VirtualBox

source: vbox/trunk/doc/manual/en_US/user_Networking.xml@ 83189

Last change on this file since 83189 was 82350, checked in by vboxsync, 5 years ago

manual: integrate 6.1 drop #10 with minimal manual adjustments (frontmatter for preface and eliminated trailing whitespace)

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 53.4 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
4<!ENTITY % all.entities SYSTEM "all-entities.ent">
5%all.entities;
6]>
7<chapter id="networkingdetails">
8
9 <title>Virtual Networking</title>
10
11 <para>
12 As mentioned in <xref linkend="settings-network" />, &product-name;
13 provides up to eight virtual PCI Ethernet cards for each virtual
14 machine. For each such card, you can individually select the
15 following:
16 </para>
17
18 <itemizedlist>
19
20 <listitem>
21 <para>
22 The hardware that will be virtualized.
23 </para>
24 </listitem>
25
26 <listitem>
27 <para>
28 The virtualization mode that the virtual card operates in, with
29 respect to your physical networking hardware on the host.
30 </para>
31 </listitem>
32
33 </itemizedlist>
34
35 <para>
36 Four of the network cards can be configured in the
37 <emphasis role="bold">Network</emphasis> section of the
38 <emphasis role="bold">Settings</emphasis> dialog in the graphical
39 user interface of &product-name;. You can configure all eight
40 network cards on the command line using <command>VBoxManage
41 modifyvm</command>. See <xref linkend="vboxmanage-modifyvm" />.
42 </para>
43
44 <para>
45 This chapter explains the various networking settings in more
46 detail.
47 </para>
48
49 <sect1 id="nichardware">
50
51 <title>Virtual Networking Hardware</title>
52
53 <para>
54 For each card, you can individually select what kind of
55 <emphasis>hardware</emphasis> will be presented to the virtual
56 machine. &product-name; can virtualize the following types of
57 networking hardware:
58 </para>
59
60 <itemizedlist>
61
62 <listitem>
63 <para>
64 AMD PCNet PCI II (Am79C970A)
65 </para>
66 </listitem>
67
68 <listitem>
69 <para>
70 AMD PCNet FAST III (Am79C973), the default setting
71 </para>
72 </listitem>
73
74 <listitem>
75 <para>
76 Intel PRO/1000 MT Desktop (82540EM)
77 </para>
78 </listitem>
79
80 <listitem>
81 <para>
82 Intel PRO/1000 T Server (82543GC)
83 </para>
84 </listitem>
85
86 <listitem>
87 <para>
88 Intel PRO/1000 MT Server (82545EM)
89 </para>
90 </listitem>
91
92 <listitem>
93 <para>
94 Paravirtualized network adapter (virtio-net)
95 </para>
96 </listitem>
97
98 </itemizedlist>
99
100 <para>
101 The PCNet FAST III is the default because it is supported by
102 nearly all operating systems, as well as by the GNU GRUB boot
103 manager. As an exception, the Intel PRO/1000 family adapters are
104 chosen for some guest operating system types that no longer ship
105 with drivers for the PCNet card, such as Windows Vista.
106 </para>
107
108 <para>
109 The Intel PRO/1000 MT Desktop type works with Windows Vista and
110 later versions. The T Server variant of the Intel PRO/1000 card is
111 recognized by Windows XP guests without additional driver
112 installation. The MT Server variant facilitates OVF imports from
113 other platforms.
114 </para>
115
116 <para>
117 The Paravirtualized network adapter (virtio-net) is special. If
118 you select this adapter, then &product-name; does
119 <emphasis>not</emphasis> virtualize common networking hardware
120 that is supported by common guest operating systems. Instead,
121 &product-name; expects a special software interface for
122 virtualized environments to be provided by the guest, thus
123 avoiding the complexity of emulating networking hardware and
124 improving network performance. &product-name; provides support for
125 the industry-standard <emphasis>virtio</emphasis> networking
126 drivers, which are part of the open source KVM project.
127 </para>
128
129 <para>
130 The virtio networking drivers are available for the following
131 guest operating systems:
132 </para>
133
134 <itemizedlist>
135
136 <listitem>
137 <para>
138 Linux kernels version 2.6.25 or later can be configured to
139 provide virtio support. Some distributions have also
140 back-ported virtio to older kernels.
141 </para>
142 </listitem>
143
144 <listitem>
145 <para>
146 For Windows 2000, XP, and Vista, virtio drivers can be
147 downloaded and installed from the KVM project web page:
148 </para>
149
150 <para>
151 <ulink
152 url="http://www.linux-kvm.org/page/WindowsGuestDrivers" />.
153 </para>
154 </listitem>
155
156 </itemizedlist>
157
158 <para>
159 &product-name; also has limited support for <emphasis>jumbo
160 frames</emphasis>. These are networking packets with more than
161 1500 bytes of data, provided that you use the Intel card
162 virtualization and bridged networking. Jumbo frames are not
163 supported with the AMD networking devices. In those cases, jumbo
164 packets will silently be dropped for both the transmit and the
165 receive direction. Guest operating systems trying to use this
166 feature will observe this as a packet loss, which may lead to
167 unexpected application behavior in the guest. This does not cause
168 problems with guest operating systems in their default
169 configuration, as jumbo frames need to be explicitly enabled.
170 </para>
171
172 </sect1>
173
174 <sect1 id="networkingmodes">
175
176 <title>Introduction to Networking Modes</title>
177
178 <para>
179 Each of the networking adapters can be separately configured to
180 operate in one of the following modes:
181 </para>
182
183 <itemizedlist>
184
185 <listitem>
186 <para>
187 <emphasis role="bold">Not attached.</emphasis> In this mode,
188 &product-name; reports to the guest that a network card is
189 present, but that there is no connection. This is as if no
190 Ethernet cable was plugged into the card. Using this mode, it
191 is possible to <emphasis>pull</emphasis> the virtual Ethernet
192 cable and disrupt the connection, which can be useful to
193 inform a guest operating system that no network connection is
194 available and enforce a reconfiguration.
195 </para>
196 </listitem>
197
198 <listitem>
199 <para>
200 <emphasis role="bold">Network Address Translation
201 (NAT)</emphasis>. If all you want is to browse the Web,
202 download files, and view email inside the guest, then this
203 default mode should be sufficient for you, and you can skip
204 the rest of this section. Please note that there are certain
205 limitations when using Windows file sharing. See
206 <xref linkend="nat-limitations" />.
207 </para>
208 </listitem>
209
210 <listitem>
211 <para>
212 <emphasis role="bold">NAT Network.</emphasis> A NAT network is
213 a type of internal network that allows outbound connections.
214 See <xref linkend="network_nat_service"/>.
215 </para>
216 </listitem>
217
218 <listitem>
219 <para>
220 <emphasis role="bold">Bridged networking.</emphasis> This is
221 for more advanced networking needs, such as network
222 simulations and running servers in a guest. When enabled,
223 &product-name; connects to one of your installed network cards
224 and exchanges network packets directly, circumventing your
225 host operating system's network stack.
226 </para>
227 </listitem>
228
229 <listitem>
230 <para>
231 <emphasis role="bold">Internal networking.</emphasis> This can
232 be used to create a different kind of software-based network
233 which is visible to selected virtual machines, but not to
234 applications running on the host or to the outside world.
235 </para>
236 </listitem>
237
238 <listitem>
239 <para>
240 <emphasis role="bold">Host-only networking.</emphasis> This
241 can be used to create a network containing the host and a set
242 of virtual machines, without the need for the host's physical
243 network interface. Instead, a virtual network interface,
244 similar to a loopback interface, is created on the host,
245 providing connectivity among virtual machines and the host.
246 </para>
247 </listitem>
248
249 <listitem>
250 <para>
251 <emphasis role="bold"> Generic networking.</emphasis> Rarely
252 used modes which share the same generic network interface, by
253 allowing the user to select a driver which can be included
254 with &product-name; or be distributed in an extension pack.
255 </para>
256
257 <para>
258 The following sub-modes are available:
259 </para>
260
261 <itemizedlist>
262
263 <listitem>
264 <para>
265 <emphasis role="bold">UDP Tunnel:</emphasis> Used to
266 interconnect virtual machines running on different hosts
267 directly, easily, and transparently, over an existing
268 network infrastructure.
269 </para>
270 </listitem>
271
272 <listitem>
273 <para>
274 <emphasis role="bold">VDE (Virtual Distributed Ethernet)
275 networking:</emphasis> Used to connect to a Virtual
276 Distributed Ethernet switch on a Linux or a FreeBSD host.
277 At the moment this option requires compilation of
278 &product-name; from sources, as the Oracle packages do not
279 include it.
280 </para>
281 </listitem>
282
283 </itemizedlist>
284 </listitem>
285
286 </itemizedlist>
287
288 <para>
289 The following table provides an overview of the most important
290 networking modes.
291 </para>
292
293 <table id="table-networking-modes" tabstyle="oracle-all">
294 <title>Overview of Networking Modes</title>
295 <tgroup cols="6">
296 <colspec align="left" />
297 <colspec align="center" />
298 <colspec align="center" />
299 <colspec align="center" />
300 <colspec align="center" />
301 <colspec align="center" />
302 <thead valign="middle">
303 <row>
304 <entry><emphasis role="bold">Mode</emphasis></entry>
305 <entry><para>
306 <emphasis role="bold">VM&rarr;Host</emphasis>
307 </para></entry>
308 <entry><para>
309 <emphasis role="bold">VM&larr;Host</emphasis>
310 </para></entry>
311 <entry><para>
312 <emphasis role="bold">VM1&harr;VM2</emphasis>
313 </para></entry>
314 <entry><para>
315 <emphasis role="bold">VM&rarr;Net/LAN</emphasis>
316 </para></entry>
317 <entry><para>
318 <emphasis role="bold">VM&larr;Net/LAN</emphasis>
319 </para></entry>
320 </row>
321 </thead>
322 <tbody valign="middle">
323 <row>
324 <entry><para>
325 Host-only
326 </para></entry>
327 <entry><para>
328 <emphasis role="bold">+</emphasis>
329 </para></entry>
330 <entry><para>
331 <emphasis role="bold">+</emphasis>
332 </para></entry>
333 <entry align="center"><para>
334 <emphasis role="bold">+</emphasis>
335 </para></entry>
336 <entry><para>
337 &ndash;
338 </para></entry>
339 <entry><para>
340 &ndash;
341 </para></entry>
342 </row>
343 <row>
344 <entry><para>
345 Internal
346 </para></entry>
347 <entry><para>
348 &ndash;
349 </para></entry>
350 <entry><para>
351 &ndash;
352 </para></entry>
353 <entry><para>
354 <emphasis role="bold">+</emphasis>
355 </para></entry>
356 <entry><para>
357 &ndash;
358 </para></entry>
359 <entry><para>
360 &ndash;
361 </para></entry>
362 </row>
363 <row>
364 <entry><para>
365 Bridged
366 </para></entry>
367 <entry><para>
368 <emphasis role="bold">+</emphasis>
369 </para></entry>
370 <entry><para>
371 <emphasis role="bold">+</emphasis>
372 </para></entry>
373 <entry><para>
374 <emphasis role="bold">+</emphasis>
375 </para></entry>
376 <entry><para>
377 <emphasis role="bold">+</emphasis>
378 </para></entry>
379 <entry><para>
380 <emphasis role="bold">+</emphasis>
381 </para></entry>
382 </row>
383 <row>
384 <entry><para>
385 NAT
386 </para></entry>
387 <entry><para>
388 <emphasis role="bold">+</emphasis>
389 </para></entry>
390 <entry><para>
391 <link linkend="natforward">Port forward</link>
392 </para></entry>
393 <entry><para>
394 &ndash;
395 </para></entry>
396 <entry><para>
397 <emphasis role="bold">+</emphasis>
398 </para></entry>
399 <entry><para>
400 <link linkend="natforward">Port forward</link>
401 </para></entry>
402 </row>
403 <row>
404 <entry><para>
405 NATservice
406 </para></entry>
407 <entry><para>
408 <emphasis role="bold">+</emphasis>
409 </para></entry>
410 <entry><para>
411 <link linkend="network_nat_service">Port forward</link>
412 </para></entry>
413 <entry><para>
414 <emphasis role="bold">+</emphasis>
415 </para></entry>
416 <entry><para>
417 <emphasis role="bold">+</emphasis>
418 </para></entry>
419 <entry><para>
420 <link linkend="network_nat_service">Port forward</link>
421 </para></entry>
422 </row>
423 </tbody>
424 </tgroup>
425 </table>
426
427 <para>
428 The following sections describe the available network modes in
429 more detail.
430 </para>
431
432 </sect1>
433
434 <sect1 id="network_nat">
435
436 <title>Network Address Translation (NAT)</title>
437
438 <para>
439 Network Address Translation (NAT) is the simplest way of accessing
440 an external network from a virtual machine. Usually, it does not
441 require any configuration on the host network and guest system.
442 For this reason, it is the default networking mode in
443 &product-name;.
444 </para>
445
446 <para>
447 A virtual machine with NAT enabled acts much like a real computer
448 that connects to the Internet through a router. The router, in
449 this case, is the &product-name; networking engine, which maps
450 traffic from and to the virtual machine transparently. In
451 &product-name; this router is placed between each virtual machine
452 and the host. This separation maximizes security since by default
453 virtual machines cannot talk to each other.
454 </para>
455
456 <para>
457 The disadvantage of NAT mode is that, much like a private network
458 behind a router, the virtual machine is invisible and unreachable
459 from the outside internet. You cannot run a server this way unless
460 you set up port forwarding. See <xref linkend="natforward"/>.
461 </para>
462
463 <para>
464 The network frames sent out by the guest operating system are
465 received by &product-name;'s NAT engine, which extracts the TCP/IP
466 data and resends it using the host operating system. To an
467 application on the host, or to another computer on the same
468 network as the host, it looks like the data was sent by the
469 &product-name; application on the host, using an IP address
470 belonging to the host. &product-name; listens for replies to the
471 packages sent, and repacks and resends them to the guest machine
472 on its private network.
473 </para>
474
475 <para>
476 The virtual machine receives its network address and configuration
477 on the private network from a DHCP server integrated into
478 &product-name;. The IP address thus assigned to the virtual
479 machine is usually on a completely different network than the
480 host. As more than one card of a virtual machine can be set up to
481 use NAT, the first card is connected to the private network
482 10.0.2.0, the second card to the network 10.0.3.0 and so on. If
483 you need to change the guest-assigned IP range, see
484 <xref linkend="changenat" />.
485 </para>
486
487 <sect2 id="natforward">
488
489 <title>Configuring Port Forwarding with NAT</title>
490
491 <para>
492 As the virtual machine is connected to a private network
493 internal to &product-name; and invisible to the host, network
494 services on the guest are not accessible to the host machine or
495 to other computers on the same network. However, like a physical
496 router, &product-name; can make selected services available to
497 the world outside the guest through <emphasis>port
498 forwarding</emphasis>. This means that &product-name; listens to
499 certain ports on the host and resends all packets which arrive
500 there to the guest, on the same or a different port.
501 </para>
502
503 <para>
504 To an application on the host or other physical or virtual
505 machines on the network, it looks as though the service being
506 proxied is actually running on the host. This also means that
507 you cannot run the same service on the same ports on the host.
508 However, you still gain the advantages of running the service in
509 a virtual machine. For example, services on the host machine or
510 on other virtual machines cannot be compromised or crashed by a
511 vulnerability or a bug in the service, and the service can run
512 in a different operating system than the host system.
513 </para>
514
515 <para>
516 To configure port forwarding you can use the graphical
517 <emphasis role="bold">Port Forwarding</emphasis> editor which
518 can be found in the <emphasis role="bold">Network
519 Settings</emphasis> dialog for network adaptors configured to
520 use NAT. Here, you can map host ports to guest ports to allow
521 network traffic to be routed to a specific port in the guest.
522 </para>
523
524 <para>
525 Alternatively, the command line tool
526 <command>VBoxManage</command> can be used. See
527 <xref linkend="vboxmanage-modifyvm" />.
528 </para>
529
530 <para>
531 You will need to know which ports on the guest the service uses
532 and to decide which ports to use on the host. You may want to
533 use the same ports on the guest and on the host. You can use any
534 ports on the host which are not already in use by a service. For
535 example, to set up incoming NAT connections to an
536 <command>ssh</command> server in the guest, use the following
537 command:
538 </para>
539
540<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen>
541
542 <para>
543 In the above example, all TCP traffic arriving on port 2222 on
544 any host interface will be forwarded to port 22 in the guest.
545 The protocol name <literal>tcp</literal> is a mandatory
546 attribute defining which protocol should be used for forwarding,
547 <literal>udp</literal> could also be used. The name
548 <literal>guestssh</literal> is purely descriptive and will be
549 auto-generated if omitted. The number after
550 <option>--natpf</option> denotes the network card, as with other
551 <command>VBoxManage</command> commands.
552 </para>
553
554 <para>
555 To remove this forwarding rule, use the following command:
556 </para>
557
558<screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen>
559
560 <para>
561 If for some reason the guest uses a static assigned IP address
562 not leased from the built-in DHCP server, it is required to
563 specify the guest IP when registering the forwarding rule, as
564 follows:
565 </para>
566
567<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen>
568
569 <para>
570 This example is identical to the previous one, except that the
571 NAT engine is being told that the guest can be found at the
572 10.0.2.19 address.
573 </para>
574
575 <para>
576 To forward <emphasis>all</emphasis> incoming traffic from a
577 specific host interface to the guest, specify the IP of that
578 host interface as follows:
579 </para>
580
581<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen>
582
583 <para>
584 This example forwards all TCP traffic arriving on the localhost
585 interface at 127.0.0.1 through port 2222 to port 22 in the
586 guest.
587 </para>
588
589 <para>
590 It is possible to configure incoming NAT connections while the
591 VM is running, see <xref linkend="vboxmanage-controlvm"/>.
592 </para>
593
594 </sect2>
595
596 <sect2 id="nat-tftp">
597
598 <title>PXE Booting with NAT</title>
599
600 <para>
601 PXE booting is now supported in NAT mode. The NAT DHCP server
602 provides a boot file name of the form
603 <filename><replaceable>vmname</replaceable>.pxe</filename> if
604 the directory <literal>TFTP</literal> exists in the directory
605 where the user's <filename>VirtualBox.xml</filename> file is
606 kept. It is the responsibility of the user to provide
607 <filename><replaceable>vmname</replaceable>.pxe</filename>.
608 </para>
609
610 </sect2>
611
612 <sect2 id="nat-limitations">
613
614 <title>NAT Limitations</title>
615
616 <para>
617 There are some limitations of NAT mode which users should be
618 aware of, as follows:
619 </para>
620
621 <itemizedlist>
622
623 <listitem>
624 <para>
625 <emphasis role="bold">ICMP protocol limitations.</emphasis>
626 Some frequently used network debugging tools, such as
627 <command>ping</command> or <command>traceroute</command>,
628 rely on the ICMP protocol for sending and receiving
629 messages. &product-name; ICMP support has some limitations,
630 meaning <command>ping</command> should work but some other
631 tools may not work reliably.
632 </para>
633 </listitem>
634
635 <listitem>
636 <para>
637 <emphasis role="bold">Receiving of UDP
638 broadcasts.</emphasis> The guest does not reliably receive
639 UDP broadcasts. In order to save resources, it only listens
640 for a certain amount of time after the guest has sent UDP
641 data on a particular port. As a consequence, NetBios name
642 resolution based on broadcasts does not always work, but
643 WINS always works. As a workaround, you can use the numeric
644 IP of the desired server in the
645 <filename>\\<replaceable>server</replaceable>\<replaceable>share</replaceable></filename>
646 notation.
647 </para>
648 </listitem>
649
650 <listitem>
651 <para>
652 <emphasis role="bold">Some protocols are not
653 supported.</emphasis> Protocols other than TCP and UDP are
654 not supported. GRE is not supported. This means some VPN
655 products, such as PPTP from Microsoft, cannot be used. There
656 are other VPN products which use only TCP and UDP.
657 </para>
658 </listitem>
659
660 <listitem>
661 <para>
662 <emphasis role="bold">Forwarding host ports below
663 1024.</emphasis> On UNIX-based hosts, such as Linux, Oracle
664 Solaris, and Mac OS X, it is not possible to bind to ports
665 below 1024 from applications that are not run by
666 <literal>root</literal>. As a result, if you try to
667 configure such a port forwarding, the VM will refuse to
668 start.
669 </para>
670 </listitem>
671
672 </itemizedlist>
673
674 <para>
675 These limitations normally do not affect standard network use.
676 But the presence of NAT has also subtle effects that may
677 interfere with protocols that are normally working. One example
678 is NFS, where the server is often configured to refuse
679 connections from non-privileged ports, which are those ports not
680 below 1024.
681 </para>
682
683 </sect2>
684
685 </sect1>
686
687 <sect1 id="network_nat_service">
688
689 <title>Network Address Translation Service</title>
690
691 <para>
692 The Network Address Translation (NAT) service works in a similar
693 way to a home router, grouping the systems using it into a network
694 and preventing systems outside of this network from directly
695 accessing systems inside it, but letting systems inside
696 communicate with each other and with systems outside using TCP and
697 UDP over IPv4 and IPv6.
698 </para>
699
700 <para>
701 A NAT service is attached to an internal network. Virtual machines
702 which are to make use of it should be attached to that internal
703 network. The name of internal network is chosen when the NAT
704 service is created and the internal network will be created if it
705 does not already exist. The following is an example command to
706 create a NAT network:
707 </para>
708
709<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable</screen>
710
711 <para>
712 Here, natnet1 is the name of the internal network to be used and
713 192.168.15.0/24 is the network address and mask of the NAT service
714 interface. By default in this static configuration the gateway
715 will be assigned the address 192.168.15.1, the address following
716 the interface address, though this is subject to change. To attach
717 a DHCP server to the internal network, modify the example command
718 as follows:
719 </para>
720
721<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on</screen>
722
723 <para>
724 To add a DHCP server to an existing network, use the following
725 command:
726 </para>
727
728<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp on</screen>
729
730 <para>
731 To disable the DHCP server, use the following command:
732 </para>
733
734<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp off</screen>
735
736 <para>
737 A DHCP server provides a list of registered nameservers, but does
738 not map servers from the 127/8 network.
739 </para>
740
741 <para>
742 To start the NAT service, use the following command:
743 </para>
744
745<screen>VBoxManage natnetwork start --netname natnet1</screen>
746
747 <para>
748 If the network has a DHCP server attached then it will start
749 together with the NAT network service.
750 </para>
751
752 <para>
753 To stop the NAT network service, together with any DHCP server:
754 </para>
755
756<screen>VBoxManage natnetwork stop --netname natnet1</screen>
757
758 <para>
759 To delete the NAT network service:
760 </para>
761
762<screen>VBoxManage natnetwork remove --netname natnet1</screen>
763
764 <para>
765 This command does not remove the DHCP server if one is enabled on
766 the internal network.
767 </para>
768
769 <para>
770 Port-forwarding is supported, using the
771 <option>--port-forward-4</option> switch for IPv4 and
772 <option>--port-forward-6</option> for IPv6. For example:
773 </para>
774
775<screen>VBoxManage natnetwork modify \
776 --netname natnet1 --port-forward-4 "ssh:tcp:[]:1022:[192.168.15.5]:22"</screen>
777
778 <para>
779 This adds a port-forwarding rule from the host's TCP 1022 port to
780 the port 22 on the guest with IP address 192.168.15.5. Host port,
781 guest port and guest IP are mandatory. To delete the rule, use the
782 following command:
783 </para>
784
785<screen>VBoxManage natnetwork modify --netname natnet1 --port-forward-4 delete ssh</screen>
786
787 <para>
788 It is possible to bind a NAT service to specified interface. For
789 example:
790 </para>
791
792<screen>VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185</screen>
793
794 <para>
795 To see the list of registered NAT networks, use the following
796 command:
797 </para>
798
799<screen>VBoxManage list natnetworks</screen>
800
801 </sect1>
802
803 <sect1 id="network_bridged">
804
805 <title>Bridged Networking</title>
806
807 <para>
808 With bridged networking, &product-name; uses a device driver on
809 your <emphasis>host</emphasis> system that filters data from your
810 physical network adapter. This driver is therefore called a
811 <emphasis>net filter</emphasis> driver. This enables
812 &product-name; to intercept data from the physical network and
813 inject data into it, effectively creating a new network interface
814 in software. When a guest is using such a new software interface,
815 it looks to the host system as though the guest were physically
816 connected to the interface using a network cable. The host can
817 send data to the guest through that interface and receive data
818 from it. This means that you can set up routing or bridging
819 between the guest and the rest of your network.
820 </para>
821
822 <note>
823 <para>
824 Even though TAP interfaces are no longer necessary on Linux for
825 bridged networking, you <emphasis>can</emphasis> still use TAP
826 interfaces for certain advanced setups, since you can connect a
827 VM to any host interface.
828 </para>
829 </note>
830
831 <para>
832 To enable bridged networking, open the
833 <emphasis role="bold">Settings</emphasis> dialog of a virtual
834 machine, go to the <emphasis role="bold">Network</emphasis> page
835 and select <emphasis role="bold">Bridged Network</emphasis> in the
836 drop-down list for the <emphasis role="bold">Attached
837 To</emphasis> field. Select a host interface from the list at the
838 bottom of the page, which contains the physical network interfaces
839 of your systems. On a typical MacBook, for example, this will
840 allow you to select between en1: AirPort, which is the wireless
841 interface, and en0: Ethernet, which represents the interface with
842 a network cable.
843 </para>
844
845 <note>
846 <para>
847 Bridging to a wireless interface is done differently from
848 bridging to a wired interface, because most wireless adapters do
849 not support promiscuous mode. All traffic has to use the MAC
850 address of the host's wireless adapter, and therefore
851 &product-name; needs to replace the source MAC address in the
852 Ethernet header of an outgoing packet to make sure the reply
853 will be sent to the host interface. When &product-name; sees an
854 incoming packet with a destination IP address that belongs to
855 one of the virtual machine adapters it replaces the destination
856 MAC address in the Ethernet header with the VM adapter's MAC
857 address and passes it on. &product-name; examines ARP and DHCP
858 packets in order to learn the IP addresses of virtual machines.
859 </para>
860 </note>
861
862 <para>
863 Depending on your host operating system, the following limitations
864 apply:
865 </para>
866
867 <itemizedlist>
868
869 <listitem>
870 <para>
871 <emphasis role="bold">Mac OS X hosts.</emphasis> Functionality
872 is limited when using AirPort, the Mac's wireless networking
873 system, for bridged networking. Currently, &product-name;
874 supports only IPv4 and IPv6 over AirPort. For other protocols,
875 such as IPX, you must choose a wired interface.
876 </para>
877 </listitem>
878
879 <listitem>
880 <para>
881 <emphasis role="bold">Linux hosts.</emphasis> Functionality is
882 limited when using wireless interfaces for bridged networking.
883 Currently, &product-name; supports only IPv4 and IPv6 over
884 wireless. For other protocols, such as IPX, you must choose a
885 wired interface.
886 </para>
887
888 <para>
889 Also, setting the MTU to less than 1500 bytes on wired
890 interfaces provided by the sky2 driver on the Marvell Yukon II
891 EC Ultra Ethernet NIC is known to cause packet losses under
892 certain conditions.
893 </para>
894
895 <para>
896 Some adapters strip VLAN tags in hardware. This does not allow
897 you to use VLAN trunking between VM and the external network
898 with pre-2.6.27 Linux kernels, or with host operating systems
899 other than Linux.
900 </para>
901 </listitem>
902
903 <listitem>
904 <para>
905 <emphasis role="bold">Oracle Solaris hosts.</emphasis> There
906 is no support for using wireless interfaces. Filtering guest
907 traffic using IPFilter is also not completely supported due to
908 technical restrictions of the Oracle Solaris networking
909 subsystem. These issues may be addressed in later releases of
910 Oracle Solaris 11.
911 </para>
912
913 <para>
914 On Oracle Solaris 11 hosts build 159 and above, it is possible
915 to use Oracle Solaris Crossbow Virtual Network Interfaces
916 (VNICs) directly with &product-name; without any additional
917 configuration other than each VNIC must be exclusive for every
918 guest network interface.
919 </para>
920
921 <para>
922 When using VLAN interfaces with &product-name;, they must be
923 named according to the PPA-hack naming scheme, such as
924 e1000g513001. Otherwise, the guest may receive packets in an
925 unexpected format.
926 </para>
927 </listitem>
928
929 </itemizedlist>
930
931 </sect1>
932
933 <sect1 id="network_internal">
934
935 <title>Internal Networking</title>
936
937 <para>
938 Internal Networking is similar to bridged networking in that the
939 VM can directly communicate with the outside world. However, the
940 outside world is limited to other VMs on the same host which
941 connect to the same internal network.
942 </para>
943
944 <para>
945 Even though technically, everything that can be done using
946 internal networking can also be done using bridged networking,
947 there are security advantages with internal networking. In bridged
948 networking mode, all traffic goes through a physical interface of
949 the host system. It is therefore possible to attach a packet
950 sniffer such as Wireshark to the host interface and log all
951 traffic that goes over it. If, for any reason, you prefer two or
952 more VMs on the same machine to communicate privately, hiding
953 their data from both the host system and the user, bridged
954 networking therefore is not an option.
955 </para>
956
957 <para>
958 Internal networks are created automatically as needed. There is no
959 central configuration. Every internal network is identified simply
960 by its name. Once there is more than one active virtual network
961 card with the same internal network ID, the &product-name; support
962 driver will automatically <emphasis>wire</emphasis> the cards and
963 act as a network switch. The &product-name; support driver
964 implements a complete Ethernet switch and supports both
965 broadcast/multicast frames and promiscuous mode.
966 </para>
967
968 <para>
969 In order to attach a VM's network card to an internal network, set
970 its networking mode to Internal Networking. There are two ways to
971 accomplish this:
972 </para>
973
974 <itemizedlist>
975
976 <listitem>
977 <para>
978 Use the VM's <emphasis role="bold">Settings</emphasis> dialog
979 in the &product-name; graphical user interface. In the
980 <emphasis role="bold">Networking</emphasis> category of the
981 settings dialog, select <emphasis role="bold">Internal
982 Networking</emphasis> from the drop-down list of networking
983 modes. Select the name of an existing internal network from
984 the drop-down list below, or enter a new name into the
985 <emphasis role="bold">Name</emphasis> field.
986 </para>
987 </listitem>
988
989 <listitem>
990 <para>
991 Use the command line, for example:
992 </para>
993
994<screen>VBoxManage modifyvm "VM name" --nic&lt;x&gt; intnet</screen>
995
996 <para>
997 Optionally, you can specify a network name with the command:
998 </para>
999
1000<screen>VBoxManage modifyvm "VM name" --intnet&lt;x&gt; "network name"</screen>
1001
1002 <para>
1003 If you do not specify a network name, the network card will be
1004 attached to the network <literal>intnet</literal> by default.
1005 </para>
1006 </listitem>
1007
1008 </itemizedlist>
1009
1010 <para>
1011 Unless you configure the virtual network cards in the guest
1012 operating systems that are participating in the internal network
1013 to use static IP addresses, you may want to use the DHCP server
1014 that is built into &product-name; to manage IP addresses for the
1015 internal network. See <xref linkend="vboxmanage-dhcpserver" />.
1016 </para>
1017
1018 <para>
1019 As a security measure, by default, the Linux implementation of
1020 internal networking only allows VMs running under the same user ID
1021 to establish an internal network. However, it is possible to
1022 create a shared internal networking interface, accessible by users
1023 with different user IDs.
1024 </para>
1025
1026 </sect1>
1027
1028 <sect1 id="network_hostonly">
1029
1030 <title>Host-Only Networking</title>
1031
1032 <para>
1033 Host-only networking can be thought of as a hybrid between the
1034 bridged and internal networking modes. As with bridged networking,
1035 the virtual machines can talk to each other and the host as if
1036 they were connected through a physical Ethernet switch. As with
1037 internal networking, a physical networking interface need not be
1038 present, and the virtual machines cannot talk to the world outside
1039 the host since they are not connected to a physical networking
1040 interface.
1041 </para>
1042
1043 <para>
1044 When host-only networking is used, &product-name; creates a new
1045 software interface on the host which then appears next to your
1046 existing network interfaces. In other words, whereas with bridged
1047 networking an existing physical interface is used to attach
1048 virtual machines to, with host-only networking a new
1049 <emphasis>loopback</emphasis> interface is created on the host.
1050 And whereas with internal networking, the traffic between the
1051 virtual machines cannot be seen, the traffic on the loopback
1052 interface on the host can be intercepted.
1053 </para>
1054
1055 <para>
1056 Host-only networking is particularly useful for preconfigured
1057 virtual appliances, where multiple virtual machines are shipped
1058 together and designed to cooperate. For example, one virtual
1059 machine may contain a web server and a second one a database, and
1060 since they are intended to talk to each other, the appliance can
1061 instruct &product-name; to set up a host-only network for the two.
1062 A second, bridged, network would then connect the web server to
1063 the outside world to serve data to, but the outside world cannot
1064 connect to the database.
1065 </para>
1066
1067 <para>
1068 To change a virtual machine's virtual network interface to Host
1069 Only mode, do either of the following:
1070 </para>
1071
1072 <itemizedlist>
1073
1074 <listitem>
1075 <para>
1076 Go to the <emphasis role="bold">Network</emphasis> page in the
1077 virtual machine's <emphasis role="bold">Settings</emphasis>
1078 dialog and select <emphasis role="bold">Host-Only
1079 Networking</emphasis>.
1080 </para>
1081 </listitem>
1082
1083 <listitem>
1084 <para>
1085 On the command line, enter <command>VBoxManage modifyvm
1086 <replaceable>"vmname</replaceable>
1087 --nic<replaceable>x</replaceable> hostonly</command>. See
1088 <xref
1089 linkend="vboxmanage-modifyvm" />.
1090 </para>
1091 </listitem>
1092
1093 </itemizedlist>
1094
1095 <para>
1096 Before you can attach a VM to a host-only network you have to
1097 create at least one host-only interface. You can use the
1098 VirtualBox Manager for this. Choose
1099 <emphasis role="bold">File</emphasis>,
1100 <emphasis role="bold">Preferences</emphasis>,
1101 <emphasis role="bold">Network</emphasis>,
1102 <emphasis role="bold">Host-Only Network</emphasis>,
1103 <emphasis role="bold">(+)Add Host-Only Network</emphasis>.
1104 </para>
1105
1106 <para>
1107 Alternatively, you can use the command line:
1108 </para>
1109
1110<screen>VBoxManage hostonlyif create</screen>
1111
1112 <para>
1113 See <xref linkend="vboxmanage-hostonlyif" />.
1114 </para>
1115
1116 <para>
1117 For host-only networking, as with internal networking, you may
1118 find the DHCP server useful that is built into &product-name;.
1119 This can be enabled to then manage the IP addresses in the
1120 host-only network since otherwise you would need to configure all
1121 IP addresses statically.
1122 </para>
1123
1124 <itemizedlist>
1125
1126 <listitem>
1127 <para>
1128 In the &product-name; graphical user interface, you can
1129 configure all these items in the global settings by choosing
1130 <emphasis role="bold">File</emphasis>,
1131 <emphasis role="bold">Preferences</emphasis>,
1132 <emphasis role="bold">Network</emphasis>. This lists all
1133 host-only networks which are presently in use. Click on the
1134 network name and then on
1135 <emphasis role="bold">Edit</emphasis>. You can then modify the
1136 adapter and DHCP settings.
1137 </para>
1138 </listitem>
1139
1140 <listitem>
1141 <para>
1142 Alternatively, you can use <command>VBoxManage
1143 dhcpserver</command> on the command line. See
1144 <xref
1145 linkend="vboxmanage-dhcpserver" />.
1146 </para>
1147 </listitem>
1148
1149 </itemizedlist>
1150
1151 <note>
1152 <para>
1153 On Linux and Mac OS X hosts the number of host-only interfaces
1154 is limited to 128. There is no such limit for Oracle Solaris and
1155 Windows hosts.
1156 </para>
1157 </note>
1158
1159 </sect1>
1160
1161 <sect1 id="network_udp_tunnel">
1162
1163 <title>UDP Tunnel Networking</title>
1164
1165 <para>
1166 This networking mode enables you to interconnect virtual machines
1167 running on different hosts.
1168 </para>
1169
1170 <para>
1171 Technically this is done by encapsulating Ethernet frames sent or
1172 received by the guest network card into UDP/IP datagrams, and
1173 sending them over any network available to the host.
1174 </para>
1175
1176 <para>
1177 UDP Tunnel mode has the following parameters:
1178 </para>
1179
1180 <itemizedlist>
1181
1182 <listitem>
1183 <para>
1184 <emphasis role="bold">Source UDP port:</emphasis> The port on
1185 which the host listens. Datagrams arriving on this port from
1186 any source address will be forwarded to the receiving part of
1187 the guest network card.
1188 </para>
1189 </listitem>
1190
1191 <listitem>
1192 <para>
1193 <emphasis role="bold">Destination address:</emphasis> IP
1194 address of the target host of the transmitted data.
1195 </para>
1196 </listitem>
1197
1198 <listitem>
1199 <para>
1200 <emphasis role="bold">Destination UDP port:</emphasis> Port
1201 number to which the transmitted data is sent.
1202 </para>
1203 </listitem>
1204
1205 </itemizedlist>
1206
1207 <para>
1208 When interconnecting two virtual machines on two different hosts,
1209 their IP addresses must be swapped. On a single host, source and
1210 destination UDP ports must be swapped.
1211 </para>
1212
1213 <para>
1214 In the following example, host 1 uses the IP address 10.0.0.1 and
1215 host 2 uses IP address 10.0.0.2. To configure using the
1216 command-line:
1217 </para>
1218
1219<screen> VBoxManage modifyvm "VM 01 on host 1" --nic&lt;x&gt; generic
1220 VBoxManage modifyvm "VM 01 on host 1" --nicgenericdrv&lt;x&gt; UDPTunnel
1221 VBoxManage modifyvm "VM 01 on host 1" --nicproperty&lt;x&gt; dest=10.0.0.2
1222 VBoxManage modifyvm "VM 01 on host 1" --nicproperty&lt;x&gt; sport=10001
1223 VBoxManage modifyvm "VM 01 on host 1" --nicproperty&lt;x&gt; dport=10002</screen>
1224
1225<screen> VBoxManage modifyvm "VM 02 on host 2" --nic&lt;y&gt; generic
1226 VBoxManage modifyvm "VM 02 on host 2" --nicgenericdrv&lt;y&gt; UDPTunnel
1227 VBoxManage modifyvm "VM 02 on host 2" --nicproperty&lt;y&gt; dest=10.0.0.1
1228 VBoxManage modifyvm "VM 02 on host 2" --nicproperty&lt;y&gt; sport=10002
1229 VBoxManage modifyvm "VM 02 on host 2" --nicproperty&lt;y&gt; dport=10001</screen>
1230
1231 <para>
1232 Of course, you can always interconnect two virtual machines on the
1233 same host, by setting the destination address parameter to
1234 127.0.0.1 on both. It will act similarly to an internal network in
1235 this case. However, the host can see the network traffic which it
1236 could not in the normal internal network case.
1237 </para>
1238
1239 <note>
1240 <para>
1241 On UNIX-based hosts, such as Linux, Oracle Solaris, and Mac OS
1242 X, it is not possible to bind to ports below 1024 from
1243 applications that are not run by <literal>root</literal>. As a
1244 result, if you try to configure such a source UDP port, the VM
1245 will refuse to start.
1246 </para>
1247 </note>
1248
1249 </sect1>
1250
1251 <sect1 id="network_vde">
1252
1253 <title>VDE Networking</title>
1254
1255 <para>
1256 Virtual Distributed Ethernet (VDE) is a flexible, virtual network
1257 infrastructure system, spanning across multiple hosts in a secure
1258 way. It enables L2/L3 switching, including spanning-tree protocol,
1259 VLANs, and WAN emulation. It is an optional part of &product-name;
1260 which is only included in the source code.
1261 </para>
1262
1263 <para>
1264 VDE is a project developed by Renzo Davoli, Associate Professor at
1265 the University of Bologna, Italy.
1266 </para>
1267
1268 <para>
1269 The basic building blocks of the infrastructure are VDE switches,
1270 VDE plugs, and VDE wires which interconnect the switches.
1271 </para>
1272
1273 <para>
1274 The &product-name; VDE driver has a single parameter: VDE network.
1275 This is the name of the VDE network switch socket to which the VM
1276 will be connected.
1277 </para>
1278
1279 <para>
1280 The following basic example shows how to connect a virtual machine
1281 to a VDE switch.
1282 </para>
1283
1284 <orderedlist>
1285
1286 <listitem>
1287 <para>
1288 Create a VDE switch:
1289 </para>
1290
1291<screen>vde_switch -s /tmp/switch1</screen>
1292 </listitem>
1293
1294 <listitem>
1295 <para>
1296 Configure VMs using the command-line:
1297 </para>
1298
1299<screen>VBoxManage modifyvm "VM name" --nic&lt;x&gt; generic</screen>
1300
1301<screen>VBoxManage modifyvm "VM name" --nicgenericdrv&lt;x&gt; VDE</screen>
1302
1303 <para>
1304 To connect to an automatically allocated switch port:
1305 </para>
1306
1307<screen>VBoxManage modifyvm "VM name" --nicproperty&lt;x&gt; network=/tmp/switch1</screen>
1308
1309 <para>
1310 To connect to a specific switch port
1311 <replaceable>n</replaceable>:
1312 </para>
1313
1314<screen>VBoxManage modifyvm "VM name" --nicproperty&lt;x&gt; network=/tmp/switch1[&lt;n&gt;]</screen>
1315
1316 <para>
1317 This command can be useful for VLANs.
1318 </para>
1319 </listitem>
1320
1321 <listitem>
1322 <para>
1323 (Optional) Map between a VDE switch port and a VLAN.
1324 </para>
1325
1326 <para>
1327 Using the switch command line:
1328 </para>
1329
1330<screen>vde$ vlan/create &lt;VLAN&gt;</screen>
1331
1332<screen>vde$ port/setvlan &lt;port&gt; &lt;VLAN&gt;</screen>
1333 </listitem>
1334
1335 </orderedlist>
1336
1337 <para>
1338 VDE is available on Linux and FreeBSD hosts only. It is only
1339 available if the VDE software and the VDE plugin library from the
1340 VirtualSquare project are installed on the host system.
1341 </para>
1342
1343 <note>
1344 <para>
1345 For Linux hosts, the shared library libvdeplug.so must be
1346 available in the search path for shared libraries.
1347 </para>
1348 </note>
1349
1350 <para>
1351 For more information on setting up VDE networks, please see the
1352 documentation accompanying the software. See also
1353 <ulink
1354 url="http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking" />.
1355 </para>
1356
1357 </sect1>
1358
1359 <sect1 id="network_bandwidth_limit">
1360
1361 <title>Limiting Bandwidth for Network Input/Output</title>
1362
1363 <para>
1364 &product-name; supports limiting of the maximum bandwidth used for
1365 network transmission. Several network adapters of one VM may share
1366 limits through bandwidth groups. It is possible to have more than
1367 one such limit.
1368 </para>
1369
1370 <note>
1371 <para>
1372 &product-name; shapes VM traffic only in the transmit direction,
1373 delaying the packets being sent by virtual machines. It does not
1374 limit the traffic being received by virtual machines.
1375 </para>
1376 </note>
1377
1378 <para>
1379 Limits are configured through <command>VBoxManage</command>. The
1380 following example creates a bandwidth group named Limit, sets the
1381 limit to 20 Mbps and assigns the group to the first and second
1382 adapters of the VM:
1383 </para>
1384
1385<screen>VBoxManage bandwidthctl "VM name" add Limit --type network --limit 20m
1386VBoxManage modifyvm "VM name" --nicbandwidthgroup1 Limit
1387VBoxManage modifyvm "VM name" --nicbandwidthgroup2 Limit</screen>
1388
1389 <para>
1390 All adapters in a group share the bandwidth limit, meaning that in
1391 the example above the bandwidth of both adapters combined can
1392 never exceed 20 Mbps. However, if one adapter does not require
1393 bandwidth the other can use the remaining bandwidth of its group.
1394 </para>
1395
1396 <para>
1397 The limits for each group can be changed while the VM is running,
1398 with changes being picked up immediately. The following example
1399 changes the limit for the group created in the previous example to
1400 100 Kbps:
1401 </para>
1402
1403<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 100k</screen>
1404
1405 <para>
1406 To completely disable shaping for the first adapter of VM use the
1407 following command:
1408 </para>
1409
1410<screen>VBoxManage modifyvm "VM name" --nicbandwidthgroup1 none</screen>
1411
1412 <para>
1413 It is also possible to disable shaping for all adapters assigned
1414 to a bandwidth group while VM is running, by specifying the zero
1415 limit for the group. For example, for the bandwidth group named
1416 Limit:
1417 </para>
1418
1419<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 0</screen>
1420
1421 </sect1>
1422
1423 <sect1 id="network_performance">
1424
1425 <title>Improving Network Performance</title>
1426
1427 <para>
1428 &product-name; provides a variety of virtual network adapters that
1429 can be attached to the host's network in a number of ways.
1430 Depending on which types of adapters and attachments are used the
1431 network performance will be different. Performance-wise the virtio
1432 network adapter is preferable over Intel PRO/1000 emulated
1433 adapters, which are preferred over the PCNet family of adapters.
1434 Both virtio and Intel PRO/1000 adapters enjoy the benefit of
1435 segmentation and checksum offloading. Segmentation offloading is
1436 essential for high performance as it allows for less context
1437 switches, dramatically increasing the sizes of packets that cross
1438 the VM/host boundary.
1439 </para>
1440
1441 <note>
1442 <para>
1443 Neither virtio nor Intel PRO/1000 drivers for Windows XP support
1444 segmentation offloading. Therefore Windows XP guests never reach
1445 the same transmission rates as other guest types. Refer to MS
1446 Knowledge base article 842264 for additional information.
1447 </para>
1448 </note>
1449
1450 <para>
1451 Three attachment types: Internal, Bridged, and Host-Only, have
1452 nearly identical performance. The Internal type is a little bit
1453 faster and uses less CPU cycles as the packets never reach the
1454 host's network stack. The NAT attachment type is the slowest and
1455 most secure of all attachment types, as it provides network
1456 address translation. The generic driver attachment is special and
1457 cannot be considered as an alternative to other attachment types.
1458 </para>
1459
1460 <para>
1461 The number of CPUs assigned to VM does not improve network
1462 performance and in some cases may hurt it due to increased
1463 concurrency in the guest.
1464 </para>
1465
1466 <para>
1467 Here is a short summary of things to check in order to improve
1468 network performance:
1469 </para>
1470
1471 <itemizedlist>
1472
1473 <listitem>
1474 <para>
1475 Whenever possible use the virtio network adapter. Otherwise,
1476 use one of the Intel PRO/1000 adapters.
1477 </para>
1478 </listitem>
1479
1480 <listitem>
1481 <para>
1482 Use a Bridged attachment instead of NAT.
1483 </para>
1484 </listitem>
1485
1486 <listitem>
1487 <para>
1488 Make sure segmentation offloading is enabled in the guest OS.
1489 Usually it will be enabled by default. You can check and
1490 modify offloading settings using the
1491 <command>ethtool</command> command on Linux guests.
1492 </para>
1493 </listitem>
1494
1495 <listitem>
1496 <para>
1497 Perform a full detailed analysis of network traffic on the
1498 VM's network adaptor using a third party tool such as
1499 Wireshark. To do this, a promiscuous mode policy needs to be
1500 used on the VM's network adaptor. Use of this mode is only
1501 possible on the following network types: NAT Network, Bridged
1502 Adapter, Internal Network, and Host-Only Adapter.
1503 </para>
1504
1505 <para>
1506 To setup a promiscuous mode policy, either select from the
1507 drop down list located in the <emphasis role="bold">Network
1508 Settings</emphasis> dialog for the network adaptor or use the
1509 command line tool <command>VBoxManage</command>. See
1510 <xref linkend="vboxmanage-modifyvm" />.
1511 </para>
1512
1513 <para>
1514 Promiscuous mode policies are as follows:
1515 </para>
1516
1517 <itemizedlist>
1518
1519 <listitem>
1520 <para>
1521 <literal>deny</literal>, which hides any traffic not
1522 intended for the VM's network adaptor. This is the default
1523 setting.
1524 </para>
1525 </listitem>
1526
1527 <listitem>
1528 <para>
1529 <literal>allow-vms</literal>, which hides all host traffic
1530 from the VM's network adaptor, but allows it to see
1531 traffic from and to other VMs.
1532 </para>
1533 </listitem>
1534
1535 <listitem>
1536 <para>
1537 <literal>allow-all</literal>, which removes all
1538 restrictions. The VM's network adaptor sees all traffic.
1539 </para>
1540 </listitem>
1541
1542 </itemizedlist>
1543 </listitem>
1544
1545 </itemizedlist>
1546
1547 </sect1>
1548
1549</chapter>
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette