running another VM to be the router - great idea, I will give it a try.

I will have to rely on the host-only network isolating my servers from the real network with the same addressing scheme as to many configuration changes are needed every time I load up a fresh VM from an imaged backup. At the moment this piece seems to behave providing the expected isolation. Do you know of specific issues that may arise if I continue to use the same address space as the real network in the host-only network?

Regards, Bryce Stenberg.

You should not have any problems with address duplication if you are behind a NAT. Only the "public" address of the NAT server is seen on the outside network. All other addresses are translated by the NAT router. The NAT router handles all traffic using its own address and redirects replies to the machines behind the NAT.