| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="network_nat">
|
|---|
| 4 | <title>Network Address Translation (NAT)</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p>Network Address Translation (NAT) is the simplest way of accessing an external network from a virtual machine.
|
|---|
| 8 | Usually, it does not require any configuration on the host network and guest system. For this reason, it is the
|
|---|
| 9 | default networking mode in <ph conkeyref="vbox-conkeyref-phrases/product-name"/>. </p>
|
|---|
| 10 | <p>A virtual machine with NAT enabled acts much like a real computer that connects to the Internet through a router.
|
|---|
| 11 | The router, in this case, is the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> networking engine, which
|
|---|
| 12 | maps traffic from and to the virtual machine transparently. In <ph conkeyref="vbox-conkeyref-phrases/product-name"
|
|---|
| 13 | /> this router is placed between each virtual machine and the host. This separation maximizes security since by
|
|---|
| 14 | default virtual machines cannot talk to each other. </p>
|
|---|
| 15 | <p>The disadvantage of NAT mode is that, much like a private network behind a router, the virtual machine is
|
|---|
| 16 | invisible and unreachable from the outside internet. You cannot run a server this way unless you set up port
|
|---|
| 17 | forwarding. See <xref href="natforward.dita#natforward"/>. </p>
|
|---|
| 18 | <p>The network frames sent out by the guest operating system are received by <ph
|
|---|
| 19 | conkeyref="vbox-conkeyref-phrases/product-name"/>'s NAT engine, which extracts the TCP/IP data and resends it
|
|---|
| 20 | using the host operating system. To an application on the host, or to another computer on the same network as the
|
|---|
| 21 | host, it looks like the data was sent by the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> application on
|
|---|
| 22 | the host, using an IP address belonging to the host. <ph conkeyref="vbox-conkeyref-phrases/product-name"/> listens
|
|---|
| 23 | for replies to the packages sent, and repacks and resends them to the guest machine on its private network. </p>
|
|---|
| 24 | <note>
|
|---|
| 25 | <p>Even though the NAT engine separates the VM from the host, the VM has access to the host's loopback interface
|
|---|
| 26 | and the network services running on it. The host's loopback interface is accessible as IP address 10.0.2.2. This
|
|---|
| 27 | access to the host's loopback interface can be extremely useful in some cases, for example when running a web
|
|---|
| 28 | application under development in the VM and the database server on the loopback interface on the host. </p>
|
|---|
| 29 | </note>
|
|---|
| 30 | <p>The virtual machine receives its network address and configuration on the private network from a DHCP server
|
|---|
| 31 | integrated into <ph conkeyref="vbox-conkeyref-phrases/product-name"/>. The IP address thus assigned to the virtual
|
|---|
| 32 | machine is usually on a completely different network than the host. As more than one card of a virtual machine can
|
|---|
| 33 | be set up to use NAT, the first card is connected to the private network 10.0.2.0, the second card to the network
|
|---|
| 34 | 10.0.3.0 and so on. If you need to change the guest-assigned IP range, see <xref href="changenat.dita">Fine Tuning
|
|---|
| 35 | the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> NAT Engine</xref>. </p>
|
|---|
| 36 | </body>
|
|---|
| 37 | </topic>
|
|---|
