Page 1 of 1
Trying to stop the NAT option in settings
Posted: 8. Nov 2013, 15:15
by ITSummers
Hello I am an IT Support Assistant working at a college and the college's computing department are wanting to use virtual box on our network pc's however the issue we have with this is that the "NAT" network setting is allowing too much access to our network. For example when a virtual machine has been built e.g. Windows 7 Enterprise 32bit. The machine in NAT mode is able to search our network using a net scan software listing all out machines in out IP range and all there details, this machine can also ping other devices which we are trying to stop. Is there a way of turning off this setting in VB so that NAT is not an option I know you can do it with bridge and host only. If not are then any other free alternatives like VB online at the minute.
Thanks
Jack Summers IT Services Support Assistant
North Nottinghamshire College
Re: Trying to stop the NAT option in settings
Posted: 8. Nov 2013, 22:21
by noteirak
There is no way to directly restrict NAT usage from Virtualbox, no.
On the other hand, NAT network mode means that the traffic originate from the Virtualbox process on the host, so you could actually configure the Windows firewall to prevent traffic from the process (not sure if it is the Virtualbox or the VBoxSVC one)? That is easly done with GPOs.
The same way, you can restrict network by using the firewall within the guest itself, with GPOs too.
Re: Trying to stop the NAT option in settings
Posted: 9. Nov 2013, 01:11
by BillG
Yes you could use bridged, but the guest would have even better access to the host's network! And with host only, the guest would have access to the host machine only (as the name implies).
In any case there is no way to prevent a user who has access to the host from altering the vm settings to whatever they please.
If you want to restrict the network access of the vm you will need to use standard tools, not the vm settings.
Re: Trying to stop the NAT option in settings
Posted: 20. Nov 2013, 18:55
by ITSummers
Thank you for your replies, i have used the windows firewall to try and stop the NAT networking option from accessing our network, literaly all the exe. files inside c:\program files\oracle\virtualbox however i was still able to ping an internal network server, so there is still something from the VM getting out and managing to ping one of out internet server. So frustrating!!!!
