NAT and port forwarding - need to restrict access
Posted: 2. Oct 2013, 20:51
Hello all,
New to the forum, so bear with me here. I have searched for my query but have not been able to find an answer, so here it goes.
I have a WinXP guest OS on a Win 7 (64-bit) host OS. VirtualBox is 4.2.16.
I have a service running on the guest OS on an arbitrary high tcp port which I want to access from the host OS. The vm has the default Networking configuration: NAT. I have added Port Forwarding in the Advanced section of the UI, and it works just fine to allow access from host OS to the guest OS's high port.
The port forwarding configuration I added is as follows:
Name: Some name
Protocol: TCP
Host IP: [blank]
Host Port: 50000
Guest IP: [blank]
Guest Port: 50000
With this, if I telnet to localhost port 50000 on the host OS I do see what I expect to see, with the service on the guest OS providing the expected response.
I have left the Guest IP blank per the VirtualBox documentation, which states that if your vm is obtaining an IP address off of the built-in DHCP server, no specific IP address needs be stated.
I have left the Host IP blank following one of the samples I saw, but I understand that this means that packets directed to the host OS's port 50000/tcp will be forwarded to the guest OS regardless of the source IP address, i.e. not just those packets originating from the host OS will be forwarded to the guest OS.
Now I want to restrict that, for security reasons, only allowing the port forwarding feature to forward traffic originating from the host OS, and not from other devices on the network.
The machine (laptop) all this is set up on has only two IP addresses: one obtained from my home WLAN network (wireless driver), and one from the VirtualBox network.
I have tried listing each of them in the Host IP field of the port forwarding config, in the hope that my host-OS-generated traffic would still go through to the guest OS, and no other traffic would... but now the service is not reachable anymore.
Am I doing something wrong? Am I interpreting the Host IP in the port forwarding configuration wrong? Should I maybe assign an IP address to the LAN NIC (unused) and go with that?
Any insight will be much appreciated. Sorry if this ended up being a bit long, just wanted to provide enough background.
Thanks,
Santiago
New to the forum, so bear with me here. I have searched for my query but have not been able to find an answer, so here it goes.
I have a WinXP guest OS on a Win 7 (64-bit) host OS. VirtualBox is 4.2.16.
I have a service running on the guest OS on an arbitrary high tcp port which I want to access from the host OS. The vm has the default Networking configuration: NAT. I have added Port Forwarding in the Advanced section of the UI, and it works just fine to allow access from host OS to the guest OS's high port.
The port forwarding configuration I added is as follows:
Name: Some name
Protocol: TCP
Host IP: [blank]
Host Port: 50000
Guest IP: [blank]
Guest Port: 50000
With this, if I telnet to localhost port 50000 on the host OS I do see what I expect to see, with the service on the guest OS providing the expected response.
I have left the Guest IP blank per the VirtualBox documentation, which states that if your vm is obtaining an IP address off of the built-in DHCP server, no specific IP address needs be stated.
I have left the Host IP blank following one of the samples I saw, but I understand that this means that packets directed to the host OS's port 50000/tcp will be forwarded to the guest OS regardless of the source IP address, i.e. not just those packets originating from the host OS will be forwarded to the guest OS.
Now I want to restrict that, for security reasons, only allowing the port forwarding feature to forward traffic originating from the host OS, and not from other devices on the network.
The machine (laptop) all this is set up on has only two IP addresses: one obtained from my home WLAN network (wireless driver), and one from the VirtualBox network.
I have tried listing each of them in the Host IP field of the port forwarding config, in the hope that my host-OS-generated traffic would still go through to the guest OS, and no other traffic would... but now the service is not reachable anymore.
Am I doing something wrong? Am I interpreting the Host IP in the port forwarding configuration wrong? Should I maybe assign an IP address to the LAN NIC (unused) and go with that?
Any insight will be much appreciated. Sorry if this ended up being a bit long, just wanted to provide enough background.
Thanks,
Santiago
