virtualbox.org

The port forwarding option in network settings is confusing.

Ok, why? Here's why.

• Name - I couldn't care less. What does it matter what a rule is called? But okay, some folks might go all the way.
• Protocol - Fine, understood.
• Host IP - What do I enter here? The IP address of the host? This is already known, and to be fair, it doesn't matter, because there's only one host. So essentially this field could be left out, for the NAT module to figure it out automagically. It'd also make transplanting the VM from one host to another a less painful process.
• Host Port - I guess this is the port you need to forward?... Say I wanna forward port 3389, I enter 3389 here?
• Guest IP - This is really confusing me. Why do I have to fill this out when the guest is on NAT? I have no way of knowing its IP-addres in advance, because NAT means using DHCP. Another thing is that in the Settings for a guest, there's only a single guest, so why exactly do I need to basically re-specify the guest?... Again, this is one that the NAT module can work out by itself.
• Guest Port - I guess this is the port you need to forward?... Say I wanna forward port 3389, I enter 3389 here? How/why is this different from Host Port?...

If you feel compelled to explain the specifics of using NAT in VirtualBox, go right ahead, but really what I'm aiming for, is for the developers to make the Port Forwarding module more intuitive. This should be preferrable to an overly complex program (and documentation by extension).

Topic moved to Suggestions forum. Please choose appropriate forums for your posts: e.g. this topic has nothing to do with "Windows Hosts".

I'm afraid your suggestion is a bit one-sided. Just because you don't see the use of certain configuration value does not mean they are useless.
Your use case might be extremely simple, and therefore only few fields are required, but port forwarding is NOT a "newbie" feature, from a networking point of view.
All these value are important, and I would be very angry if they were not configurable by default like right now.

Not saying your suggestion is bad - easier is most of the time better - but in this case, most people would want the extra config options rather than not.
You also seems to missunderstand how Virtualbox works, and I'll give you some insight :

Name - I couldn't care less. What does it matter what a rule is called? But okay, some folks might go all the way.

Because you want to remember what the rule is for. Having a single rule, that might be obvious. When you have dozens, maybe not so much.

Host IP - What do I enter here? The IP address of the host? This is already known, and to be fair, it doesn't matter, because there's only one host. So essentially this field could be left out, for the NAT module to figure it out automagically. It'd also make transplanting the VM from one host to another a less painful process.

What if your host has several IPs (fairly common for a server or an advanced workstation) and you only want to listen on one IP, because you want to re-use the same port on another IP?

Host Port - I guess this is the port you need to forward?... Say I wanna forward port 3389, I enter 3389 here?

This is the port you can use on the host to reach the port you'll configure for the guest. This is the fundamental configuration of a NAT device.

Guest IP - This is really confusing me. Why do I have to fill this out when the guest is on NAT? I have no way of knowing its IP-addres in advance, because NAT means using DHCP. Another thing is that in the Settings for a guest, there's only a single guest, so why exactly do I need to basically re-specify the guest?... Again, this is one that the NAT module can work out by itself.

NAT doesn't mean DHCP. Virtualbox provides a DHCP server for easy use, but you're free to set a static IP on the guest. Then, you'll need to configure this field.

Guest Port - I guess this is the port you need to forward?... Say I wanna forward port 3389, I enter 3389 here? How/why is this different from Host Port?...

This is the port you want to reach on the guest, on the opposite of the port you want to listen to to reach it on the host.

Virtualbox doesn't do anything special. These are the very fundamental variable you want to configure on a NAT device.

this topic has nothing to do with "Windows Hosts".

Okay I was assuming it to be the right place since I'm using a Windows Host... Depends on the POV I suppose. I'll take care with this next time.

So okay, so the port forwarding is just a generic NAT thing. It's not tailored for virtualbox? I would presume it would be. Or at least wish for it to be, if that makes sense.

What if your host has several IPs (fairly common for a server or an advanced workstation) and you only want to listen on one IP, because you want to re-use the same port on another IP?

So, can we not have it filled out automatically at least? I would think that most everyday pc's have only one IP-address, or at least only one that's connected to something. And VirtualBox is not suited for use on servers, right? Or is there a special server package (like a web interface) that I'm not aware of? Anyway, irrelevant - I'm on a workstation

This is the port you can use on the host to reach the port you'll configure for the guest. This is the fundamental configuration of a NAT device.

Oh wait, so it opens a port on the host as well? So anyone on the LAN can access the forwarded port by just knowing which port I have entered for Host Port? Now I'm starting to understand how it's been set up. I was expecting the Port Forwarding feature to "just" open a port toward to guest, so that I can just connect directly to the guest's IP-address + that port. But I have to connect to the IP-address of the host using the Host Port?

Isn't there a more straightforward way of opening a port toward the guest then?

NAT doesn't mean DHCP. Virtualbox provides a DHCP server for easy use, but you're free to set a static IP on the guest. Then, you'll need to configure this field.

I guess that's right, but NAT *does* mean that VB is very much aware of the guest's network interface(s), so it could in theory work out its IP-address even if it's static, right?... But when the guest is using DHCP after all, VB knows very well what the guest IP-address is. In fact, it can't not know

This is the port you want to reach on the guest, on the opposite of the port you want to listen to to reach it on the host.

Yeah, it got there by now.

Well thanks for explaining how that works... I see now that Port Forwarding is rather verbose (for me anyway, if I may say so). It may not be what I'm looking for then.

Is there an easy way of allowing a port to be accessed on the guest, without having to forward each and every one of them? Let's say I've installed a linux server and want to access it via SSH. Normally I would connect to its ip-address using putty and be done with it. But when dealing with a VB guest, connecting to its IP-address is like the machine isn't there. Should I use Port Forwarding still, and (rather awkwardly) connect to my host IP-address instead, or should I be using a different setup than NAT+DHCP for guest?

I moved your topic to "Using Virtualbox" since this is more a missunderstanding of the feature rather than a suggestion for change.

First things first : Virtualbox is not a tool that can be used by anyone. It still requires some basic knowledge of how computers and networks work. Virtualbox does not implement a special kind of NAT or anything, it implements how NAT is designed to work. I would suggest you read on what NAT really is, its purpose and what information are therefore required to put such configuration in place.

thanatica wrote:So okay, so the port forwarding is just a generic NAT thing. It's not tailored for virtualbox? I would presume it would be. Or at least wish for it to be, if that makes sense.

Virtualbox could not be tailored to NAT or the other way around : NAT achieves something specific, well documented, and with a defined scope.

thanatica wrote:So, can we not have it filled out automatically at least? I would think that most everyday pc's have only one IP-address, or at least only one that's connected to something. And VirtualBox is not suited for use on servers, right? Or is there a special server package (like a web interface) that I'm not aware of? Anyway, irrelevant - I'm on a workstation

Virtualbox is suited to run on servers as well, and has all the features you would expect it to have. The devs simply on advertising the desktop side of it.

As for the "only one IP address", this is where you get it wrong : every machine that has an outside connection has at least 2 IPs (127.0.0.x + the main NIC) and there are at least 3 possible options to listen to (0.0.0.0 which means any IP at any time, and the two others I gave you). So regardless of what you have, even no outside connection, you have two possible values. This is true for any software that listens for connection.

thanatica wrote:Oh wait, so it opens a port on the host as well? So anyone on the LAN can access the forwarded port by just knowing which port I have entered for Host Port? Now I'm starting to understand how it's been set up. I was expecting the Port Forwarding feature to "just" open a port toward to guest, so that I can just connect directly to the guest's IP-address + that port. But I have to connect to the IP-address of the host using the Host Port?
Isn't there a more straightforward way of opening a port toward the guest then?

Virtualbox is not magic it only use the TCP/IP stack features. If you don't put a value in the host IP field, it will listen on 0.0.0.0, which means any IP as explained before. If you only want it to exist from within the host, you need to use 127.0.0.1
Yes you will need to use the host IP and port values, this is how NAT works. The host is the "outside" part of the NAT.

thanatica wrote:I guess that's right, but NAT *does* mean that VB is very much aware of the guest's network interface(s), so it could in theory work out its IP-address even if it's static, right?... But when the guest is using DHCP after all, VB knows very well what the guest IP-address is. In fact, it can't not know

NAT does not mean Virtualbox is aware of the guest network interface - how could it? Again, nothing is magical here. There needs to be some logical attribution of the NAT link.
If you use DHCP in the guest, it will send a DHCP broadcast that the Virtualbox DHCP server will answer which will make it aware of the guest interface. If you use static, no such request is made.
Since nothing stops the guest to have several static IPs, Virtualbox cannot assume knowing the IP here. Maybe the user wants to match certain ports to a specific IP, and others ports to another with different firewall rules...

thanatica wrote:Is there an easy way of allowing a port to be accessed on the guest, without having to forward each and every one of them? Let's say I've installed a linux server and want to access it via SSH. Normally I would connect to its ip-address using putty and be done with it. But when dealing with a VB guest, connecting to its IP-address is like the machine isn't there. Should I use Port Forwarding still, and (rather awkwardly) connect to my host IP-address instead, or should I be using a different setup than NAT+DHCP for guest?

If you want to access the guest the easiest way, and only from the host, then you need to use Host-Only mode. This is a "true" network emulation and from the host OS and guest OS, there will be no difference than if the guest was a real PC directly connected to the host with its own cable.
You'll be able to use the guest IP, and it won't be visible from anyhwere in your network, only to the host (hence host-only).
If you want the guest to appear on the network like any other computer that might be connected, use Bridged.

You should really read on the different Virtualbox networking modes and see what seems best to you. Also, you should maybe read on networking in general to fully grasp what all of this means.

Two words. Host Only. As described in your copy of the users manual ( chapter 6 ).

Ok thanks, noteirak, for clearing things up. I do have a basic understanding of the concept of NAT. I just didn't expect it to be integrated into VB quite the way it was... I was honestly expecting things to be easier, since when dealing with VM's, in mind at least, these port mapping *can* be as easy as setting a single number. In my setup, this *should* be possible in theory. VB *could* work out the rest. But since it has to deal with all kinds of situations, sadly it doesn't, not even when it might be possible... That's how I'm seeing it anyway.

So Host Only it is. Hm. It's a network thing that sort of hooks into the host network stack. I'm probably using the wrong words, though.

I've used Host Only before, but was missing one thing: internet access from within the guest didn't work. So I ended up switching between NAT and HO, with is even less ideal. Isn't there a way to do NAT, but have the guests still reachable as with HO? Or is there a more proper way to allow internet access through a HO network?

Thanks Perryg as well. Admittedly, and no offense, the users manual doesn't look particularly inviting to me, to go and read on a rainy sunday or something. If you know what I mean
Last proper manual I've read is the one that came with my dish washer

Nothing stops you to have two network adapters for the VM: one NAT, one HO.
You would then have the NAT get its IP by DHCP, so you get the outside world, and HO for your personal needs.
If you don't want the guest accessible by another host than your own, and not want to hassle to configure firewall rules, this is the easiest option and is an "official" one.

You don't have to read the entire manual but it is expected of you to read at least the section that you are having issues with. Otherwise you come off as lazy and expect everyone else to do your work for you.