virtualbox.org

I originally posted this on ServerFault but it's also appropriate here. I wasn't able to find much documentation on this, probably because it's such an unusual issue to search for.

I have a Linux VM with NAT and PAT configured. Let's say ports 2000 and 2001 are forwarded to the VM. These ports are also configured for external access on a device such as a router using a domain name such as mydomain (I don't have permission to add "dot com", but it should still be clear). The following command is first run:
This service can be tested locally and externally:
Now we test port 2001 which is not currently listening on the guest:
The problem is nc -v mydomain 2001. The connection should be refused. It looks like VirtualBox automatically binds to forwarded ports on the host machine regardless of whether those ports are being listening to on the VM. How can this be resolved? Do I need to configure proxy settings?

Best of my knowledge, this cannot be configured any other way - and how could it? Virtualbox can only bind at start and try to connect at runtime.
From the OS point of view, the port is binded on the host, all that matters. The only way to make the OS reply as connection denied would need to have the port not binding, but then how do you know when you get a connection

If that's the case, then shouldn't this also occur for any proxy or NAT'ing software? I also wonder if VMWare has similar results.

It would depends how this is managed, and from where.
Virtualbox does this in user-space, and this is the only possible behaviour. If you were to do it in the Kernel, then yes, you could make it work (and that's how NAT software work, at kernel level).