The Network Address Translation (NAT) service works in a similar way to a home router, grouping the systems using it into a network and preventing systems outside of this network from directly accessing systems inside it, but letting systems inside communicate with each other and with systems outside using TCP and UDP over IPv4 and IPv6.
A NAT service is attached to an internal network. Virtual machines which are to make use of it should be attached to that internal network. The name of internal network is chosen when the NAT service is created and the internal network will be created if it does not already exist. An example command to create a NAT network is:
VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable
Here, "natnet1" is the name of the internal network to be used and "192.168.15.0/24" is the network address and mask of the NAT service interface. By default in this static configuration the gateway will be assigned the address 192.168.15.1 (the address following the interface address), though this is subject to change. To attach a DHCP server to the internal network, we modify the example as follows:
VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on
or to add a DHCP server to the network after creation:
VBoxManage natnetwork modify --netname natnet1 --dhcp on
To disable it again, use:
VBoxManage natnetwork modify --netname natnet1 --dhcp off
DHCP server provides list of registered nameservers, but doesn't map servers from 127/8 network.
To start the NAT service, use the following command:
VBoxManage natnetwork start --netname natnet1
If the network has a DHCP server attached then it will start together with the NAT network service.
VBoxManage natnetwork stop --netname natnet1
stops the NAT network service, together with DHCP server if any.
To delete the NAT network service use:
VBoxManage natnetwork remove --netname natnet1
This command does not remove the DHCP server if one is enabled on the internal network.
Port-forwarding is supported (using the
--port-forward-4 switch for IPv4 and
--port-forward-6
for IPv6):
VBoxManage natnetwork modify --netname natnet1 --port-forward-4 "ssh:tcp:[]:1022:[192.168.15.5]:22"
This adds a port-forwarding rule from the host's TCP 1022 port to the port 22 on the guest with IP address 192.168.15.5. Host port, guest port and guest IP are mandatory. To delete the rule, use:
VBoxManage natnetwork modify --netname natnet1 --port-forward-4 delete ssh
It's possible to bind NAT service to specified interface:
VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185
To see the list of registered NAT networks, use:
VBoxManage list natnetworks