VirtualBox

source: vbox/trunk/doc/manual/en_US/user_Networking.xml@ 74929

Last change on this file since 74929 was 73276, checked in by vboxsync, 7 years ago

doc/manual: Big build system overhaul, because the use of entities and catalogs eliminates the need to have placeholders in XML which previously needed separate preprocessing. Many cleanups, including replacing almost all pattern rules (since their dependencies had to be too generous) and using defines instead. Also integrated many cleanups for the user manual text (which needs careful review, couldn't check yet if it uses any additional tags which some of our XSLT would ignore).

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 53.0 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
4<!ENTITY % all.entities SYSTEM "all-entities.ent">
5%all.entities;
6]>
7<chapter id="networkingdetails">
8
9 <title>Virtual Networking</title>
10
11 <para>
12 As mentioned in <xref linkend="settings-network" />, VirtualBox
13 provides up to eight virtual PCI Ethernet cards for each virtual
14 machine. For each such card, you can individually select the
15 following:
16 </para>
17
18 <itemizedlist>
19
20 <listitem>
21 <para>
22 The hardware that will be virtualized.
23 </para>
24 </listitem>
25
26 <listitem>
27 <para>
28 The virtualization mode that the virtual card operates in, with
29 respect to your physical networking hardware on the host.
30 </para>
31 </listitem>
32
33 </itemizedlist>
34
35 <para>
36 Four of the network cards can be configured in the Network section
37 of the settings dialog in the graphical user interface of
38 VirtualBox. You can configure all eight network cards on the command
39 line using VBoxManage modifyvm. See
40 <xref linkend="vboxmanage-modifyvm" />.
41 </para>
42
43 <para>
44 This chapter explains the various networking settings in more
45 detail.
46 </para>
47
48 <sect1 id="nichardware">
49
50 <title>Virtual Networking Hardware</title>
51
52 <para>
53 For each card, you can individually select what kind of
54 <emphasis>hardware</emphasis> will be presented to the virtual
55 machine. VirtualBox can virtualize the following types of
56 networking hardware:
57 </para>
58
59 <itemizedlist>
60
61 <listitem>
62 <para>
63 AMD PCNet PCI II (Am79C970A)
64 </para>
65 </listitem>
66
67 <listitem>
68 <para>
69 AMD PCNet FAST III (Am79C973), the default setting
70 </para>
71 </listitem>
72
73 <listitem>
74 <para>
75 Intel PRO/1000 MT Desktop (82540EM)
76 </para>
77 </listitem>
78
79 <listitem>
80 <para>
81 Intel PRO/1000 T Server (82543GC)
82 </para>
83 </listitem>
84
85 <listitem>
86 <para>
87 Intel PRO/1000 MT Server (82545EM)
88 </para>
89 </listitem>
90
91 <listitem>
92 <para>
93 Paravirtualized network adapter (virtio-net)
94 </para>
95 </listitem>
96
97 </itemizedlist>
98
99 <para>
100 The PCNet FAST III is the default because it is supported by
101 nearly all operating systems, as well as by the GNU GRUB boot
102 manager. As an exception, the Intel PRO/1000 family adapters are
103 chosen for some guest operating system types that no longer ship
104 with drivers for the PCNet card, such as Windows Vista.
105 </para>
106
107 <para>
108 The Intel PRO/1000 MT Desktop type works with Windows Vista and
109 later versions. The T Server variant of the Intel PRO/1000 card is
110 recognized by Windows XP guests without additional driver
111 installation. The MT Server variant facilitates OVF imports from
112 other platforms.
113 </para>
114
115 <para>
116 The Paravirtualized network adapter (virtio-net) is special. If
117 you select this adapter, then VirtualBox does
118 <emphasis>not</emphasis> virtualize common networking hardware
119 that is supported by common guest operating systems. Instead,
120 VirtualBox expects a special software interface for virtualized
121 environments to be provided by the guest, thus avoiding the
122 complexity of emulating networking hardware and improving network
123 performance. Starting with version 3.1, VirtualBox provides
124 support for the industry-standard <emphasis>virtio</emphasis>
125 networking drivers, which are part of the open source KVM project.
126 </para>
127
128 <para>
129 The virtio networking drivers are available for the following
130 guest operating systems:
131 </para>
132
133 <itemizedlist>
134
135 <listitem>
136 <para>
137 Linux kernels version 2.6.25 or later can be configured to
138 provide virtio support. Some distributions have also
139 back-ported virtio to older kernels.
140 </para>
141 </listitem>
142
143 <listitem>
144 <para>
145 For Windows 2000, XP, and Vista, virtio drivers can be
146 downloaded and installed from the KVM project web page:
147 </para>
148
149 <para>
150 <ulink
151 url="http://www.linux-kvm.org/page/WindowsGuestDrivers"/>.
152 </para>
153 </listitem>
154
155 </itemizedlist>
156
157 <para>
158 VirtualBox also has limited support for <emphasis>jumbo
159 frames</emphasis>. These are networking packets with more than
160 1500 bytes of data, provided that you use the Intel card
161 virtualization and bridged networking. Jumbo frames are not
162 supported with the AMD networking devices. In those cases, jumbo
163 packets will silently be dropped for both the transmit and the
164 receive direction. Guest operating systems trying to use this
165 feature will observe this as a packet loss, which may lead to
166 unexpected application behavior in the guest. This does not cause
167 problems with guest operating systems in their default
168 configuration, as jumbo frames need to be explicitly enabled.
169 </para>
170
171 </sect1>
172
173 <sect1 id="networkingmodes">
174
175 <title>Introduction to Networking Modes</title>
176
177 <para>
178 Each of the networking adapters can be separately configured to
179 operate in one of the following modes:
180 </para>
181
182 <itemizedlist>
183
184 <listitem>
185 <para>
186 <emphasis role="bold">Not attached.</emphasis> In this mode,
187 VirtualBox reports to the guest that a network card is
188 present, but that there is no connection. This is as if no
189 Ethernet cable was plugged into the card. Using this mode, it
190 is possible to "pull" the virtual Ethernet cable and disrupt
191 the connection, which can be useful to inform a guest
192 operating system that no network connection is available and
193 enforce a reconfiguration.
194 </para>
195 </listitem>
196
197 <listitem>
198 <para>
199 <emphasis role="bold">Network Address Translation
200 (NAT)</emphasis>. If all you want is to browse the Web,
201 download files, and view email inside the guest, then this
202 default mode should be sufficient for you, and you can skip
203 the rest of this section. Please note that there are certain
204 limitations when using Windows file sharing. See
205 <xref linkend="nat-limitations" />.
206 </para>
207 </listitem>
208
209 <listitem>
210 <para>
211 <emphasis role="bold">NAT Network.</emphasis> The NAT network
212 is a new NAT flavour introduced in VirtualBox 4.3. See
213 <xref linkend="network_nat_service"/>.
214 </para>
215 </listitem>
216
217 <listitem>
218 <para>
219 <emphasis role="bold">Bridged networking.</emphasis> This is
220 for more advanced networking needs, such as network
221 simulations and running servers in a guest. When enabled,
222 VirtualBox connects to one of your installed network cards and
223 exchanges network packets directly, circumventing your host
224 operating system's network stack.
225 </para>
226 </listitem>
227
228 <listitem>
229 <para>
230 <emphasis role="bold">Internal networking.</emphasis> This can
231 be used to create a different kind of software-based network
232 which is visible to selected virtual machines, but not to
233 applications running on the host or to the outside world.
234 </para>
235 </listitem>
236
237 <listitem>
238 <para>
239 <emphasis role="bold">Host-only networking.</emphasis> This
240 can be used to create a network containing the host and a set
241 of virtual machines, without the need for the host's physical
242 network interface. Instead, a virtual network interface,
243 similar to a loopback interface, is created on the host,
244 providing connectivity among virtual machines and the host.
245 </para>
246 </listitem>
247
248 <listitem>
249 <para>
250 <emphasis role="bold"> Generic networking.</emphasis> Rarely
251 used modes which share the same generic network interface, by
252 allowing the user to select a driver which can be included
253 with VirtualBox or be distributed in an extension pack.
254 </para>
255
256 <para>
257 The following sub-modes are available:
258 </para>
259
260 <itemizedlist>
261
262 <listitem>
263 <para>
264 <emphasis role="bold">UDP Tunnel:</emphasis> Used to
265 interconnect virtual machines running on different hosts
266 directly, easily, and transparently, over an existing
267 network infrastructure.
268 </para>
269 </listitem>
270
271 <listitem>
272 <para>
273 <emphasis role="bold">VDE (Virtual Distributed Ethernet)
274 networking:</emphasis> Used to connect to a Virtual
275 Distributed Ethernet switch on a Linux or a FreeBSD host.
276 At the moment this option requires compilation of
277 VirtualBox from sources, as the Oracle packages do not
278 include it.
279 </para>
280 </listitem>
281
282 </itemizedlist>
283 </listitem>
284
285 </itemizedlist>
286
287 <para>
288 <xref linkend="table-networking-modes"/> provides a quick overview
289 of the most important networking modes.
290 </para>
291
292 <table id="table-networking-modes">
293 <title>Overview of Networking Modes</title>
294 <tgroup cols="5">
295 <colspec align="left" />
296 <colspec align="center" />
297 <colspec align="center" />
298 <colspec align="center" />
299 <colspec align="center" />
300 <thead valign="middle">
301 <row>
302 <entry></entry>
303 <entry><emphasis role="bold">VM &harr; Host</emphasis></entry>
304 <entry><emphasis role="bold">VM1 &harr; VM2</emphasis></entry>
305 <entry><emphasis role="bold">VM &rarr; Internet</emphasis></entry>
306 <entry><emphasis role="bold">VM &larr; Internet</emphasis></entry>
307 </row>
308 </thead>
309 <tbody valign="middle">
310 <row>
311 <entry>Host-only</entry>
312 <entry><emphasis role="bold">+</emphasis></entry>
313 <entry align="center"><emphasis role="bold">+</emphasis></entry>
314 <entry>&ndash;</entry>
315 <entry>&ndash;</entry>
316 </row>
317 <row>
318 <entry>Internal</entry>
319 <entry>&ndash;</entry>
320 <entry><emphasis role="bold">+</emphasis></entry>
321 <entry>&ndash;</entry>
322 <entry>&ndash;</entry>
323 </row>
324 <row>
325 <entry>Bridged</entry>
326 <entry><emphasis role="bold">+</emphasis></entry>
327 <entry><emphasis role="bold">+</emphasis></entry>
328 <entry><emphasis role="bold">+</emphasis></entry>
329 <entry><emphasis role="bold">+</emphasis></entry>
330 </row>
331 <row>
332 <entry>NAT</entry>
333 <entry>&ndash;</entry>
334 <entry>&ndash;</entry>
335 <entry><emphasis role="bold">+</emphasis></entry>
336 <entry><link linkend="natforward">Port forwarding</link></entry>
337 </row>
338 <row>
339 <entry>NAT Network</entry>
340 <entry>&ndash;</entry>
341 <entry><emphasis role="bold">+</emphasis></entry>
342 <entry><emphasis role="bold">+</emphasis></entry>
343 <entry><link linkend="network_nat_service">Port forwarding</link></entry>
344 </row>
345 </tbody>
346 </tgroup>
347 </table>
348
349 <para>
350 The following sections describe the available network modes in
351 more detail.
352 </para>
353
354 </sect1>
355
356 <sect1 id="network_nat">
357
358 <title>Network Address Translation (NAT)</title>
359
360 <para>
361 Network Address Translation (NAT) is the simplest way of accessing
362 an external network from a virtual machine. Usually, it does not
363 require any configuration on the host network and guest system.
364 For this reason, it is the default networking mode in VirtualBox.
365 </para>
366
367 <para>
368 A virtual machine with NAT enabled acts much like a real computer
369 that connects to the Internet through a router. The router, in
370 this case, is the VirtualBox networking engine, which maps traffic
371 from and to the virtual machine transparently. In VirtualBox this
372 router is placed between each virtual machine and the host. This
373 separation maximizes security since by default virtual machines
374 cannot talk to each other.
375 </para>
376
377 <para>
378 The disadvantage of NAT mode is that, much like a private network
379 behind a router, the virtual machine is invisible and unreachable
380 from the outside internet. You cannot run a server this way unless
381 you set up port forwarding. See <xref linkend="natforward"/>.
382 </para>
383
384 <para>
385 The network frames sent out by the guest operating system are
386 received by VirtualBox's NAT engine, which extracts the TCP/IP
387 data and resends it using the host operating system. To an
388 application on the host, or to another computer on the same
389 network as the host, it looks like the data was sent by the
390 VirtualBox application on the host, using an IP address belonging
391 to the host. VirtualBox listens for replies to the packages sent,
392 and repacks and resends them to the guest machine on its private
393 network.
394 </para>
395
396 <para>
397 The virtual machine receives its network address and configuration
398 on the private network from a DHCP server integrated into
399 VirtualBox. The IP address thus assigned to the virtual machine is
400 usually on a completely different network than the host. As more
401 than one card of a virtual machine can be set up to use NAT, the
402 first card is connected to the private network 10.0.2.0, the
403 second card to the network 10.0.3.0 and so on. If you need to
404 change the guest-assigned IP range, see
405 <xref linkend="changenat" />.
406 </para>
407
408 <sect2 id="natforward">
409
410 <title>Configuring Port Forwarding with NAT</title>
411
412 <para>
413 As the virtual machine is connected to a private network
414 internal to VirtualBox and invisible to the host, network
415 services on the guest are not accessible to the host machine or
416 to other computers on the same network. However, like a physical
417 router, VirtualBox can make selected services available to the
418 world outside the guest through <emphasis>port
419 forwarding</emphasis>. This means that VirtualBox listens to
420 certain ports on the host and resends all packets which arrive
421 there to the guest, on the same or a different port.
422 </para>
423
424 <para>
425 To an application on the host or other physical (or virtual)
426 machines on the network, it looks as though the service being
427 proxied is actually running on the host. This also means that
428 you cannot run the same service on the same ports on the host.
429 However, you still gain the advantages of running the service in
430 a virtual machine. For example, services on the host machine or
431 on other virtual machines cannot be compromised or crashed by a
432 vulnerability or a bug in the service, and the service can run
433 in a different operating system than the host system.
434 </para>
435
436 <para>
437 To configure port forwarding you can use the graphical Port
438 Forwarding editor which can be found in the Network Settings
439 dialog for network adaptors configured to use NAT. Here, you can
440 map host ports to guest ports to allow network traffic to be
441 routed to a specific port in the guest.
442 </para>
443
444 <para>
445 Alternatively, the command line tool
446 <computeroutput>VBoxManage</computeroutput> can be used. See
447 <xref linkend="vboxmanage-modifyvm" />.
448 </para>
449
450 <para>
451 You will need to know which ports on the guest the service uses
452 and to decide which ports to use on the host. You may want to
453 use the same ports on the guest and on the host. You can use any
454 ports on the host which are not already in use by a service. For
455 example, to set up incoming NAT connections to an
456 <computeroutput>ssh</computeroutput> server in the guest, use
457 the following command:
458
459<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen>
460
461 With the above example, all TCP traffic arriving on port 2222 on
462 any host interface will be forwarded to port 22 in the guest.
463 The protocol name <computeroutput>tcp</computeroutput> is a
464 mandatory attribute defining which protocol should be used for
465 forwarding, <computeroutput>udp</computeroutput> could also be
466 used. The name <computeroutput>guestssh</computeroutput> is
467 purely descriptive and will be auto-generated if omitted. The
468 number after <computeroutput>--natpf</computeroutput> denotes
469 the network card, as with other VBoxManage command.
470 </para>
471
472 <para>
473 To remove this forwarding rule, use the following command:
474
475<screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen>
476 </para>
477
478 <para>
479 If for some reason the guest uses a static assigned IP address
480 not leased from the built-in DHCP server, it is required to
481 specify the guest IP when registering the forwarding rule:
482
483<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen>
484
485 This example is identical to the previous one, except that the
486 NAT engine is being told that the guest can be found at the
487 10.0.2.19 address.
488 </para>
489
490 <para>
491 To forward <emphasis>all</emphasis> incoming traffic from a
492 specific host interface to the guest, specify the IP of that
493 host interface like this:
494
495<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen>
496
497 This forwards all TCP traffic arriving on the localhost
498 interface (127.0.0.1) via port 2222 to port 22 in the guest.
499 </para>
500
501 <para>
502 It is possible to configure incoming NAT connections while the
503 VM is running, see <xref linkend="vboxmanage-controlvm"/>.
504 </para>
505
506 </sect2>
507
508 <sect2 id="nat-tftp">
509
510 <title>PXE Booting with NAT</title>
511
512 <para>
513 PXE booting is now supported in NAT mode. The NAT DHCP server
514 provides a boot file name of the form
515 <computeroutput>vmname.pxe</computeroutput> if the directory
516 <computeroutput>TFTP</computeroutput> exists in the directory
517 where the user's <computeroutput>VirtualBox.xml</computeroutput>
518 file is kept. It is the responsibility of the user to provide
519 <computeroutput>vmname.pxe</computeroutput>.
520 </para>
521
522 </sect2>
523
524 <sect2 id="nat-limitations">
525
526 <title>NAT Limitations</title>
527
528 <para>
529 There are some limitations of NAT mode which users should be
530 aware of, as follows:
531 </para>
532
533 <itemizedlist>
534
535 <listitem>
536 <para>
537 <emphasis role="bold">ICMP protocol limitations.</emphasis>
538 Some frequently used network debugging tools, such as
539 <computeroutput>ping</computeroutput> or tracerouting, rely
540 on the ICMP protocol for sending and receiving messages.
541 While ICMP support has been improved with VirtualBox 2.1,
542 meaning <computeroutput>ping</computeroutput> should now
543 work, some other tools may not work reliably.
544 </para>
545 </listitem>
546
547 <listitem>
548 <para>
549 <emphasis role="bold">Receiving of UDP
550 broadcasts.</emphasis> The guest does not reliably receive
551 UDP broadcasts. In order to save resources, it only listens
552 for a certain amount of time after the guest has sent UDP
553 data on a particular port. As a consequence, NetBios name
554 resolution based on broadcasts does not always work, but
555 WINS always works. As a workaround, you can use the numeric
556 IP of the desired server in the
557 <computeroutput>\\server\share</computeroutput> notation.
558 </para>
559 </listitem>
560
561 <listitem>
562 <para>
563 <emphasis role="bold">Some protocols are not
564 supported.</emphasis> Protocols other than TCP and UDP are
565 not supported. GRE is not supported. This means some VPN
566 products, such as PPTP from Microsoft, cannot be used. There
567 are other VPN products which use only TCP and UDP.
568 </para>
569 </listitem>
570
571 <listitem>
572 <para>
573 <emphasis role="bold">Forwarding host ports below
574 1024.</emphasis> On Unix-based hosts, such as Linux,
575 Solaris, and Mac OS X, it is not possible to bind to ports
576 below 1024 from applications that are not run by
577 <computeroutput>root</computeroutput>. As a result, if you
578 try to configure such a port forwarding, the VM will refuse
579 to start.
580 </para>
581 </listitem>
582
583 </itemizedlist>
584
585 <para>
586 These limitations normally do not affect standard network use.
587 But the presence of NAT has also subtle effects that may
588 interfere with protocols that are normally working. One example
589 is NFS, where the server is often configured to refuse
590 connections from non-privileged ports, which are those ports not
591 below 1024.
592 </para>
593
594 </sect2>
595
596 </sect1>
597
598 <sect1 id="network_nat_service">
599
600 <title>Network Address Translation Service</title>
601
602 <para>
603 The Network Address Translation (NAT) service works in a similar
604 way to a home router, grouping the systems using it into a network
605 and preventing systems outside of this network from directly
606 accessing systems inside it, but letting systems inside
607 communicate with each other and with systems outside using TCP and
608 UDP over IPv4 and IPv6.
609 </para>
610
611 <para>
612 A NAT service is attached to an internal network. Virtual machines
613 which are to make use of it should be attached to that internal
614 network. The name of internal network is chosen when the NAT
615 service is created and the internal network will be created if it
616 does not already exist. An example command to create a NAT network
617 is:
618 </para>
619
620 <para>
621<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable</screen>
622 </para>
623
624 <para>
625 Here, natnet1 is the name of the internal network to be used and
626 192.168.15.0/24 is the network address and mask of the NAT service
627 interface. By default in this static configuration the gateway
628 will be assigned the address 192.168.15.1, the address following
629 the interface address, though this is subject to change. To attach
630 a DHCP server to the internal network, we modify the example as
631 follows:
632 </para>
633
634 <para>
635<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on</screen>
636 </para>
637
638 <para>
639 To add a DHCP server to an existing network:
640 </para>
641
642 <para>
643<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp on</screen>
644 </para>
645
646 <para>
647 To disable the DHCP server:
648 </para>
649
650 <para>
651<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp off</screen>
652 </para>
653
654 <para>
655 A DHCP server provides a list of registered nameservers, but does
656 not map servers from the 127/8 network.
657 </para>
658
659 <para>
660 To start the NAT service, use the following command:
661 </para>
662
663 <para>
664<screen>VBoxManage natnetwork start --netname natnet1</screen>
665 </para>
666
667 <para>
668 If the network has a DHCP server attached then it will start
669 together with the NAT network service.
670 </para>
671
672 <para>
673 To stops the NAT network service, together with any DHCP server:
674 </para>
675
676 <para>
677<screen>VBoxManage natnetwork stop --netname natnet1</screen>
678 </para>
679
680 <para>
681 To delete the NAT network service:
682 </para>
683
684 <para>
685<screen>VBoxManage natnetwork remove --netname natnet1</screen>
686 </para>
687
688 <para>
689 This command does not remove the DHCP server if one is enabled on
690 the internal network.
691 </para>
692
693 <para>
694 Port-forwarding is supported, using the
695 <computeroutput>--port-forward-4</computeroutput> switch for IPv4
696 and <computeroutput>--port-forward-6</computeroutput> for IPv6.
697 For example:
698 </para>
699
700 <para>
701<screen>VBoxManage natnetwork modify \
702 --netname natnet1 --port-forward-4 "ssh:tcp:[]:1022:[192.168.15.5]:22"</screen>
703 </para>
704
705 <para>
706 This adds a port-forwarding rule from the host's TCP 1022 port to
707 the port 22 on the guest with IP address 192.168.15.5. Host port,
708 guest port and guest IP are mandatory. To delete the rule, use:
709 </para>
710
711 <para>
712<screen>VBoxManage natnetwork modify --netname natnet1 --port-forward-4 delete ssh</screen>
713 </para>
714
715 <para>
716 It is possible to bind a NAT service to specified interface. For
717 example:
718 </para>
719
720<screen>VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185</screen>
721
722 <para>
723 To see the list of registered NAT networks, use:
724 </para>
725
726 <para>
727<screen>VBoxManage list natnetworks</screen>
728 </para>
729
730 </sect1>
731
732 <sect1 id="network_bridged">
733
734 <title>Bridged Networking</title>
735
736 <para>
737 With bridged networking, VirtualBox uses a device driver on your
738 <emphasis>host</emphasis> system that filters data from your
739 physical network adapter. This driver is therefore called a
740 <emphasis>net filter</emphasis> driver. This allows VirtualBox to
741 intercept data from the physical network and inject data into it,
742 effectively creating a new network interface in software. When a
743 guest is using such a new software interface, it looks to the host
744 system as though the guest were physically connected to the
745 interface using a network cable. The host can send data to the
746 guest through that interface and receive data from it. This means
747 that you can set up routing or bridging between the guest and the
748 rest of your network.
749 </para>
750
751 <para>
752 For this to work, VirtualBox needs a device driver on your host
753 system. The way bridged networking works has been completely
754 rewritten with VirtualBox 2.0 and 2.1, depending on the host
755 operating system. From the user perspective, the main difference
756 is that complex configuration is no longer necessary on any of the
757 supported host operating systems.
758
759 <footnote>
760
761 <para>
762 For Mac OS X and Solaris hosts, net filter drivers were
763 already added in VirtualBox 2.0, as initial support for Host
764 Interface Networking on these platforms. With VirtualBox 2.1,
765 net filter drivers were also added for the Windows and Linux
766 hosts, replacing the mechanisms previously present in
767 VirtualBox for those platforms; especially on Linux, the
768 earlier method required creating TAP interfaces and bridges,
769 which was complex and varied from one distribution to the
770 next. None of this is necessary anymore. Bridged network was
771 formerly called Host Interface Networking and has been renamed
772 with version 2.2 without any change in functionality.
773 </para>
774
775 </footnote>
776 </para>
777
778 <note>
779 <para>
780 Even though TAP is no longer necessary on Linux with bridged
781 networking, you <emphasis>can</emphasis> still use TAP
782 interfaces for certain advanced setups, since you can connect a
783 VM to any host interface.
784 </para>
785 </note>
786
787 <para>
788 To enable bridged networking, open the Settings dialog of a
789 virtual machine, go to the Network page and select
790 <emphasis role="bold">Bridged Network</emphasis> in the drop-down
791 list for the Attached To field. Select a host interface from the
792 list at the bottom of the page, which contains the physical
793 network interfaces of your systems. On a typical MacBook, for
794 example, this will allow you to select between en1: AirPort, which
795 is the wireless interface, and en0: Ethernet, which represents the
796 interface with a network cable.
797 </para>
798
799 <note>
800 <para>
801 Bridging to a wireless interface is done differently from
802 bridging to a wired interface, because most wireless adapters do
803 not support promiscuous mode. All traffic has to use the MAC
804 address of the host's wireless adapter, and therefore VirtualBox
805 needs to replace the source MAC address in the Ethernet header
806 of an outgoing packet to make sure the reply will be sent to the
807 host interface. When VirtualBox sees an incoming packet with a
808 destination IP address that belongs to one of the virtual
809 machine adapters it replaces the destination MAC address in the
810 Ethernet header with the VM adapter's MAC address and passes it
811 on. VirtualBox examines ARP and DHCP packets in order to learn
812 the IP addresses of virtual machines.
813 </para>
814 </note>
815
816 <para>
817 Depending on your host operating system, the following limitations
818 apply:
819 </para>
820
821 <itemizedlist>
822
823 <listitem>
824 <para>
825 <emphasis role="bold">Mac OS X hosts.</emphasis> Functionality
826 is limited when using AirPort, the Mac's wireless networking
827 system, for bridged networking. Currently, VirtualBox supports
828 only IPv4 and IPv6 over AirPort. For other protocols, such as
829 IPX, you must choose a wired interface.
830 </para>
831 </listitem>
832
833 <listitem>
834 <para>
835 <emphasis role="bold">Linux hosts.</emphasis> Functionality is
836 limited when using wireless interfaces for bridged networking.
837 Currently, VirtualBox supports only IPv4 and IPv6 over
838 wireless. For other protocols, such as IPX, you must choose a
839 wired interface.
840 </para>
841
842 <para>
843 Also, setting the MTU to less than 1500 bytes on wired
844 interfaces provided by the sky2 driver on the Marvell Yukon II
845 EC Ultra Ethernet NIC is known to cause packet losses under
846 certain conditions.
847 </para>
848
849 <para>
850 Some adapters strip VLAN tags in hardware. This does not allow
851 to use VLAN trunking between VM and the external network with
852 pre-2.6.27 Linux kernels nor with host operating systems other
853 than Linux.
854 </para>
855 </listitem>
856
857 <listitem>
858 <para>
859 <emphasis role="bold">Solaris hosts.</emphasis> There is no
860 support for using wireless interfaces. Filtering guest traffic
861 using IPFilter is also not completely supported due to
862 technical restrictions of the Solaris networking subsystem.
863 These issues would be addressed in a future release of Solaris
864 11.
865 </para>
866
867 <para>
868 Starting with VirtualBox 4.1, on Solaris 11 hosts build 159
869 and above, it is possible to use Solaris Crossbow Virtual
870 Network Interfaces (VNICs) directly with VirtualBox without
871 any additional configuration other than each VNIC must be
872 exclusive for every guest network interface.
873 </para>
874
875 <para>
876 Starting with VirtualBox 2.0.4 and up to VirtualBox 4.0, VNICs
877 can be used, but with the following caveats:
878 </para>
879
880 <itemizedlist>
881
882 <listitem>
883 <para>
884 A VNIC cannot be shared between multiple guest network
885 interfaces. For example, each guest network interface must
886 have its own, exclusive VNIC.
887 </para>
888 </listitem>
889
890 <listitem>
891 <para>
892 The VNIC and the guest network interface that uses the
893 VNIC must be assigned identical MAC addresses.
894 </para>
895 </listitem>
896
897 </itemizedlist>
898
899 <para>
900 When using VLAN interfaces with VirtualBox, they must be named
901 according to the PPA-hack naming scheme, such as e1000g513001.
902 Otherwise, the guest may receive packets in an unexpected
903 format.
904 </para>
905 </listitem>
906
907 </itemizedlist>
908
909 </sect1>
910
911 <sect1 id="network_internal">
912
913 <title>Internal Networking</title>
914
915 <para>
916 Internal Networking is similar to bridged networking in that the
917 VM can directly communicate with the outside world. However, the
918 outside world is limited to other VMs on the same host which
919 connect to the same internal network.
920 </para>
921
922 <para>
923 Even though technically, everything that can be done using
924 internal networking can also be done using bridged networking,
925 there are security advantages with internal networking. In bridged
926 networking mode, all traffic goes through a physical interface of
927 the host system. It is therefore possible to attach a packet
928 sniffer such as Wireshark to the host interface and log all
929 traffic that goes over it. If, for any reason, you prefer two or
930 more VMs on the same machine to communicate privately, hiding
931 their data from both the host system and the user, bridged
932 networking therefore is not an option.
933 </para>
934
935 <para>
936 Internal networks are created automatically as needed. There is no
937 central configuration. Every internal network is identified simply
938 by its name. Once there is more than one active virtual network
939 card with the same internal network ID, the VirtualBox support
940 driver will automatically <emphasis>wire</emphasis> the cards and
941 act as a network switch. The VirtualBox support driver implements
942 a complete Ethernet switch and supports both broadcast/multicast
943 frames and promiscuous mode.
944 </para>
945
946 <para>
947 In order to attach a VM's network card to an internal network, set
948 its networking mode to Internal Networking. There are two ways to
949 accomplish this:
950 </para>
951
952 <itemizedlist>
953
954 <listitem>
955 <para>
956 Use the VM's Settings dialog in the VirtualBox graphical user
957 interface. In the Networking category of the settings dialog,
958 select <emphasis role="bold">Internal Networking</emphasis>
959 from the drop-down list of networking modes. Select the name
960 of an existing internal network from the drop-down list below,
961 or enter a new name into the entry field.
962 </para>
963 </listitem>
964
965 <listitem>
966 <para>
967 Use the command line, for example:
968 </para>
969
970<screen>VBoxManage modifyvm "VM name" --nic&lt;x&gt; intnet</screen>
971
972 <para>
973 Optionally, you can specify a network name with the command:
974 </para>
975
976<screen>VBoxManage modifyvm "VM name" --intnet&lt;x&gt; "network name"</screen>
977
978 <para>
979 If you do not specify a network name, the network card will be
980 attached to the network
981 <computeroutput>intnet</computeroutput> by default.
982 </para>
983 </listitem>
984
985 </itemizedlist>
986
987 <para>
988 Unless you configure the virtual network cards in the guest
989 operating systems that are participating in the internal network
990 to use static IP addresses, you may want to use the DHCP server
991 that is built into VirtualBox to manage IP addresses for the
992 internal network. See <xref linkend="vboxmanage-dhcpserver" />.
993 </para>
994
995 <para>
996 As a security measure, by default, the Linux implementation of
997 internal networking only allows VMs running under the same user ID
998 to establish an internal network. However, it is possible to
999 create a shared internal networking interface, accessible by users
1000 with different user IDs.
1001 </para>
1002
1003 </sect1>
1004
1005 <sect1 id="network_hostonly">
1006
1007 <title>Host-Only Networking</title>
1008
1009 <para>
1010 Host-only networking is another networking mode that was added
1011 with version 2.2 of VirtualBox. It can be thought of as a hybrid
1012 between the bridged and internal networking modes. As with bridged
1013 networking, the virtual machines can talk to each other and the
1014 host as if they were connected through a physical Ethernet switch.
1015 As with internal networking, a physical networking interface need
1016 not be present, and the virtual machines cannot talk to the world
1017 outside the host since they are not connected to a physical
1018 networking interface.
1019 </para>
1020
1021 <para>
1022 When host-only networking is used, VirtualBox creates a new
1023 software interface on the host which then appears next to your
1024 existing network interfaces. In other words, whereas with bridged
1025 networking an existing physical interface is used to attach
1026 virtual machines to, with host-only networking a new
1027 <emphasis>loopback</emphasis> interface is created on the host.
1028 And whereas with internal networking, the traffic between the
1029 virtual machines cannot be seen, the traffic on the loopback
1030 interface on the host can be intercepted.
1031 </para>
1032
1033 <para>
1034 Host-only networking is particularly useful for preconfigured
1035 virtual appliances, where multiple virtual machines are shipped
1036 together and designed to cooperate. For example, one virtual
1037 machine may contain a web server and a second one a database, and
1038 since they are intended to talk to each other, the appliance can
1039 instruct VirtualBox to set up a host-only network for the two. A
1040 second, bridged, network would then connect the web server to the
1041 outside world to serve data to, but the outside world cannot
1042 connect to the database.
1043 </para>
1044
1045 <para>
1046 To change a virtual machine's virtual network interface to Host
1047 Only mode, do either of the following:
1048 </para>
1049
1050 <itemizedlist>
1051
1052 <listitem>
1053 <para>
1054 Go to the Network page in the virtual machine's Settings
1055 dialog and select <emphasis role="bold">Host-Only
1056 Networking</emphasis>.
1057 </para>
1058 </listitem>
1059
1060 <listitem>
1061 <para>
1062 On the command line, type <computeroutput>VBoxManage modifyvm
1063 "VM name" --nic&lt;x&gt; hostonly</computeroutput>. See
1064 <xref
1065 linkend="vboxmanage-modifyvm" />.
1066 </para>
1067 </listitem>
1068
1069 </itemizedlist>
1070
1071 <para>
1072 Before you can attach a VM to a host-only network you have to
1073 create at least one host-only interface. You can use the GUI for
1074 this. Choose <emphasis role="bold">File</emphasis>,
1075 <emphasis role="bold">Preferences</emphasis>,
1076 <emphasis role="bold">Network</emphasis>,
1077 <emphasis role="bold">Host-Only Network</emphasis>,
1078 <emphasis role="bold">(+)Add Host-Only Network</emphasis>.
1079 </para>
1080
1081 <para>
1082 Alternatively, you can use the command line:
1083 </para>
1084
1085<screen>VBoxManage hostonlyif create</screen>
1086
1087 <para>
1088 See <xref linkend="vboxmanage-hostonlyif" />.
1089 </para>
1090
1091 <para>
1092 For host-only networking, as with internal networking, you may
1093 find the DHCP server useful that is built into VirtualBox. This
1094 can be enabled to then manage the IP addresses in the host-only
1095 network since otherwise you would need to configure all IP
1096 addresses statically.
1097 </para>
1098
1099 <itemizedlist>
1100
1101 <listitem>
1102 <para>
1103 In the VirtualBox graphical user interface, you can configure
1104 all these items in the global settings by choosing
1105 <emphasis role="bold">File</emphasis>,
1106 <emphasis role="bold">Preferences</emphasis>,
1107 <emphasis role="bold">Network</emphasis>. This lists all
1108 host-only networks which are presently in use. Click on the
1109 network name and then on
1110 <emphasis role="bold">Edit</emphasis>. You can then modify the
1111 adapter and DHCP settings.
1112 </para>
1113 </listitem>
1114
1115 <listitem>
1116 <para>
1117 Alternatively, you can use <computeroutput>VBoxManage
1118 dhcpserver</computeroutput> on the command line. See
1119 <xref
1120 linkend="vboxmanage-dhcpserver" />.
1121 </para>
1122 </listitem>
1123
1124 </itemizedlist>
1125
1126 <note>
1127 <para>
1128 On Linux and Mac OS X hosts the number of host-only interfaces
1129 is limited to 128. There is no such limit for Solaris and
1130 Windows hosts.
1131 </para>
1132 </note>
1133
1134 </sect1>
1135
1136 <sect1 id="network_udp_tunnel">
1137
1138 <title>UDP Tunnel Networking</title>
1139
1140 <para>
1141 This networking mode allows you to interconnect virtual machines
1142 running on different hosts.
1143 </para>
1144
1145 <para>
1146 Technically this is done by encapsulating Ethernet frames sent or
1147 received by the guest network card into UDP/IP datagrams, and
1148 sending them over any network available to the host.
1149 </para>
1150
1151 <para>
1152 UDP Tunnel mode has the following parameters:
1153 </para>
1154
1155 <itemizedlist>
1156
1157 <listitem>
1158 <para>
1159 <emphasis role="bold">Source UDP port:</emphasis> The port on
1160 which the host listens. Datagrams arriving on this port from
1161 any source address will be forwarded to the receiving part of
1162 the guest network card.
1163 </para>
1164 </listitem>
1165
1166 <listitem>
1167 <para>
1168 <emphasis role="bold">Destination address:</emphasis> IP
1169 address of the target host of the transmitted data.
1170 </para>
1171 </listitem>
1172
1173 <listitem>
1174 <para>
1175 <emphasis role="bold">Destination UDP port:</emphasis> Port
1176 number to which the transmitted data is sent.
1177 </para>
1178 </listitem>
1179
1180 </itemizedlist>
1181
1182 <para>
1183 When interconnecting two virtual machines on two different hosts,
1184 their IP addresses must be swapped. On a single host, source and
1185 destination UDP ports must be swapped.
1186 </para>
1187
1188 <para>
1189 In the following example, host 1 uses the IP address 10.0.0.1 and
1190 host 2 uses IP address 10.0.0.2. To configure using the
1191 command-line:
1192 </para>
1193
1194<screen> VBoxManage modifyvm "VM 01 on host 1" --nic&lt;x&gt; generic
1195 VBoxManage modifyvm "VM 01 on host 1" --nicgenericdrv&lt;x&gt; UDPTunnel
1196 VBoxManage modifyvm "VM 01 on host 1" --nicproperty&lt;x&gt; dest=10.0.0.2
1197 VBoxManage modifyvm "VM 01 on host 1" --nicproperty&lt;x&gt; sport=10001
1198 VBoxManage modifyvm "VM 01 on host 1" --nicproperty&lt;x&gt; dport=10002</screen>
1199
1200<screen> VBoxManage modifyvm "VM 02 on host 2" --nic&lt;y&gt; generic
1201 VBoxManage modifyvm "VM 02 on host 2" --nicgenericdrv&lt;y&gt; UDPTunnel
1202 VBoxManage modifyvm "VM 02 on host 2" --nicproperty&lt;y&gt; dest=10.0.0.1
1203 VBoxManage modifyvm "VM 02 on host 2" --nicproperty&lt;y&gt; sport=10002
1204 VBoxManage modifyvm "VM 02 on host 2" --nicproperty&lt;y&gt; dport=10001</screen>
1205
1206 <para>
1207 Of course, you can always interconnect two virtual machines on the
1208 same host, by setting the destination address parameter to
1209 127.0.0.1 on both. It will act similarly to an internal network in
1210 this case. However, the host can see the network traffic which it
1211 could not in the normal internal network case.
1212 </para>
1213
1214 <note>
1215 <para>
1216 On Unix-based hosts, such as Linux, Solaris, and Mac OS X, it is
1217 not possible to bind to ports below 1024 from applications that
1218 are not run by <computeroutput>root</computeroutput>. As a
1219 result, if you try to configure such a source UDP port, the VM
1220 will refuse to start.
1221 </para>
1222 </note>
1223
1224 </sect1>
1225
1226 <sect1 id="network_vde">
1227
1228 <title>VDE Networking</title>
1229
1230 <para>
1231 Virtual Distributed Ethernet (VDE)
1232
1233 <footnote>
1234
1235 <para>
1236 VDE is a project developed by Renzo Davoli, Associate
1237 Professor at the University of Bologna, Italy.
1238 </para>
1239
1240 </footnote>
1241
1242 is a flexible, virtual network infrastructure system, spanning
1243 across multiple hosts in a secure way. It allows for L2/L3
1244 switching, including spanning-tree protocol, VLANs, and WAN
1245 emulation. It is an optional part of VirtualBox which is only
1246 included in the source code.
1247 </para>
1248
1249 <para>
1250 The basic building blocks of the infrastructure are VDE switches,
1251 VDE plugs and VDE wires which inter-connect the switches.
1252 </para>
1253
1254 <para>
1255 The VirtualBox VDE driver has a single parameter: VDE network.
1256 This is the name of the VDE network switch socket to which the VM
1257 will be connected.
1258 </para>
1259
1260 <para>
1261 The following basic example shows how to connect a virtual machine
1262 to a VDE switch.
1263 </para>
1264
1265 <orderedlist>
1266
1267 <listitem>
1268 <para>
1269 Create a VDE switch:
1270 </para>
1271
1272<screen>vde_switch -s /tmp/switch1</screen>
1273 </listitem>
1274
1275 <listitem>
1276 <para>
1277 Configure VMs using the command-line:
1278 </para>
1279
1280<screen>VBoxManage modifyvm "VM name" --nic&lt;x&gt; generic</screen>
1281
1282<screen>VBoxManage modifyvm "VM name" --nicgenericdrv&lt;x&gt; VDE</screen>
1283
1284 <para>
1285 To connect to an automatically allocated switch port:
1286 </para>
1287
1288<screen>VBoxManage modifyvm "VM name" --nicproperty&lt;x&gt; network=/tmp/switch1</screen>
1289
1290 <para>
1291 To connect to a specific switch port
1292 <replaceable>n</replaceable>:
1293 </para>
1294
1295<screen>VBoxManage modifyvm "VM name" --nicproperty&lt;x&gt; network=/tmp/switch1[&lt;n&gt;]</screen>
1296
1297 <para>
1298 This command can be useful for VLANs.
1299 </para>
1300 </listitem>
1301
1302 <listitem>
1303 <para>
1304 (Optional) Map between a VDE switch port and a VLAN.
1305 </para>
1306
1307 <para>
1308 Using the switch command line:
1309 </para>
1310
1311<screen>vde$ vlan/create &lt;VLAN&gt;</screen>
1312
1313<screen>vde$ port/setvlan &lt;port&gt; &lt;VLAN&gt;</screen>
1314 </listitem>
1315
1316 </orderedlist>
1317
1318 <para>
1319 VDE is available on Linux and FreeBSD hosts only. It is only
1320 available if the VDE software and the VDE plugin library from the
1321 VirtualSquare project are installed on the host system
1322
1323 <footnote>
1324
1325 <para>
1326 For Linux hosts, the shared library libvdeplug.so must be
1327 available in the search path for shared libraries
1328 </para>
1329
1330 </footnote>
1331
1332 . For more information on setting up VDE networks, please see the
1333 documentation accompanying the software.
1334
1335 <footnote>
1336
1337 <para>
1338 <ulink
1339 url="http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking">http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking</ulink>.
1340 </para>
1341
1342 </footnote>
1343 </para>
1344
1345 </sect1>
1346
1347 <sect1 id="network_bandwidth_limit">
1348
1349 <title>Limiting Bandwidth for Network I/O</title>
1350
1351 <para>
1352 Starting with version 4.2, VirtualBox allows for limiting the
1353 maximum bandwidth used for network transmission. Several network
1354 adapters of one VM may share limits through bandwidth groups. It
1355 is possible to have more than one such limit.
1356 </para>
1357
1358 <note>
1359 <para>
1360 VirtualBox shapes VM traffic only in the transmit direction,
1361 delaying the packets being sent by virtual machines. It does not
1362 limit the traffic being received by virtual machines.
1363 </para>
1364 </note>
1365
1366 <para>
1367 Limits are configured through
1368 <computeroutput>VBoxManage</computeroutput>. The example below
1369 creates a bandwidth group named Limit, sets the limit to 20 Mbps
1370 and assigns the group to the first and second adapters of the VM:
1371
1372<screen>VBoxManage bandwidthctl "VM name" add Limit --type network --limit 20m
1373VBoxManage modifyvm "VM name" --nicbandwidthgroup1 Limit
1374VBoxManage modifyvm "VM name" --nicbandwidthgroup2 Limit</screen>
1375 </para>
1376
1377 <para>
1378 All adapters in a group share the bandwidth limit, meaning that in
1379 the example above the bandwidth of both adapters combined can
1380 never exceed 20 Mbps. However, if one adapter does not require
1381 bandwidth the other can use the remaining bandwidth of its group.
1382 </para>
1383
1384 <para>
1385 The limits for each group can be changed while the VM is running,
1386 with changes being picked up immediately. The example below
1387 changes the limit for the group created in the example above to
1388 100 Kbps:
1389
1390<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 100k</screen>
1391 </para>
1392
1393 <para>
1394 To completely disable shaping for the first adapter of VM use the
1395 following command:
1396
1397<screen>VBoxManage modifyvm "VM name" --nicbandwidthgroup1 none</screen>
1398 </para>
1399
1400 <para>
1401 It is also possible to disable shaping for all adapters assigned
1402 to a bandwidth group while VM is running, by specifying the zero
1403 limit for the group. For example, for the bandwidth group named
1404 Limit use:
1405
1406<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 0</screen>
1407 </para>
1408
1409 </sect1>
1410
1411 <sect1 id="network_performance">
1412
1413 <title>Improving Network Performance</title>
1414
1415 <para>
1416 VirtualBox provides a variety of virtual network adapters that can
1417 be attached to the host's network in a number of ways. Depending
1418 on which types of adapters and attachments are used the network
1419 performance will be different. Performance-wise the virtio network
1420 adapter is preferable over Intel PRO/1000 emulated adapters, which
1421 are preferred over the PCNet family of adapters. Both virtio and
1422 Intel PRO/1000 adapters enjoy the benefit of segmentation and
1423 checksum offloading. Segmentation offloading is essential for high
1424 performance as it allows for less context switches, dramatically
1425 increasing the sizes of packets that cross the VM/host boundary.
1426 </para>
1427
1428 <note>
1429 <para>
1430 Neither virtio nor Intel PRO/1000 drivers for Windows XP support
1431 segmentation offloading. Therefore Windows XP guests never reach
1432 the same transmission rates as other guest types. Refer to MS
1433 Knowledge base article 842264 for additional information.
1434 </para>
1435 </note>
1436
1437 <para>
1438 Three attachment types: Internal, Bridged, and Host-Only, have
1439 nearly identical performance. The Internal type is a little bit
1440 faster and uses less CPU cycles as the packets never reach the
1441 host's network stack. The NAT attachment type is the slowest and
1442 most secure of all attachment types, as it provides network
1443 address translation. The generic driver attachment is special and
1444 cannot be considered as an alternative to other attachment types.
1445 </para>
1446
1447 <para>
1448 The number of CPUs assigned to VM does not improve network
1449 performance and in some cases may hurt it due to increased
1450 concurrency in the guest.
1451 </para>
1452
1453 <para>
1454 Here is a short summary of things to check in order to improve
1455 network performance:
1456 </para>
1457
1458 <orderedlist>
1459
1460 <listitem>
1461 <para>
1462 Whenever possible use the virtio network adapter. Otherwise,
1463 use one of the Intel PRO/1000 adapters.
1464 </para>
1465 </listitem>
1466
1467 <listitem>
1468 <para>
1469 Use a Bridged attachment instead of NAT.
1470 </para>
1471 </listitem>
1472
1473 <listitem>
1474 <para>
1475 Make sure segmentation offloading is enabled in the guest OS.
1476 Usually it will be enabled by default. You can check and
1477 modify offloading settings using the
1478 <computeroutput>ethtool</computeroutput> command on Linux
1479 guests.
1480 </para>
1481 </listitem>
1482
1483 <listitem>
1484 <para>
1485 Perform a full, detailed analysis of network traffic on the
1486 VM's network adaptor using a third party tool such as
1487 Wireshark. To do this, a promiscuous mode policy needs to be
1488 used on the VM's network adaptor. Use of this mode is only
1489 possible on the following network types: NAT Network, Bridged
1490 Adapter, Internal Network, and Host-Only Adapter.
1491 </para>
1492
1493 <para>
1494 To setup a promiscuous mode policy, either select from the
1495 drop down list located in the Network Settings dialog for the
1496 network adaptor or use the command line tool
1497 <computeroutput>VBoxManage</computeroutput>. See
1498 <xref linkend="vboxmanage-modifyvm" />.
1499 </para>
1500
1501 <para>
1502 Promiscuous mode policies are as follows:
1503 </para>
1504
1505 <itemizedlist>
1506
1507 <listitem>
1508 <para>
1509 <computeroutput>deny</computeroutput>, which hides any
1510 traffic not intended for the VM's network adaptor. This is
1511 the default setting.
1512 </para>
1513 </listitem>
1514
1515 <listitem>
1516 <para>
1517 <computeroutput>allow-vms</computeroutput>, which hides
1518 all host traffic from the VM's network adaptor, but allows
1519 it to see traffic from and to other VMs.
1520 </para>
1521 </listitem>
1522
1523 <listitem>
1524 <para>
1525 <computeroutput>allow-all</computeroutput>, which removes
1526 all restrictions. The VM's network adaptor sees all
1527 traffic.
1528 </para>
1529 </listitem>
1530
1531 </itemizedlist>
1532 </listitem>
1533
1534 </orderedlist>
1535
1536 </sect1>
1537
1538</chapter>
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette