6.4. Network Address Translation Service

The Network Address Translation (NAT) service works in a similar way to a home router, grouping the systems using it into a network and preventing systems outside of this network from directly accessing systems inside it, but letting systems inside communicate with each other and with systems outside using TCP and UDP over IPv4 and IPv6.

A NAT service is attached to an internal network. Virtual machines which are to make use of it should be attached to that internal network. The name of internal network is chosen when the NAT service is created and the internal network will be created if it does not already exist. The following is an example command to create a NAT network: 

VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable

Here, natnet1 is the name of the internal network to be used and 192.168.15.0/24 is the network address and mask of the NAT service interface. By default in this static configuration the gateway will be assigned the address 192.168.15.1, the address following the interface address, though this is subject to change. To attach a DHCP server to the internal network, modify the example command as follows: 

VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on

To add a DHCP server to an existing network, use the following command: 

VBoxManage natnetwork modify --netname natnet1 --dhcp on

To disable the DHCP server, use the following command: 

VBoxManage natnetwork modify --netname natnet1 --dhcp off

A DHCP server provides a list of registered nameservers, but does not map servers from the 127/8 network.

To start the NAT service, use the following command: 

VBoxManage natnetwork start --netname natnet1

If the network has a DHCP server attached then it will start together with the NAT network service.

To stop the NAT network service, together with any DHCP server: 

VBoxManage natnetwork stop --netname natnet1

To delete the NAT network service: 

VBoxManage natnetwork remove --netname natnet1

This command does not remove the DHCP server if one is enabled on the internal network.

Port-forwarding is supported, using the --port-forward-4 switch for IPv4 and --port-forward-6 for IPv6. For example: 

VBoxManage natnetwork modify \
  --netname natnet1 --port-forward-4 "ssh:tcp:[]:1022:[192.168.15.5]:22"

This adds a port-forwarding rule from the host's TCP 1022 port to the port 22 on the guest with IP address 192.168.15.5. Host port, guest port and guest IP are mandatory. To delete the rule, use the following command: 

VBoxManage natnetwork modify --netname natnet1 --port-forward-4 delete ssh

It is possible to bind a NAT service to specified interface. For example: 

VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185

To see the list of registered NAT networks, use the following command: 

VBoxManage list natnetworks

Copyright © 2004, 2020 Oracle and/or its affiliates. All rights reserved. Legal Notices