source: vbox/trunk/doc/manual/en_US/dita/topics/network_internal.dita

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic xml:lang="en-us" id="network_internal">
  <title>Internal Networking</title>
  
  <body>
    <p>Internal Networking is similar to bridged networking in that the VM can directly communicate with the outside
      world. However, the outside world is limited to other VMs on the same host which connect to the same internal
      network. </p>
    <p>Even though technically, everything that can be done using internal networking can also be done using bridged
      networking, there are security advantages with internal networking. In bridged networking mode, all traffic goes
      through a physical interface of the host system. It is therefore possible to attach a packet sniffer such as
      Wireshark to the host interface and log all traffic that goes over it. If, for any reason, you prefer two or more
      VMs on the same machine to communicate privately, hiding their data from both the host system and the user,
      bridged networking therefore is not an option. </p>
    <p>Internal networks are created automatically as needed. There is no central configuration. Every internal network
      is identified simply by its name. Once there is more than one active virtual network card with the same internal
      network ID, the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> support driver will automatically
        <i>wire</i> the cards and act as a network switch. The <ph conkeyref="vbox-conkeyref-phrases/product-name"/>
      support driver implements a complete Ethernet switch and supports both broadcast/multicast frames and promiscuous
      mode. </p>
    <p>In order to attach a VM's network card to an internal network, set its networking mode to Internal Networking.
      There are two ways to accomplish this: </p>
    <ul>
      <li>
        <p>Use the VM's <b outputclass="bold">Settings</b> window in <ph conkeyref="vbox-conkeyref-phrases/vbox-mgr"/>.
          In the <b outputclass="bold">Network</b> category of the Settings window, select <b outputclass="bold"
            >Internal Network</b> from the drop-down list of networking modes. Select the name of an existing internal
          network from the drop-down list below, or enter a new name into the <b outputclass="bold">Name</b> field. </p>
      </li>
      <li>
        <p>Use the command line, for example: </p>
        <pre xml:space="preserve">VBoxManage modifyvm "VM name" --nic&lt;x&gt; intnet</pre>
        <p>
          Optionally, you can specify a network name with the command:
        </p>
        <pre xml:space="preserve">VBoxManage modifyvm "VM name" --intnet&lt;x&gt; "network name"</pre>
        <p>If you do not specify a network name, the network card will be attached to the network
            <codeph>intnet</codeph> by default. </p>
      </li>
    </ul>
    <p>Unless you configure the virtual network cards in the guest operating systems that are
      participating in the internal network to use static IP addresses, you may want to use the DHCP
      server that is built into <ph conkeyref="vbox-conkeyref-phrases/product-name"/> to manage IP addresses for the internal
      network. See <xref href="vboxmanage-dhcpserver.dita"/>. </p>
    <p>As a security measure, by default, the Linux implementation of
      internal networking only allows VMs running under the same user ID
      to establish an internal network. However, it is possible to
      create a shared internal networking interface, accessible by users
      with different user IDs.
    </p>
  </body>
  
</topic>