user_Networking.xml@ 91099

Last change on this file since 91099 was 87077, checked in by vboxsync, 4 years ago
doc/manual: Integrate a collection of documentation improvements: sensitive terminology, diversity statement, clear messaging on what is eligible for enterprise support, OCI integration docs, export to OCI and incorrect UI doc referring to host-only networking when that place allows configuring NAT Networks
Property svn:eol-style set to `native` Property svn:keywords set to `Id Revision`
File size: 54.3 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
4	<!ENTITY % all.entities SYSTEM "all-entities.ent">
5	%all.entities;
6	]>
7	<chapter id="networkingdetails">
8
9	<title>Virtual Networking</title>
10
11	<para>
12	As mentioned in <xref linkend="settings-network" />, &product-name;
13	provides up to eight virtual PCI Ethernet cards for each virtual
14	machine. For each such card, you can individually select the
15	following:
16	</para>
17
18	<itemizedlist>
19
20	<listitem>
21	<para>
22	The hardware that will be virtualized.
23	</para>
24	</listitem>
25
26	<listitem>
27	<para>
28	The virtualization mode that the virtual card operates in, with
29	respect to your physical networking hardware on the host.
30	</para>
31	</listitem>
32
33	</itemizedlist>
34
35	<para>
36	Four of the network cards can be configured in the
37	<emphasis role="bold">Network</emphasis> section of the
38	<emphasis role="bold">Settings</emphasis> dialog in the graphical
39	user interface of &product-name;. You can configure all eight
40	network cards on the command line using <command>VBoxManage
41	modifyvm</command>. See <xref linkend="vboxmanage-modifyvm" />.
42	</para>
43
44	<para>
45	This chapter explains the various networking settings in more
46	detail.
47	</para>
48
49	<sect1 id="nichardware">
50
51	<title>Virtual Networking Hardware</title>
52
53	<para>
54	For each card, you can individually select what kind of
55	<emphasis>hardware</emphasis> will be presented to the virtual
56	machine. &product-name; can virtualize the following types of
57	networking hardware:
58	</para>
59
60	<itemizedlist>
61
62	<listitem>
63	<para>
64	AMD PCNet PCI II (Am79C970A)
65	</para>
66	</listitem>
67
68	<listitem>
69	<para>
70	AMD PCNet FAST III (Am79C973), the default setting
71	</para>
72	</listitem>
73
74	<listitem>
75	<para>
76	Intel PRO/1000 MT Desktop (82540EM)
77	</para>
78	</listitem>
79
80	<listitem>
81	<para>
82	Intel PRO/1000 T Server (82543GC)
83	</para>
84	</listitem>
85
86	<listitem>
87	<para>
88	Intel PRO/1000 MT Server (82545EM)
89	</para>
90	</listitem>
91
92	<listitem>
93	<para>
94	Paravirtualized network adapter (virtio-net)
95	</para>
96	</listitem>
97
98	</itemizedlist>
99
100	<para>
101	The PCNet FAST III is the default because it is supported by
102	nearly all operating systems, as well as by the GNU GRUB boot
103	manager. As an exception, the Intel PRO/1000 family adapters are
104	chosen for some guest operating system types that no longer ship
105	with drivers for the PCNet card, such as Windows Vista.
106	</para>
107
108	<para>
109	The Intel PRO/1000 MT Desktop type works with Windows Vista and
110	later versions. The T Server variant of the Intel PRO/1000 card is
111	recognized by Windows XP guests without additional driver
112	installation. The MT Server variant facilitates OVF imports from
113	other platforms.
114	</para>
115
116	<para>
117	The Paravirtualized network adapter (virtio-net) is special. If
118	you select this adapter, then &product-name; does
119	<emphasis>not</emphasis> virtualize common networking hardware
120	that is supported by common guest operating systems. Instead,
121	&product-name; expects a special software interface for
122	virtualized environments to be provided by the guest, thus
123	avoiding the complexity of emulating networking hardware and
124	improving network performance. &product-name; provides support for
125	the industry-standard <emphasis>virtio</emphasis> networking
126	drivers, which are part of the open source KVM project.
127	</para>
128
129	<para>
130	The virtio networking drivers are available for the following
131	guest operating systems:
132	</para>
133
134	<itemizedlist>
135
136	<listitem>
137	<para>
138	Linux kernels version 2.6.25 or later can be configured to
139	provide virtio support. Some distributions have also
140	back-ported virtio to older kernels.
141	</para>
142	</listitem>
143
144	<listitem>
145	<para>
146	For Windows 2000, XP, and Vista, virtio drivers can be
147	downloaded and installed from the KVM project web page:
148	</para>
149
150	<para>
151	<ulink
152	url="http://www.linux-kvm.org/page/WindowsGuestDrivers" />.
153	</para>
154	</listitem>
155
156	</itemizedlist>
157
158	<para>
159	&product-name; also has limited support for <emphasis>jumbo
160	frames</emphasis>. These are networking packets with more than
161	1500 bytes of data, provided that you use the Intel card
162	virtualization and bridged networking. Jumbo frames are not
163	supported with the AMD networking devices. In those cases, jumbo
164	packets will silently be dropped for both the transmit and the
165	receive direction. Guest operating systems trying to use this
166	feature will observe this as a packet loss, which may lead to
167	unexpected application behavior in the guest. This does not cause
168	problems with guest operating systems in their default
169	configuration, as jumbo frames need to be explicitly enabled.
170	</para>
171
172	</sect1>
173
174	<sect1 id="networkingmodes">
175
176	<title>Introduction to Networking Modes</title>
177
178	<para>
179	Each of the networking adapters can be separately configured to
180	operate in one of the following modes:
181	</para>
182
183	<itemizedlist>
184
185	<listitem>
186	<para>
187	<emphasis role="bold">Not attached.</emphasis> In this mode,
188	&product-name; reports to the guest that a network card is
189	present, but that there is no connection. This is as if no
190	Ethernet cable was plugged into the card. Using this mode, it
191	is possible to <emphasis>pull</emphasis> the virtual Ethernet
192	cable and disrupt the connection, which can be useful to
193	inform a guest operating system that no network connection is
194	available and enforce a reconfiguration.
195	</para>
196	</listitem>
197
198	<listitem>
199	<para>
200	<emphasis role="bold">Network Address Translation
201	(NAT)</emphasis>. If all you want is to browse the Web,
202	download files, and view email inside the guest, then this
203	default mode should be sufficient for you, and you can skip
204	the rest of this section. Please note that there are certain
205	limitations when using Windows file sharing. See
206	<xref linkend="nat-limitations" />.
207	</para>
208	</listitem>
209
210	<listitem>
211	<para>
212	<emphasis role="bold">NAT Network.</emphasis> A NAT network is
213	a type of internal network that allows outbound connections.
214	See <xref linkend="network_nat_service"/>.
215	</para>
216	</listitem>
217
218	<listitem>
219	<para>
220	<emphasis role="bold">Bridged networking.</emphasis> This is
221	for more advanced networking needs, such as network
222	simulations and running servers in a guest. When enabled,
223	&product-name; connects to one of your installed network cards
224	and exchanges network packets directly, circumventing your
225	host operating system's network stack.
226	</para>
227	</listitem>
228
229	<listitem>
230	<para>
231	<emphasis role="bold">Internal networking.</emphasis> This can
232	be used to create a different kind of software-based network
233	which is visible to selected virtual machines, but not to
234	applications running on the host or to the outside world.
235	</para>
236	</listitem>
237
238	<listitem>
239	<para>
240	<emphasis role="bold">Host-only networking.</emphasis> This
241	can be used to create a network containing the host and a set
242	of virtual machines, without the need for the host's physical
243	network interface. Instead, a virtual network interface,
244	similar to a loopback interface, is created on the host,
245	providing connectivity among virtual machines and the host.
246	</para>
247	</listitem>
248
249	<listitem>
250	<para>
251	<emphasis role="bold"> Generic networking.</emphasis> Rarely
252	used modes which share the same generic network interface, by
253	allowing the user to select a driver which can be included
254	with &product-name; or be distributed in an extension pack.
255	</para>
256
257	<para>
258	The following sub-modes are available:
259	</para>
260
261	<itemizedlist>
262
263	<listitem>
264	<para>
265	<emphasis role="bold">UDP Tunnel:</emphasis> Used to
266	interconnect virtual machines running on different hosts
267	directly, easily, and transparently, over an existing
268	network infrastructure.
269	</para>
270	</listitem>
271
272	<listitem>
273	<para>
274	<emphasis role="bold">VDE (Virtual Distributed Ethernet)
275	networking:</emphasis> Used to connect to a Virtual
276	Distributed Ethernet switch on a Linux or a FreeBSD host.
277	At the moment this option requires compilation of
278	&product-name; from sources, as the Oracle packages do not
279	include it.
280	</para>
281	</listitem>
282
283	</itemizedlist>
284	</listitem>
285
286	</itemizedlist>
287
288	<para>
289	The following table provides an overview of the most important
290	networking modes.
291	</para>
292
293	<table id="table-networking-modes" tabstyle="oracle-all">
294	<title>Overview of Networking Modes</title>
295	<tgroup cols="6">
296	<colspec align="left" />
297	<colspec align="center" />
298	<colspec align="center" />
299	<colspec align="center" />
300	<colspec align="center" />
301	<colspec align="center" />
302	<thead valign="middle">
303	<row>
304	<entry><emphasis role="bold">Mode</emphasis></entry>
305	<entry><para>
306	<emphasis role="bold">VM→Host</emphasis>
307	</para></entry>
308	<entry><para>
309	<emphasis role="bold">VM←Host</emphasis>
310	</para></entry>
311	<entry><para>
312	<emphasis role="bold">VM1↔VM2</emphasis>
313	</para></entry>
314	<entry><para>
315	<emphasis role="bold">VM→Net/LAN</emphasis>
316	</para></entry>
317	<entry><para>
318	<emphasis role="bold">VM←Net/LAN</emphasis>
319	</para></entry>
320	</row>
321	</thead>
322	<tbody valign="middle">
323	<row>
324	<entry><para>
325	Host-only
326	</para></entry>
327	<entry><para>
328	<emphasis role="bold">+</emphasis>
329	</para></entry>
330	<entry><para>
331	<emphasis role="bold">+</emphasis>
332	</para></entry>
333	<entry align="center"><para>
334	<emphasis role="bold">+</emphasis>
335	</para></entry>
336	<entry><para>
337	–
338	</para></entry>
339	<entry><para>
340	–
341	</para></entry>
342	</row>
343	<row>
344	<entry><para>
345	Internal
346	</para></entry>
347	<entry><para>
348	–
349	</para></entry>
350	<entry><para>
351	–
352	</para></entry>
353	<entry><para>
354	<emphasis role="bold">+</emphasis>
355	</para></entry>
356	<entry><para>
357	–
358	</para></entry>
359	<entry><para>
360	–
361	</para></entry>
362	</row>
363	<row>
364	<entry><para>
365	Bridged
366	</para></entry>
367	<entry><para>
368	<emphasis role="bold">+</emphasis>
369	</para></entry>
370	<entry><para>
371	<emphasis role="bold">+</emphasis>
372	</para></entry>
373	<entry><para>
374	<emphasis role="bold">+</emphasis>
375	</para></entry>
376	<entry><para>
377	<emphasis role="bold">+</emphasis>
378	</para></entry>
379	<entry><para>
380	<emphasis role="bold">+</emphasis>
381	</para></entry>
382	</row>
383	<row>
384	<entry><para>
385	NAT
386	</para></entry>
387	<entry><para>
388	<emphasis role="bold">+</emphasis>
389	</para></entry>
390	<entry><para>
391	<link linkend="natforward">Port forward</link>
392	</para></entry>
393	<entry><para>
394	–
395	</para></entry>
396	<entry><para>
397	<emphasis role="bold">+</emphasis>
398	</para></entry>
399	<entry><para>
400	<link linkend="natforward">Port forward</link>
401	</para></entry>
402	</row>
403	<row>
404	<entry><para>
405	NATservice
406	</para></entry>
407	<entry><para>
408	<emphasis role="bold">+</emphasis>
409	</para></entry>
410	<entry><para>
411	<link linkend="network_nat_service">Port forward</link>
412	</para></entry>
413	<entry><para>
414	<emphasis role="bold">+</emphasis>
415	</para></entry>
416	<entry><para>
417	<emphasis role="bold">+</emphasis>
418	</para></entry>
419	<entry><para>
420	<link linkend="network_nat_service">Port forward</link>
421	</para></entry>
422	</row>
423	</tbody>
424	</tgroup>
425	</table>
426
427	<para>
428	The following sections describe the available network modes in
429	more detail.
430	</para>
431
432	</sect1>
433
434	<sect1 id="network_nat">
435
436	<title>Network Address Translation (NAT)</title>
437
438	<para>
439	Network Address Translation (NAT) is the simplest way of accessing
440	an external network from a virtual machine. Usually, it does not
441	require any configuration on the host network and guest system.
442	For this reason, it is the default networking mode in
443	&product-name;.
444	</para>
445
446	<para>
447	A virtual machine with NAT enabled acts much like a real computer
448	that connects to the Internet through a router. The router, in
449	this case, is the &product-name; networking engine, which maps
450	traffic from and to the virtual machine transparently. In
451	&product-name; this router is placed between each virtual machine
452	and the host. This separation maximizes security since by default
453	virtual machines cannot talk to each other.
454	</para>
455
456	<para>
457	The disadvantage of NAT mode is that, much like a private network
458	behind a router, the virtual machine is invisible and unreachable
459	from the outside internet. You cannot run a server this way unless
460	you set up port forwarding. See <xref linkend="natforward"/>.
461	</para>
462
463	<para>
464	The network frames sent out by the guest operating system are
465	received by &product-name;'s NAT engine, which extracts the TCP/IP
466	data and resends it using the host operating system. To an
467	application on the host, or to another computer on the same
468	network as the host, it looks like the data was sent by the
469	&product-name; application on the host, using an IP address
470	belonging to the host. &product-name; listens for replies to the
471	packages sent, and repacks and resends them to the guest machine
472	on its private network.
473	</para>
474
475	<note>
476	<para>
477	Even though the NAT engine separates the VM from the host, the
478	VM has access to the host's loopback interface and the network
479	services running on it. The host's loopback interface is
480	accessible as IP address 10.0.2.2. This access to the host's
481	loopback interface can be extremely useful in some cases, for
482	example when running a web application under development in the
483	VM and the database server on the loopback interface on the
484	host.
485	</para>
486	</note>
487
488	<para>
489	The virtual machine receives its network address and configuration
490	on the private network from a DHCP server integrated into
491	&product-name;. The IP address thus assigned to the virtual
492	machine is usually on a completely different network than the
493	host. As more than one card of a virtual machine can be set up to
494	use NAT, the first card is connected to the private network
495	10.0.2.0, the second card to the network 10.0.3.0 and so on. If
496	you need to change the guest-assigned IP range, see
497	<xref linkend="changenat" />.
498	</para>
499
500	<sect2 id="natforward">
501
502	<title>Configuring Port Forwarding with NAT</title>
503
504	<para>
505	As the virtual machine is connected to a private network
506	internal to &product-name; and invisible to the host, network
507	services on the guest are not accessible to the host machine or
508	to other computers on the same network. However, like a physical
509	router, &product-name; can make selected services available to
510	the world outside the guest through <emphasis>port
511	forwarding</emphasis>. This means that &product-name; listens to
512	certain ports on the host and resends all packets which arrive
513	there to the guest, on the same or a different port.
514	</para>
515
516	<para>
517	To an application on the host or other physical or virtual
518	machines on the network, it looks as though the service being
519	proxied is actually running on the host. This also means that
520	you cannot run the same service on the same ports on the host.
521	However, you still gain the advantages of running the service in
522	a virtual machine. For example, services on the host machine or
523	on other virtual machines cannot be compromised or crashed by a
524	vulnerability or a bug in the service, and the service can run
525	in a different operating system than the host system.
526	</para>
527
528	<para>
529	To configure port forwarding you can use the graphical
530	<emphasis role="bold">Port Forwarding</emphasis> editor which
531	can be found in the <emphasis role="bold">Network
532	Settings</emphasis> dialog for network adaptors configured to
533	use NAT. Here, you can map host ports to guest ports to allow
534	network traffic to be routed to a specific port in the guest.
535	</para>
536
537	<para>
538	Alternatively, the command line tool
539	<command>VBoxManage</command> can be used. See
540	<xref linkend="vboxmanage-modifyvm" />.
541	</para>
542
543	<para>
544	You will need to know which ports on the guest the service uses
545	and to decide which ports to use on the host. You may want to
546	use the same ports on the guest and on the host. You can use any
547	ports on the host which are not already in use by a service. For
548	example, to set up incoming NAT connections to an
549	<command>ssh</command> server in the guest, use the following
550	command:
551	</para>
552
553	<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen>
554
555	<para>
556	In the above example, all TCP traffic arriving on port 2222 on
557	any host interface will be forwarded to port 22 in the guest.
558	The protocol name <literal>tcp</literal> is a mandatory
559	attribute defining which protocol should be used for forwarding,
560	<literal>udp</literal> could also be used. The name
561	<literal>guestssh</literal> is purely descriptive and will be
562	auto-generated if omitted. The number after
563	<option>--natpf</option> denotes the network card, as with other
564	<command>VBoxManage</command> commands.
565	</para>
566
567	<para>
568	To remove this forwarding rule, use the following command:
569	</para>
570
571	<screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen>
572
573	<para>
574	If for some reason the guest uses a static assigned IP address
575	not leased from the built-in DHCP server, it is required to
576	specify the guest IP when registering the forwarding rule, as
577	follows:
578	</para>
579
580	<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen>
581
582	<para>
583	This example is identical to the previous one, except that the
584	NAT engine is being told that the guest can be found at the
585	10.0.2.19 address.
586	</para>
587
588	<para>
589	To forward <emphasis>all</emphasis> incoming traffic from a
590	specific host interface to the guest, specify the IP of that
591	host interface as follows:
592	</para>
593
594	<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen>
595
596	<para>
597	This example forwards all TCP traffic arriving on the localhost
598	interface at 127.0.0.1 through port 2222 to port 22 in the
599	guest.
600	</para>
601
602	<para>
603	It is possible to configure incoming NAT connections while the
604	VM is running, see <xref linkend="vboxmanage-controlvm"/>.
605	</para>
606
607	</sect2>
608
609	<sect2 id="nat-tftp">
610
611	<title>PXE Booting with NAT</title>
612
613	<para>
614	PXE booting is now supported in NAT mode. The NAT DHCP server
615	provides a boot file name of the form
616	<filename><replaceable>vmname</replaceable>.pxe</filename> if
617	the directory <literal>TFTP</literal> exists in the directory
618	where the user's <filename>VirtualBox.xml</filename> file is
619	kept. It is the responsibility of the user to provide
620	<filename><replaceable>vmname</replaceable>.pxe</filename>.
621	</para>
622
623	</sect2>
624
625	<sect2 id="nat-limitations">
626
627	<title>NAT Limitations</title>
628
629	<para>
630	There are some limitations of NAT mode which users should be
631	aware of, as follows:
632	</para>
633
634	<itemizedlist>
635
636	<listitem>
637	<para>
638	<emphasis role="bold">ICMP protocol limitations.</emphasis>
639	Some frequently used network debugging tools, such as
640	<command>ping</command> or <command>traceroute</command>,
641	rely on the ICMP protocol for sending and receiving
642	messages. &product-name; ICMP support has some limitations,
643	meaning <command>ping</command> should work but some other
644	tools may not work reliably.
645	</para>
646	</listitem>
647
648	<listitem>
649	<para>
650	<emphasis role="bold">Receiving of UDP
651	broadcasts.</emphasis> The guest does not reliably receive
652	UDP broadcasts. In order to save resources, it only listens
653	for a certain amount of time after the guest has sent UDP
654	data on a particular port. As a consequence, NetBios name
655	resolution based on broadcasts does not always work, but
656	WINS always works. As a workaround, you can use the numeric
657	IP of the desired server in the
658	<filename>\\<replaceable>server</replaceable>\<replaceable>share</replaceable></filename>
659	notation.
660	</para>
661	</listitem>
662
663	<listitem>
664	<para>
665	<emphasis role="bold">Some protocols are not
666	supported.</emphasis> Protocols other than TCP and UDP are
667	not supported. GRE is not supported. This means some VPN
668	products, such as PPTP from Microsoft, cannot be used. There
669	are other VPN products which use only TCP and UDP.
670	</para>
671	</listitem>
672
673	<listitem>
674	<para>
675	<emphasis role="bold">Forwarding host ports below
676	1024.</emphasis> On UNIX-based hosts, such as Linux, Oracle
677	Solaris, and Mac OS X, it is not possible to bind to ports
678	below 1024 from applications that are not run by
679	<literal>root</literal>. As a result, if you try to
680	configure such a port forwarding, the VM will refuse to
681	start.
682	</para>
683	</listitem>
684
685	</itemizedlist>
686
687	<para>
688	These limitations normally do not affect standard network use.
689	But the presence of NAT has also subtle effects that may
690	interfere with protocols that are normally working. One example
691	is NFS, where the server is often configured to refuse
692	connections from non-privileged ports, which are those ports not
693	below 1024.
694	</para>
695
696	</sect2>
697
698	</sect1>
699
700	<sect1 id="network_nat_service">
701
702	<title>Network Address Translation Service</title>
703
704	<para>
705	The Network Address Translation (NAT) service works in a similar
706	way to a home router, grouping the systems using it into a network
707	and preventing systems outside of this network from directly
708	accessing systems inside it, but letting systems inside
709	communicate with each other and with systems outside using TCP and
710	UDP over IPv4 and IPv6.
711	</para>
712
713	<para>
714	A NAT service is attached to an internal network. Virtual machines
715	which are to make use of it should be attached to that internal
716	network. The name of internal network is chosen when the NAT
717	service is created and the internal network will be created if it
718	does not already exist. The following is an example command to
719	create a NAT network:
720	</para>
721
722	<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable</screen>
723
724	<para>
725	Here, natnet1 is the name of the internal network to be used and
726	192.168.15.0/24 is the network address and mask of the NAT service
727	interface. By default in this static configuration the gateway
728	will be assigned the address 192.168.15.1, the address following
729	the interface address, though this is subject to change. To attach
730	a DHCP server to the internal network, modify the example command
731	as follows:
732	</para>
733
734	<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on</screen>
735
736	<para>
737	To add a DHCP server to an existing network, use the following
738	command:
739	</para>
740
741	<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp on</screen>
742
743	<para>
744	To disable the DHCP server, use the following command:
745	</para>
746
747	<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp off</screen>
748
749	<para>
750	A DHCP server provides a list of registered nameservers, but does
751	not map servers from the 127/8 network.
752	</para>
753
754	<para>
755	To start the NAT service, use the following command:
756	</para>
757
758	<screen>VBoxManage natnetwork start --netname natnet1</screen>
759
760	<para>
761	If the network has a DHCP server attached then it will start
762	together with the NAT network service.
763	</para>
764
765	<para>
766	To stop the NAT network service, together with any DHCP server:
767	</para>
768
769	<screen>VBoxManage natnetwork stop --netname natnet1</screen>
770
771	<para>
772	To delete the NAT network service:
773	</para>
774
775	<screen>VBoxManage natnetwork remove --netname natnet1</screen>
776
777	<para>
778	This command does not remove the DHCP server if one is enabled on
779	the internal network.
780	</para>
781
782	<para>
783	Port-forwarding is supported, using the
784	<option>--port-forward-4</option> switch for IPv4 and
785	<option>--port-forward-6</option> for IPv6. For example:
786	</para>
787
788	<screen>VBoxManage natnetwork modify \
789	--netname natnet1 --port-forward-4 "ssh:tcp:[]:1022:[192.168.15.5]:22"</screen>
790
791	<para>
792	This adds a port-forwarding rule from the host's TCP 1022 port to
793	the port 22 on the guest with IP address 192.168.15.5. Host port,
794	guest port and guest IP are mandatory. To delete the rule, use the
795	following command:
796	</para>
797
798	<screen>VBoxManage natnetwork modify --netname natnet1 --port-forward-4 delete ssh</screen>
799
800	<para>
801	It is possible to bind a NAT service to specified interface. For
802	example:
803	</para>
804
805	<screen>VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185</screen>
806
807	<para>
808	To see the list of registered NAT networks, use the following
809	command:
810	</para>
811
812	<screen>VBoxManage list natnetworks</screen>
813
814	<para>
815	NAT networks can also be created, deleted, and configured using
816	the VirtualBox Manager. Click
817	<emphasis role="bold">File</emphasis>,<emphasis role="bold">
818	Preferences</emphasis> and select the
819	<emphasis role="bold">Network</emphasis> page.
820	</para>
821
822	<note>
823	<para>
824	Even though the NAT service separates the VM from the host, the
825	VM has access to the host's loopback interface and the network
826	services running on it. The host's loopback interface is
827	accessible as IP address 10.0.2.2 (assuming the default
828	configuration, in other configurations it's the respective
829	address in the configured IPv4 or IPv6 network range). This
830	access to the host's loopback interface can be extremely useful
831	in some cases, for example when running a web application under
832	development in the VM and the database server on the loopback
833	interface on the host.
834	</para>
835	</note>
836
837	</sect1>
838
839	<sect1 id="network_bridged">
840
841	<title>Bridged Networking</title>
842
843	<para>
844	With bridged networking, &product-name; uses a device driver on
845	your <emphasis>host</emphasis> system that filters data from your
846	physical network adapter. This driver is therefore called a
847	<emphasis>net filter</emphasis> driver. This enables
848	&product-name; to intercept data from the physical network and
849	inject data into it, effectively creating a new network interface
850	in software. When a guest is using such a new software interface,
851	it looks to the host system as though the guest were physically
852	connected to the interface using a network cable. The host can
853	send data to the guest through that interface and receive data
854	from it. This means that you can set up routing or bridging
855	between the guest and the rest of your network.
856	</para>
857
858	<note>
859	<para>
860	Even though TAP interfaces are no longer necessary on Linux for
861	bridged networking, you <emphasis>can</emphasis> still use TAP
862	interfaces for certain advanced setups, since you can connect a
863	VM to any host interface.
864	</para>
865	</note>
866
867	<para>
868	To enable bridged networking, open the
869	<emphasis role="bold">Settings</emphasis> dialog of a virtual
870	machine, go to the <emphasis role="bold">Network</emphasis> page
871	and select <emphasis role="bold">Bridged Network</emphasis> in the
872	drop-down list for the <emphasis role="bold">Attached
873	To</emphasis> field. Select a host interface from the list at the
874	bottom of the page, which contains the physical network interfaces
875	of your systems. On a typical MacBook, for example, this will
876	allow you to select between en1: AirPort, which is the wireless
877	interface, and en0: Ethernet, which represents the interface with
878	a network cable.
879	</para>
880
881	<note>
882	<para>
883	Bridging to a wireless interface is done differently from
884	bridging to a wired interface, because most wireless adapters do
885	not support promiscuous mode. All traffic has to use the MAC
886	address of the host's wireless adapter, and therefore
887	&product-name; needs to replace the source MAC address in the
888	Ethernet header of an outgoing packet to make sure the reply
889	will be sent to the host interface. When &product-name; sees an
890	incoming packet with a destination IP address that belongs to
891	one of the virtual machine adapters it replaces the destination
892	MAC address in the Ethernet header with the VM adapter's MAC
893	address and passes it on. &product-name; examines ARP and DHCP
894	packets in order to learn the IP addresses of virtual machines.
895	</para>
896	</note>
897
898	<para>
899	Depending on your host operating system, the following limitations
900	apply:
901	</para>
902
903	<itemizedlist>
904
905	<listitem>
906	<para>
907	<emphasis role="bold">Mac OS X hosts.</emphasis> Functionality
908	is limited when using AirPort, the Mac's wireless networking
909	system, for bridged networking. Currently, &product-name;
910	supports only IPv4 and IPv6 over AirPort. For other protocols,
911	such as IPX, you must choose a wired interface.
912	</para>
913	</listitem>
914
915	<listitem>
916	<para>
917	<emphasis role="bold">Linux hosts.</emphasis> Functionality is
918	limited when using wireless interfaces for bridged networking.
919	Currently, &product-name; supports only IPv4 and IPv6 over
920	wireless. For other protocols, such as IPX, you must choose a
921	wired interface.
922	</para>
923
924	<para>
925	Also, setting the MTU to less than 1500 bytes on wired
926	interfaces provided by the sky2 driver on the Marvell Yukon II
927	EC Ultra Ethernet NIC is known to cause packet losses under
928	certain conditions.
929	</para>
930
931	<para>
932	Some adapters strip VLAN tags in hardware. This does not allow
933	you to use VLAN trunking between VM and the external network
934	with pre-2.6.27 Linux kernels, or with host operating systems
935	other than Linux.
936	</para>
937	</listitem>
938
939	<listitem>
940	<para>
941	<emphasis role="bold">Oracle Solaris hosts.</emphasis> There
942	is no support for using wireless interfaces. Filtering guest
943	traffic using IPFilter is also not completely supported due to
944	technical restrictions of the Oracle Solaris networking
945	subsystem. These issues may be addressed in later releases of
946	Oracle Solaris 11.
947	</para>
948
949	<para>
950	On Oracle Solaris 11 hosts build 159 and above, it is possible
951	to use Oracle Solaris Crossbow Virtual Network Interfaces
952	(VNICs) directly with &product-name; without any additional
953	configuration other than each VNIC must be exclusive for every
954	guest network interface.
955	</para>
956
957	<para>
958	When using VLAN interfaces with &product-name;, they must be
959	named according to the PPA-hack naming scheme, such as
960	e1000g513001. Otherwise, the guest may receive packets in an
961	unexpected format.
962	</para>
963	</listitem>
964
965	</itemizedlist>
966
967	</sect1>
968
969	<sect1 id="network_internal">
970
971	<title>Internal Networking</title>
972
973	<para>
974	Internal Networking is similar to bridged networking in that the
975	VM can directly communicate with the outside world. However, the
976	outside world is limited to other VMs on the same host which
977	connect to the same internal network.
978	</para>
979
980	<para>
981	Even though technically, everything that can be done using
982	internal networking can also be done using bridged networking,
983	there are security advantages with internal networking. In bridged
984	networking mode, all traffic goes through a physical interface of
985	the host system. It is therefore possible to attach a packet
986	sniffer such as Wireshark to the host interface and log all
987	traffic that goes over it. If, for any reason, you prefer two or
988	more VMs on the same machine to communicate privately, hiding
989	their data from both the host system and the user, bridged
990	networking therefore is not an option.
991	</para>
992
993	<para>
994	Internal networks are created automatically as needed. There is no
995	central configuration. Every internal network is identified simply
996	by its name. Once there is more than one active virtual network
997	card with the same internal network ID, the &product-name; support
998	driver will automatically <emphasis>wire</emphasis> the cards and
999	act as a network switch. The &product-name; support driver
1000	implements a complete Ethernet switch and supports both
1001	broadcast/multicast frames and promiscuous mode.
1002	</para>
1003
1004	<para>
1005	In order to attach a VM's network card to an internal network, set
1006	its networking mode to Internal Networking. There are two ways to
1007	accomplish this:
1008	</para>
1009
1010	<itemizedlist>
1011
1012	<listitem>
1013	<para>
1014	Use the VM's <emphasis role="bold">Settings</emphasis> dialog
1015	in the VirtualBox Manager. In the
1016	<emphasis role="bold">Network</emphasis> category of the
1017	settings dialog, select <emphasis role="bold">Internal
1018	Network</emphasis> from the drop-down list of networking
1019	modes. Select the name of an existing internal network from
1020	the drop-down list below, or enter a new name into the
1021	<emphasis role="bold">Name</emphasis> field.
1022	</para>
1023	</listitem>
1024
1025	<listitem>
1026	<para>
1027	Use the command line, for example:
1028	</para>
1029
1030	<screen>VBoxManage modifyvm "VM name" --nic<x> intnet</screen>
1031
1032	<para>
1033	Optionally, you can specify a network name with the command:
1034	</para>
1035
1036	<screen>VBoxManage modifyvm "VM name" --intnet<x> "network name"</screen>
1037
1038	<para>
1039	If you do not specify a network name, the network card will be
1040	attached to the network <literal>intnet</literal> by default.
1041	</para>
1042	</listitem>
1043
1044	</itemizedlist>
1045
1046	<para>
1047	Unless you configure the virtual network cards in the guest
1048	operating systems that are participating in the internal network
1049	to use static IP addresses, you may want to use the DHCP server
1050	that is built into &product-name; to manage IP addresses for the
1051	internal network. See <xref linkend="vboxmanage-dhcpserver" />.
1052	</para>
1053
1054	<para>
1055	As a security measure, by default, the Linux implementation of
1056	internal networking only allows VMs running under the same user ID
1057	to establish an internal network. However, it is possible to
1058	create a shared internal networking interface, accessible by users
1059	with different user IDs.
1060	</para>
1061
1062	</sect1>
1063
1064	<sect1 id="network_hostonly">
1065
1066	<title>Host-Only Networking</title>
1067
1068	<para>
1069	Host-only networking can be thought of as a hybrid between the
1070	bridged and internal networking modes. As with bridged networking,
1071	the virtual machines can talk to each other and the host as if
1072	they were connected through a physical Ethernet switch. As with
1073	internal networking, a physical networking interface need not be
1074	present, and the virtual machines cannot talk to the world outside
1075	the host since they are not connected to a physical networking
1076	interface.
1077	</para>
1078
1079	<para>
1080	When host-only networking is used, &product-name; creates a new
1081	software interface on the host which then appears next to your
1082	existing network interfaces. In other words, whereas with bridged
1083	networking an existing physical interface is used to attach
1084	virtual machines to, with host-only networking a new
1085	<emphasis>loopback</emphasis> interface is created on the host.
1086	And whereas with internal networking, the traffic between the
1087	virtual machines cannot be seen, the traffic on the loopback
1088	interface on the host can be intercepted.
1089	</para>
1090
1091	<para>
1092	Host-only networking is particularly useful for preconfigured
1093	virtual appliances, where multiple virtual machines are shipped
1094	together and designed to cooperate. For example, one virtual
1095	machine may contain a web server and a second one a database, and
1096	since they are intended to talk to each other, the appliance can
1097	instruct &product-name; to set up a host-only network for the two.
1098	A second, bridged, network would then connect the web server to
1099	the outside world to serve data to, but the outside world cannot
1100	connect to the database.
1101	</para>
1102
1103	<para>
1104	To enable a host-only network interface for a virtual machine, do
1105	either of the following:
1106	</para>
1107
1108	<itemizedlist>
1109
1110	<listitem>
1111	<para>
1112	Go to the <emphasis role="bold">Network</emphasis> page in the
1113	virtual machine's <emphasis role="bold">Settings</emphasis>
1114	dialog and select an <emphasis role="bold">Adapter</emphasis>
1115	tab. Ensure that the <emphasis role="bold">Enable Network
1116	Adapter</emphasis> check box is selected and choose
1117	<emphasis role="bold">Host-Only Adapter</emphasis> for the
1118	<emphasis role="bold">Attached To</emphasis> field.
1119	</para>
1120	</listitem>
1121
1122	<listitem>
1123	<para>
1124	On the command line, use <command>VBoxManage modifyvm
1125	<replaceable>"vmname</replaceable>
1126	--nic<replaceable>x</replaceable> hostonly</command>. See
1127	<xref linkend="vboxmanage-modifyvm" />.
1128	</para>
1129	</listitem>
1130
1131	</itemizedlist>
1132
1133	<para>
1134	For host-only networking, as with internal networking, you may
1135	find the DHCP server useful that is built into &product-name;.
1136	This is enabled by default and manages the IP addresses in the
1137	host-only network. Without the DHCP server you would need to
1138	configure all IP addresses statically.
1139	</para>
1140
1141	<itemizedlist>
1142
1143	<listitem>
1144	<para>
1145	In the VirtualBox Manager you can configure the DHCP server by
1146	choosing <emphasis role="bold">File</emphasis>,
1147	<emphasis role="bold">Host Network Manager</emphasis>. The
1148	Host Network Manager lists all host-only networks which are
1149	presently in use. Select the network name and then use the
1150	<emphasis role="bold">DHCP Server</emphasis> tab to configure
1151	DHCP server settings.
1152	</para>
1153	</listitem>
1154
1155	<listitem>
1156	<para>
1157	Alternatively, you can use the <command>VBoxManage
1158	dhcpserver</command> command. See
1159	<xref linkend="vboxmanage-dhcpserver" />.
1160	</para>
1161	</listitem>
1162
1163	</itemizedlist>
1164
1165	<note>
1166	<para>
1167	On Linux and Mac OS X hosts the number of host-only interfaces
1168	is limited to 128. There is no such limit for Oracle Solaris and
1169	Windows hosts.
1170	</para>
1171	</note>
1172
1173	</sect1>
1174
1175	<sect1 id="network_udp_tunnel">
1176
1177	<title>UDP Tunnel Networking</title>
1178
1179	<para>
1180	This networking mode enables you to interconnect virtual machines
1181	running on different hosts.
1182	</para>
1183
1184	<para>
1185	Technically this is done by encapsulating Ethernet frames sent or
1186	received by the guest network card into UDP/IP datagrams, and
1187	sending them over any network available to the host.
1188	</para>
1189
1190	<para>
1191	UDP Tunnel mode has the following parameters:
1192	</para>
1193
1194	<itemizedlist>
1195
1196	<listitem>
1197	<para>
1198	<emphasis role="bold">Source UDP port:</emphasis> The port on
1199	which the host listens. Datagrams arriving on this port from
1200	any source address will be forwarded to the receiving part of
1201	the guest network card.
1202	</para>
1203	</listitem>
1204
1205	<listitem>
1206	<para>
1207	<emphasis role="bold">Destination address:</emphasis> IP
1208	address of the target host of the transmitted data.
1209	</para>
1210	</listitem>
1211
1212	<listitem>
1213	<para>
1214	<emphasis role="bold">Destination UDP port:</emphasis> Port
1215	number to which the transmitted data is sent.
1216	</para>
1217	</listitem>
1218
1219	</itemizedlist>
1220
1221	<para>
1222	When interconnecting two virtual machines on two different hosts,
1223	their IP addresses must be swapped. On a single host, source and
1224	destination UDP ports must be swapped.
1225	</para>
1226
1227	<para>
1228	In the following example, host 1 uses the IP address 10.0.0.1 and
1229	host 2 uses IP address 10.0.0.2. To configure using the
1230	command-line:
1231	</para>
1232
1233	<screen> VBoxManage modifyvm "VM 01 on host 1" --nic<x> generic
1234	VBoxManage modifyvm "VM 01 on host 1" --nicgenericdrv<x> UDPTunnel
1235	VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dest=10.0.0.2
1236	VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> sport=10001
1237	VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dport=10002</screen>
1238
1239	<screen> VBoxManage modifyvm "VM 02 on host 2" --nic<y> generic
1240	VBoxManage modifyvm "VM 02 on host 2" --nicgenericdrv<y> UDPTunnel
1241	VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dest=10.0.0.1
1242	VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> sport=10002
1243	VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dport=10001</screen>
1244
1245	<para>
1246	Of course, you can always interconnect two virtual machines on the
1247	same host, by setting the destination address parameter to
1248	127.0.0.1 on both. It will act similarly to an internal network in
1249	this case. However, the host can see the network traffic which it
1250	could not in the normal internal network case.
1251	</para>
1252
1253	<note>
1254	<para>
1255	On UNIX-based hosts, such as Linux, Oracle Solaris, and Mac OS
1256	X, it is not possible to bind to ports below 1024 from
1257	applications that are not run by <literal>root</literal>. As a
1258	result, if you try to configure such a source UDP port, the VM
1259	will refuse to start.
1260	</para>
1261	</note>
1262
1263	</sect1>
1264
1265	<sect1 id="network_vde">
1266
1267	<title>VDE Networking</title>
1268
1269	<para>
1270	Virtual Distributed Ethernet (VDE) is a flexible, virtual network
1271	infrastructure system, spanning across multiple hosts in a secure
1272	way. It enables L2/L3 switching, including spanning-tree protocol,
1273	VLANs, and WAN emulation. It is an optional part of &product-name;
1274	which is only included in the source code.
1275	</para>
1276
1277	<para>
1278	VDE is a project developed by Renzo Davoli, Associate Professor at
1279	the University of Bologna, Italy.
1280	</para>
1281
1282	<para>
1283	The basic building blocks of the infrastructure are VDE switches,
1284	VDE plugs, and VDE wires which interconnect the switches.
1285	</para>
1286
1287	<para>
1288	The &product-name; VDE driver has a single parameter: VDE network.
1289	This is the name of the VDE network switch socket to which the VM
1290	will be connected.
1291	</para>
1292
1293	<para>
1294	The following basic example shows how to connect a virtual machine
1295	to a VDE switch.
1296	</para>
1297
1298	<orderedlist>
1299
1300	<listitem>
1301	<para>
1302	Create a VDE switch:
1303	</para>
1304
1305	<screen>vde_switch -s /tmp/switch1</screen>
1306	</listitem>
1307
1308	<listitem>
1309	<para>
1310	Configure VMs using the command-line:
1311	</para>
1312
1313	<screen>VBoxManage modifyvm "VM name" --nic<x> generic</screen>
1314
1315	<screen>VBoxManage modifyvm "VM name" --nicgenericdrv<x> VDE</screen>
1316
1317	<para>
1318	To connect to an automatically allocated switch port:
1319	</para>
1320
1321	<screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1</screen>
1322
1323	<para>
1324	To connect to a specific switch port
1325	<replaceable>n</replaceable>:
1326	</para>
1327
1328	<screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1[<n>]</screen>
1329
1330	<para>
1331	This command can be useful for VLANs.
1332	</para>
1333	</listitem>
1334
1335	<listitem>
1336	<para>
1337	(Optional) Map between a VDE switch port and a VLAN.
1338	</para>
1339
1340	<para>
1341	Using the switch command line:
1342	</para>
1343
1344	<screen>vde$ vlan/create <VLAN></screen>
1345
1346	<screen>vde$ port/setvlan <port> <VLAN></screen>
1347	</listitem>
1348
1349	</orderedlist>
1350
1351	<para>
1352	VDE is available on Linux and FreeBSD hosts only. It is only
1353	available if the VDE software and the VDE plugin library from the
1354	VirtualSquare project are installed on the host system.
1355	</para>
1356
1357	<note>
1358	<para>
1359	For Linux hosts, the shared library libvdeplug.so must be
1360	available in the search path for shared libraries.
1361	</para>
1362	</note>
1363
1364	<para>
1365	For more information on setting up VDE networks, please see the
1366	documentation accompanying the software. See also
1367	<ulink url="http://wiki.virtualsquare.org" />.
1368	</para>
1369
1370	</sect1>
1371
1372	<sect1 id="network_bandwidth_limit">
1373
1374	<title>Limiting Bandwidth for Network Input/Output</title>
1375
1376	<para>
1377	&product-name; supports limiting of the maximum bandwidth used for
1378	network transmission. Several network adapters of one VM may share
1379	limits through bandwidth groups. It is possible to have more than
1380	one such limit.
1381	</para>
1382
1383	<note>
1384	<para>
1385	&product-name; shapes VM traffic only in the transmit direction,
1386	delaying the packets being sent by virtual machines. It does not
1387	limit the traffic being received by virtual machines.
1388	</para>
1389	</note>
1390
1391	<para>
1392	Limits are configured through <command>VBoxManage</command>. The
1393	following example creates a bandwidth group named Limit, sets the
1394	limit to 20 Mbps and assigns the group to the first and second
1395	adapters of the VM:
1396	</para>
1397
1398	<screen>VBoxManage bandwidthctl "VM name" add Limit --type network --limit 20m
1399	VBoxManage modifyvm "VM name" --nicbandwidthgroup1 Limit
1400	VBoxManage modifyvm "VM name" --nicbandwidthgroup2 Limit</screen>
1401
1402	<para>
1403	All adapters in a group share the bandwidth limit, meaning that in
1404	the example above the bandwidth of both adapters combined can
1405	never exceed 20 Mbps. However, if one adapter does not require
1406	bandwidth the other can use the remaining bandwidth of its group.
1407	</para>
1408
1409	<para>
1410	The limits for each group can be changed while the VM is running,
1411	with changes being picked up immediately. The following example
1412	changes the limit for the group created in the previous example to
1413	100 Kbps:
1414	</para>
1415
1416	<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 100k</screen>
1417
1418	<para>
1419	To completely disable shaping for the first adapter of VM use the
1420	following command:
1421	</para>
1422
1423	<screen>VBoxManage modifyvm "VM name" --nicbandwidthgroup1 none</screen>
1424
1425	<para>
1426	It is also possible to disable shaping for all adapters assigned
1427	to a bandwidth group while VM is running, by specifying the zero
1428	limit for the group. For example, for the bandwidth group named
1429	Limit:
1430	</para>
1431
1432	<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 0</screen>
1433
1434	</sect1>
1435
1436	<sect1 id="network_performance">
1437
1438	<title>Improving Network Performance</title>
1439
1440	<para>
1441	&product-name; provides a variety of virtual network adapters that
1442	can be attached to the host's network in a number of ways.
1443	Depending on which types of adapters and attachments are used the
1444	network performance will be different. Performance-wise the virtio
1445	network adapter is preferable over Intel PRO/1000 emulated
1446	adapters, which are preferred over the PCNet family of adapters.
1447	Both virtio and Intel PRO/1000 adapters enjoy the benefit of
1448	segmentation and checksum offloading. Segmentation offloading is
1449	essential for high performance as it allows for less context
1450	switches, dramatically increasing the sizes of packets that cross
1451	the VM/host boundary.
1452	</para>
1453
1454	<note>
1455	<para>
1456	Neither virtio nor Intel PRO/1000 drivers for Windows XP support
1457	segmentation offloading. Therefore Windows XP guests never reach
1458	the same transmission rates as other guest types. Refer to MS
1459	Knowledge base article 842264 for additional information.
1460	</para>
1461	</note>
1462
1463	<para>
1464	Three attachment types: Internal, Bridged, and Host-Only, have
1465	nearly identical performance. The Internal type is a little bit
1466	faster and uses less CPU cycles as the packets never reach the
1467	host's network stack. The NAT attachment type is the slowest and
1468	most secure of all attachment types, as it provides network
1469	address translation. The generic driver attachment is special and
1470	cannot be considered as an alternative to other attachment types.
1471	</para>
1472
1473	<para>
1474	The number of CPUs assigned to VM does not improve network
1475	performance and in some cases may hurt it due to increased
1476	concurrency in the guest.
1477	</para>
1478
1479	<para>
1480	Here is a short summary of things to check in order to improve
1481	network performance:
1482	</para>
1483
1484	<itemizedlist>
1485
1486	<listitem>
1487	<para>
1488	Whenever possible use the virtio network adapter. Otherwise,
1489	use one of the Intel PRO/1000 adapters.
1490	</para>
1491	</listitem>
1492
1493	<listitem>
1494	<para>
1495	Use a Bridged attachment instead of NAT.
1496	</para>
1497	</listitem>
1498
1499	<listitem>
1500	<para>
1501	Make sure segmentation offloading is enabled in the guest OS.
1502	Usually it will be enabled by default. You can check and
1503	modify offloading settings using the
1504	<command>ethtool</command> command on Linux guests.
1505	</para>
1506	</listitem>
1507
1508	<listitem>
1509	<para>
1510	Perform a full detailed analysis of network traffic on the
1511	VM's network adaptor using a third party tool such as
1512	Wireshark. To do this, a promiscuous mode policy needs to be
1513	used on the VM's network adaptor. Use of this mode is only
1514	possible on the following network types: NAT Network, Bridged
1515	Adapter, Internal Network, and Host-Only Adapter.
1516	</para>
1517
1518	<para>
1519	To setup a promiscuous mode policy, either select from the
1520	drop down list located in the <emphasis role="bold">Network
1521	Settings</emphasis> dialog for the network adaptor or use the
1522	command line tool <command>VBoxManage</command>. See
1523	<xref linkend="vboxmanage-modifyvm" />.
1524	</para>
1525
1526	<para>
1527	Promiscuous mode policies are as follows:
1528	</para>
1529
1530	<itemizedlist>
1531
1532	<listitem>
1533	<para>
1534	<literal>deny</literal>, which hides any traffic not
1535	intended for the VM's network adaptor. This is the default
1536	setting.
1537	</para>
1538	</listitem>
1539
1540	<listitem>
1541	<para>
1542	<literal>allow-vms</literal>, which hides all host traffic
1543	from the VM's network adaptor, but allows it to see
1544	traffic from and to other VMs.
1545	</para>
1546	</listitem>
1547
1548	<listitem>
1549	<para>
1550	<literal>allow-all</literal>, which removes all
1551	restrictions. The VM's network adaptor sees all traffic.
1552	</para>
1553	</listitem>
1554
1555	</itemizedlist>
1556	</listitem>
1557
1558	</itemizedlist>
1559
1560	</sect1>
1561
1562	</chapter>

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/doc/manual/en_US/user_Networking.xml@ 91099

Download in other formats: