In NAT mode, the guest network interface is assigned to the IPv4
range 10.0.
by default where x
.0/24x
corresponds to the
instance of the NAT interface +2. So
x
is 2 when there is only one NAT
instance active. In that case the guest is assigned to the
address 10.0.2.15
, the gateway is set to
10.0.2.2
and the name server can be found at
10.0.2.3
.
If the NAT network needs to be changed, use the following command:
$ VBoxManage modifyvm VM-name
\
--natnet1 "192.168/16"
This command would reserve the network addresses from
192.168.0.0
to
192.168.254.254
for the first NAT network
instance of VM-name
The guest IP
would be assigned to 192.168.0.15
and the
default gateway could be found at
192.168.0.2
.
For network booting in NAT mode, by default Oracle VM VirtualBox uses a built-in TFTP server at the IP address 10.0.2.4. This default behavior should work fine for typical remote-booting scenarios. However, it is possible to change the boot server IP and the location of the boot image with the following commands:
$ VBoxManage modifyvmVM-name
\ --nattftpserver1 10.0.2.2 $ VBoxManage modifyvmVM-name
\ --nattftpfile1 /srv/tftp/boot/MyPXEBoot.pxe
The Oracle VM VirtualBox NAT stack performance is often determined by
its interaction with the host's TCP/IP stack and the size of
several buffers, SO_RCVBUF
and
SO_SNDBUF
. For certain setups users might
want to adjust the buffer size for a better performance. This
can by achieved using the following commands, where values are
in kilobytes and can range from 8 to 1024:
$ VBoxManage modifyvm VM-name
\
--natsettings1 16000,128,128,0,0
This example illustrates tuning the NAT settings. The first parameter is the MTU, then the size of the socket's send buffer and the size of the socket's receive buffer, the initial size of the TCP send window, and lastly the initial size of the TCP receive window. Note that specifying zero means fallback to the default value.
Each of these buffers has a default size of 64KB and default MTU is 1500.
By default, Oracle VM VirtualBox's NAT engine will route TCP/IP packets through the default interface assigned by the host's TCP/IP stack. The technical reason for this is that the NAT engine uses sockets for communication. If you want to change this behavior, you can tell the NAT engine to bind to a particular IP address instead. For example, use the following command:
$ VBoxManage modifyvm VM-name
\
--natbindip1 "10.45.0.2"
After this, all outgoing traffic will be sent through the interface with the IP address 10.45.0.2. Ensure that this interface is up and running before changing the NAT bind address.
The NAT engine by default offers the same DNS servers to the guest that are configured on the host. In some scenarios, it can be desirable to hide the DNS server IPs from the guest, for example when this information can change on the host due to expiring DHCP leases. In this case, you can tell the NAT engine to act as DNS proxy using the following command:
$ VBoxManage modifyvm VM-name
--natdnsproxy1 on
For resolving network names, the DHCP server of the NAT engine offers a list of registered DNS servers of the host. If for some reason you need to hide this DNS server list and use the host's resolver settings, thereby forcing the Oracle VM VirtualBox NAT engine to intercept DNS requests and forward them to host's resolver, use the following command:
$ VBoxManage modifyvm VM-name
--natdnshostresolver1 on
Note that this setting is similar to the DNS proxy mode, however whereas the proxy mode just forwards DNS requests to the appropriate servers, the resolver mode will interpret the DNS requests and use the host's DNS API to query the information and return it to the guest.
In some cases it might be useful to intercept the name resolving mechanism, providing a user-defined IP address on a particular DNS request. The intercepting mechanism enables the user to map not only a single host but domains and even more complex naming conventions if required.
The following command sets a rule for mapping a name to a specified IP:
VBoxManage setextradataVM-name
\ "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \unique-rule-name-of-interception-rule
/HostIP"IPv4
VBoxManage setextradataVM-name
\ "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \unique-rule-name
/HostName"hostname
The following command sets a rule for mapping a pattern name to a specified IP:
VBoxManage setextradataVM-name
\ "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \unique-rule-name
/HostIP"IPv4
VBoxManage setextradataVM-name
\ "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \unique-rule-name
/HostNamePattern"hostpattern
The host name pattern can include the following wildcard
characters: pipe (|
), question mark
(?
), and asterisk (*
).
This example demonstrates how to instruct the host-resolver mechanism to resolve all domain and probably some mirrors of www.blocked-site.info site with IP 127.0.0.1:
$ VBoxManage setextradataVM-name
\ "VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/all_blocked_site/HostIP" 127.0.0.1 $ VBoxManage setextradataVM-name
\ "VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/all_blocked_site/HostNamePattern" "*.blocked-site.*|*.fb.org"
The host resolver mechanism should be enabled to use user-defined mapping rules, otherwise they do not have any effect.
By default, the NAT core uses aliasing and uses random ports when generating an alias for a connection. This works well for the most protocols like SSH, FTP and so on. Though some protocols might need a more transparent behavior or may depend on the real port number the packet was sent from. You can change the NAT mode by using the following commands:
$ VBoxManage modifyvm VM-name
\
--nataliasmode1 proxyonly
$ VBoxManage modifyvm "Linux Guest" --nataliasmode1 sameports
The first example disables aliasing and switches NAT into transparent mode, the second example enforces preserving of port values. These modes can be combined if necessary.