Networking - NAT plus Host-only

[Paul Moore]

I want to create a VM that has NAT access to the internet, and is also accessible via SSH from the host PC. The appropriate solution seems to be to have 2 network adapters, a NAT adapter and a host-only one. I can't use bridged because my host PC is on a corporate network which won't allow nonstandard build systems to register on the LAN.

My problem is that my host (a Windows 7 laptop) has a complex mix of networking: (1) a wired connection to the corporate network, (2) a wireless connection to the internet via my broadband provider, and (3) a VPN over my broadband to the work network. Any one of these can be running at any given time. My problem is that while the host-only adapter is accessible when the wired connection is up, it is not accessible when the VPN is running (I haven't checked the broadband yet). It appears that there is no route to the host-only subnet - the only route is to the gateway itself.

I know very little about Windows networking, and just to make things worse I have no idea if the corporate firewall software may be involved. So I don't know if the lack of a route is to be expected or some sort of unusual issue. But can anyone help me to set up a VM that will be accessible as described (NAT access to the internet, SSH connectivity from the host) whatever network connection the host is using? I know I can RDP to the guest console, but I specifically need SSH for the tools I'm using.

Thanks,
Paul

PS I'm not able to get much help from corporate IT - the setup I'm trying to create isn't prohibited, but it's definitely unsupported

[BillG]

Access to the host should not be affected by what network the host is using. The Host Only connection at the host end is a virtual adapter (on the host). It has an IP in its own subnet and the guest will have an IP in the same subnet (unless you have changed them). It does not need a route or a gateway. Two machines in the same network on the same subnet communicate directly using hardware (MAC) addressing. Gateways and routes are irrelevant.

Check the IP address of the guest and host adapters involved.

[Paul Moore]

Bah, never mind. I checked the route tables before and after connecting to the corporate VPN, and it's starting the VPN that removes the route table entries for the host-only adapter. Looks like it is the corporate security policies that are messing me up. Thanks for the pointer.

Paul

[Paul Moore]

As a final followup, in case someone else stumbles on this post looking for an answer, I didn't actually need the second host-only adapter at all. I can set up port forwarding on the NAT adapter for the VM. There's an example in the manual:

Code: Select all

VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"

This will allow me to ssh to localhost:2222 on the host, and connect to the ssh server. That's basically all I needed, and avoids any need to mess around with second virtual NICs. Obviously if I needed to expose other services, I'd end up with more forwarding rules, but the principle is the same.

Paul