In NAT mode, the guest network interface is assigned to the IPv4
range 10.0.x.0/24 by default where
x corresponds to the instance of the
NAT interface +2. So x is 2 when there
is only one NAT instance active. In that case the guest is assigned to
the address 10.0.2.15, the gateway is
set to 10.0.2.2 and the name server can
be found at 10.0.2.3.
If, for any reason, the NAT network needs to be changed, this can be achieved with the following command:
VBoxManage modifyvm "VM name" --natnet1 "192.168/16"
This command would reserve the network addresses from
192.168.0.0 to
192.168.254.254 for the first NAT
network instance of "VM name". The guest IP would be assigned to
192.168.0.15 and the default gateway
could be found at 192.168.0.2.
For network booting in NAT mode, by default VirtualBox uses a built-in TFTP server at the IP address 10.0.2.4. This default behavior should work fine for typical remote-booting scenarios. However, it is possible to change the boot server IP and the location of the boot image with the following commands:
VBoxManage modifyvm "VM name" --nattftpserver1 10.0.2.2 VBoxManage modifyvm "VM name" --nattftpfile1 /srv/tftp/boot/MyPXEBoot.pxe
The VirtualBox NAT stack performance is often determined by its
interaction with the host's TCP/IP stack and the size of several buffers
(SO_RCVBUF and
SO_SNDBUF). For certain setups users
might want to adjust the buffer size for a better performance. This can
by achieved using the following commands (values are in kilobytes and
can range from 8 to 1024):
VBoxManage modifyvm "VM name" --natsettings1 16000,128,128,0,0
This example illustrates tuning the NAT settings. The first parameter is the MTU, then the size of the socket's send buffer and the size of the socket's receive buffer, the initial size of the TCP send window, and lastly the initial size of the TCP receive window. Note that specifying zero means fallback to the default value.
Each of these buffers has a default size of 64KB and default MTU is 1500.
By default, VirtualBox's NAT engine will route TCP/IP packets through the default interface assigned by the host's TCP/IP stack. (The technical reason for this is that the NAT engine uses sockets for communication.) If, for some reason, you want to change this behavior, you can tell the NAT engine to bind to a particular IP address instead. Use the following command:
VBoxManage modifyvm "VM name" --natbindip1 "10.45.0.2"
After this, all outgoing traffic will be sent through the interface with the IP address 10.45.0.2. Please make sure that this interface is up and running prior to this assignment.
The NAT engine by default offers the same DNS servers to the guest that are configured on the host. In some scenarios, it can be desirable to hide the DNS server IPs from the guest, for example when this information can change on the host due to expiring DHCP leases. In this case, you can tell the NAT engine to act as DNS proxy using the following command:
VBoxManage modifyvm "VM name" --natdnsproxy1 on
For resolving network names, the DHCP server of the NAT engine offers a list of registered DNS servers of the host. If for some reason you need to hide this DNS server list and use the host's resolver settings, thereby forcing the VirtualBox NAT engine to intercept DNS requests and forward them to host's resolver, use the following command:
VBoxManage modifyvm "VM name" --natdnshostresolver1 on
Note that this setting is similar to the DNS proxy mode, however whereas the proxy mode just forwards DNS requests to the appropriate servers, the resolver mode will interpret the DNS requests and use the host's DNS API to query the information and return it to the guest.
In some cases it might be useful to intercept the name resolving mechanism, providing a user-defined IP address on a particular DNS request. The intercepting mechanism allows the user to map not only a single host but domains and even more complex naming conventions if required.
The following command sets a rule for mapping a name to a specified IP:
VBoxManage setextradata "VM name" \
"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
<unique rule name of interception rule>/HostIP" <IPv4>
VBoxManage setextradata "VM name" \
"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
<unique rule name>/HostName" <name of host>
The following command sets a rule for mapping a pattern name to a specified IP:
VBoxManage setextradata "VM name" \
"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
<unique rule name>/HostIP" <IPv4>
VBoxManage setextradata "VM name" \
"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
<unique rule name>/HostNamePattern" <hostpattern>
The host pattern may include "|", "?" and "*".
This example demonstrates how to instruct the host-resolver mechanism to resolve all domain and probably some mirrors of www.blocked-site.info site with IP 127.0.0.1:
VBoxManage setextradata "VM name" \
"VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
all_blocked_site/HostIP" 127.0.0.1
VBoxManage setextradata "VM name" \
"VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
all_blocked_site/HostNamePattern" "*.blocked-site.*|*.fb.org"
The host resolver mechanism should be enabled to use user-defined mapping rules, otherwise they don't have any effect.
By default, the NAT core uses aliasing and uses random ports when generating an alias for a connection. This works well for the most protocols like SSH, FTP and so on. Though some protocols might need a more transparent behavior or may depend on the real port number the packet was sent from. It is possible to change the NAT mode via the VBoxManage frontend with the following commands:
VBoxManage modifyvm "VM name" --nataliasmode1 proxyonly
and
VBoxManage modifyvm "Linux Guest" --nataliasmode1 sameports
The first example disables aliasing and switches NAT into transparent mode, the second example enforces preserving of port values. These modes can be combined if necessary.