user_Networking.xml revision c53fd76cb229897343a9f1b32fc1187d8009de38
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>As briefly mentioned in <xref linkend="settings-network" />,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox provides up to eight virtual PCI Ethernet cards for each virtual
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync machine. For each such card, you can individually select<orderedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>the hardware that will be virtualized as well as</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>the virtualization mode that the virtual card will be operating
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync in with respect to your physical networking hardware on the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Four of the network cards can be configured in the "Network" section
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync of the settings dialog in the graphical user interface of VirtualBox. You
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync can configure all eight network cards on the command line via VBoxManage
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync modifyvm; see <xref linkend="vboxmanage-modifyvm" />.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This chapter explains the various networking settings in more
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync detail.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For each card, you can individually select what kind of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <emphasis>hardware</emphasis> will be presented to the virtual machine.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox can virtualize the following six types of networking
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hardware:<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>AMD PCNet FAST III (Am79C973, the default);</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Paravirtualized network adapter (virtio-net).</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The PCNet FAST III is the default because it is supported by nearly
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync all operating systems out of the box, as well as the GNU GRUB boot
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync manager. As an exception, the Intel PRO/1000 family adapters are chosen
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync for some guest operating system types that no longer ship with drivers for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the PCNet card, such as Windows Vista.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The Intel PRO/1000 MT Desktop type works with Windows Vista and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync later versions. The T Server variant of the Intel PRO/1000 card is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync recognized by Windows XP guests without additional driver installation.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync The MT Server variant facilitates OVF imports from other platforms.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The <emphasis role="bold">"Paravirtualized network adapter
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync (virtio-net)"</emphasis> is special. If you select this, then VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync does <emphasis>not</emphasis> virtualize common networking hardware (that
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is supported by common guest operating systems out of the box). Instead,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox then expects a special software interface for virtualized
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync environments to be provided by the guest, thus avoiding the complexity of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync emulating networking hardware and improving network performance. Starting
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync with version 3.1, VirtualBox provides support for the industry-standard
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "virtio" networking drivers, which are part of the open-source KVM
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync project.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The "virtio" networking drivers are available for the following
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest operating systems:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Linux kernels version 2.6.25 or later can be configured to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync provide virtio support; some distributions also back-ported virtio
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to older kernels.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For Windows 2000, XP and Vista, virtio drivers can be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync downloaded and installed from the KVM project web page.<footnote>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync url="http://www.linux-kvm.org/page/WindowsGuestDrivers">http://www.linux-kvm.org/page/WindowsGuestDrivers</ulink>.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox also has limited support for so-called <emphasis
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync role="bold">jumbo frames</emphasis>, i.e. networking packets with more
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync than 1500 bytes of data, provided that you use the Intel card
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization and bridged networking. In other words, jumbo frames are
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync not supported with the AMD networking devices; in those cases, jumbo
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync packets will silently be dropped for both the transmit and the receive
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync direction. Guest operating systems trying to use this feature will observe
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync this as a packet loss, which may lead to unexpected application behavior
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync in the guest. This does not cause problems with guest operating systems in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync their default configuration, as jumbo frames need to be explicitly
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync enabled.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Each of the eight networking adapters can be separately configured
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to operate in one of the following modes:<glosslist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In this mode, VirtualBox reports to the guest that a network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync card is present, but that there is no connection -- as if no
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Ethernet cable was plugged into the card. This way it is possible
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to "pull" the virtual Ethernet cable and disrupt the connection,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which can be useful to inform a guest operating system that no
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network connection is available and enforce a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync reconfiguration.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossterm>Network Address Translation (NAT)</glossterm>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>If all you want is to browse the Web, download files and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync view e-mail inside the guest, then this default mode should be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync sufficient for you, and you can safely skip the rest of this
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync section. Please note that there are certain limitations when using
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Windows file sharing (see <xref linkend="nat-limitations" /> for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync details).</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This is for more advanced networking needs such as network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync simulations and running servers in a guest. When enabled,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox connects to one of your installed network cards and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync exchanges network packets directly, circumventing your host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync operating system's network stack.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This can be used to create a different kind of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software-based network which is visible to selected virtual
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync machines, but not to applications running on the host or to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync outside world.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This can be used to create a network containing the host and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync a set of virtual machines, without the need for the host's
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync physical network interface. Instead, a virtual network interface
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync (similar to a loopback interface) is created on the host,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync providing connectivity among virtual machines and the host.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Rarely used modes share the same generic network interface,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync by allowing the user to select a driver which can be included with
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox or be distributed in an extension pack.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>At the moment there are potentially two available
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync sub-modes:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This can be used to interconnect virtual machines
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync running on different hosts directly, easily and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync transparently, over existing network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync infrastructure.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossterm>VDE (Virtual Distributed Ethernet)
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking</glossterm>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This option can be used to connect to a Virtual
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Distributed Ethernet switch on a Linux or a FreeBSD host.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync At the moment this needs compiling VirtualBox from
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync sources, as the Oracle packages do not include it.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The following sections describe the available network modes in more
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync detail.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Network Address Translation (NAT) is the simplest way of accessing
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync an external network from a virtual machine. Usually, it does not require
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync any configuration on the host network and guest system. For this reason,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync it is the default networking mode in VirtualBox.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>A virtual machine with NAT enabled acts much like a real computer
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync that connects to the Internet through a router. The "router", in this
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync case, is the VirtualBox networking engine, which maps traffic from and to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the virtual machine transparently. In VirtualBox this router is placed
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync between each virtual machine and the host. This separation maximizes
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync security since by default virtual machines cannot talk to each
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync other.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The disadvantage of NAT mode is that, much like a private network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync behind a router, the virtual machine is invisible and unreachable from the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync outside internet; you cannot run a server this way unless you set up port
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync forwarding (described below).</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The network frames sent out by the guest operating system are
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync received by VirtualBox's NAT engine, which extracts the TCP/IP data and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync resends it using the host operating system. To an application on the host,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync or to another computer on the same network as the host, it looks like the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync data was sent by the VirtualBox application on the host, using an IP
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync address belonging to the host. VirtualBox listens for replies to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync packages sent, and repacks and resends them to the guest machine on its
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync private network.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The virtual machine receives its network address and configuration
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync on the private network from a DHCP server integrated into VirtualBox. The
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync IP address thus assigned to the virtual machine is usually on a completely
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync different network than the host. As more than one card of a virtual
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync machine can be set up to use NAT, the first card is connected to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync private network 10.0.2.0, the second card to the network 10.0.3.0 and so
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync on. If you need to change the guest-assigned IP range for some reason,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync please refer to <xref linkend="changenat" />.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <title>Configuring port forwarding with NAT</title>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>As the virtual machine is connected to a private network internal
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to VirtualBox and invisible to the host, network services on the guest
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync are not accessible to the host machine or to other computers on the same
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network. However, like a physical router, VirtualBox can make selected
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync services available to the world outside the guest through <emphasis
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync role="bold">port forwarding.</emphasis> This means that VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync listens to certain ports on the host and resends all packets which
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync arrive there to the guest, on the same or a different port.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To an application on the host or other physical (or virtual)
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync machines on the network, it looks as though the service being proxied is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync actually running on the host. This also means that you cannot run the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync same service on the same ports on the host. However, you still gain the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync advantages of running the service in a virtual machine -- for example,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync services on the host machine or on other virtual machines cannot be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync compromised or crashed by a vulnerability or a bug in the service, and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the service can run in a different operating system than the host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync system.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To configure Port Forwarding you can use the graphical Port
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Forwarding editor which can be found in the Network Settings dialog
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync for Network Adaptors configured to use NAT. Here you can map host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ports to guest ports to allow network traffic to be routed to a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync specific port in the guest.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Alternatively command line tool <computeroutput>VBoxManage</computeroutput> could be used;
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync for details, please refer to <xref linkend="vboxmanage-modifyvm" />.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>You will need to know which ports on the guest the service uses
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync and to decide which ports to use on the host (often but not always you
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync will want to use the same ports on the guest and on the host). You can
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync use any ports on the host which are not already in use by a service. For
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync example, to set up incoming NAT connections to an
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>ssh</computeroutput> server in the guest, use the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync following command: <screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen>With
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the above example, all TCP traffic arriving on port 2222 on any host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interface will be forwarded to port 22 in the guest. The protocol name
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>tcp</computeroutput> is a mandatory attribute defining
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which protocol should be used for forwarding
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync (<computeroutput>udp</computeroutput> could also be used). The name
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>guestssh</computeroutput> is purely descriptive and will
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync be auto-generated if omitted. The number after
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>--natpf</computeroutput> denotes the network card, like
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync in other parts of VBoxManage.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To remove this forwarding rule again, use the following command:
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>If for some reason the guest uses a static assigned IP address not
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync leased from the built-in DHCP server, it is required to specify the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest IP when registering the forwarding rule: <screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen>This
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync example is identical to the previous one, except that the NAT engine is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync being told that the guest can be found at the 10.0.2.19 address.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To forward <emphasis>all</emphasis> incoming traffic from a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync specific host interface to the guest, specify the IP of that host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interface like this:<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen>This
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync forwards all TCP traffic arriving on the localhost interface (127.0.0.1)
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync via port 2222 to port 22 in the guest.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>It is possible to configure incoming NAT connections while the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VM is running, see <xref linkend="vboxmanage-controlvm"/>.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>PXE booting is now supported in NAT mode. The NAT DHCP server
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync provides a boot file name of the form
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>vmname.pxe</computeroutput> if the directory
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>TFTP</computeroutput> exists in the directory where the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync user's <computeroutput>VirtualBox.xml</computeroutput> file is kept. It
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is the responsibility of the user to provide
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>vmname.pxe</computeroutput>.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>There are four <emphasis role="bold">limitations</emphasis> of NAT
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync mode which users should be aware of:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glosslist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Some frequently used network debugging tools (e.g.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>ping</computeroutput> or tracerouting) rely on the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ICMP protocol for sending/receiving messages. While ICMP support
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync has been improved with VirtualBox 2.1
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync (<computeroutput>ping</computeroutput> should now work), some
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync other tools may not work reliably.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossterm>Receiving of UDP broadcasts is not reliable:</glossterm>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The guest does not reliably receive broadcasts, since, in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync order to save resources, it only listens for a certain amount of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync time after the guest has sent UDP data on a particular port. As a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync consequence, NetBios name resolution based on broadcasts does not
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync always work (but WINS always works). As a workaround, you can use
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the numeric IP of the desired server in the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>\\server\share</computeroutput> notation.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossterm>Protocols such as GRE are unsupported:</glossterm>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Protocols other than TCP and UDP are not supported. This
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync means some VPN products (e.g. PPTP from Microsoft) cannot be used.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync There are other VPN products which use simply TCP and UDP.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossterm>Forwarding host ports < 1024 impossible:</glossterm>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync not possible to bind to ports below 1024 from applications that
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync are not run by <computeroutput>root</computeroutput>. As a result,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync if you try to configure such a port forwarding, the VM will refuse
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to start.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glosslist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>These limitations normally don't affect standard network use. But
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the presence of NAT has also subtle effects that may interfere with
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync protocols that are normally working. One example is NFS, where the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync server is often configured to refuse connections from non-privileged
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <title>Network Address Translation Service (experimental)</title>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The Network Address Translation (NAT) service works in a similar way
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to a home router, grouping the systems using it into a network and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync preventing systems outside of this network from directly accessing systems
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync inside it, but letting systems inside communicate with each other and with
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync systems outside using TCP and UDP over IPv4 and IPv6.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>A NAT service is attached to an internal network. Virtual machines
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which are to make use of it should be attached to that internal network.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync The name of internal network is chosen when the NAT service is created and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the internal network will be created if it does not already exist. An
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync example command to create a NAT network is:
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork add -t nat-int-network -n "192.168.15.0/24" -e</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Here, "nat-int-network" is the name of the internal network to be used and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "192.168.15.0/24" is the network address and mask of the NAT service
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interface. By default in this static configuration the gateway will be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync assigned the address 192.168.15.1 (the address following the interface
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync address), though this is subject to change. To attach a DHCP server to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync internal network, we modify the example as follows:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork add -t nat-int-network -n "192.168.15.0/24" -e -h on</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para> or to add a DHCP server to the network after creation:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork modify -t nat-int-network -h on</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork modify -t nat-int-network -h off</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>DHCP server provides list of registered nameservers, but doesn't map
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync servers from 127/8 network.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To start the NAT service, use the following command:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork start -t nat-int-network</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>If the network has a DHCP server attached then it will start together
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync with the NAT network service.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork stop -t nat-int-network</screen> stops
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the NAT network service, together with DHCP server if any.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To delete the NAT network service use:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork remove -t nat-int-network</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This command does not remove the DHCP server if one is enabled on the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync internal network.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Port-forwarding is supported (using the "-p" switch for IPv4 and "-P"
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync for IPv6):</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork modify -t nat-int-network -p "ssh:tcp:[]:10022:[192.168.15.15]:22"</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This adds a port-forwarding rule from the host's TCP 10022 port to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the port 22 on the guest with IP address 192.168.15.15. To delete the rule,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync use:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage natnetwork modify -t nat-int-network -p delete ssh</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>It's possible to bind NAT service to specified interface:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <screen>VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To see the list of registered NAT networks, use:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><screen>VBoxManage list natnetworks</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>With bridged networking, VirtualBox uses a device driver on your
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <emphasis>host</emphasis> system that filters data from your physical
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network adapter. This driver is therefore called a "net filter" driver.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync This allows VirtualBox to intercept data from the physical network and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync inject data into it, effectively creating a new network interface in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software. When a guest is using such a new software interface, it looks to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the host system as though the guest were physically connected to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interface using a network cable: the host can send data to the guest
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync through that interface and receive data from it. This means that you can
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync set up routing or bridging between the guest and the rest of your
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For this to work, VirtualBox needs a device driver on your host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync system. The way bridged networking works has been completely rewritten
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync with VirtualBox 2.0 and 2.1, depending on the host operating system. From
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the user perspective, the main difference is that complex configuration is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync no longer necessary on any of the supported host operating
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync systems.<footnote>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For Mac OS X and Solaris hosts, net filter drivers were already
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync added in VirtualBox 2.0 (as initial support for Host Interface
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Networking on these platforms). With VirtualBox 2.1, net filter
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync drivers were also added for the Windows and Linux hosts, replacing the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync mechanisms previously present in VirtualBox for those platforms;
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync especially on Linux, the earlier method required creating TAP
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interfaces and bridges, which was complex and varied from one
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync distribution to the next. None of this is necessary anymore. Bridged
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network was formerly called "Host Interface Networking" and has been
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync renamed with version 2.2 without any change in functionality.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Even though TAP is no longer necessary on Linux with bridged
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking, you <emphasis>can</emphasis> still use TAP interfaces for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync certain advanced setups, since you can connect a VM to any host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interface -- which could also be a TAP interface.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </note>To enable bridged networking, all you need to do is to open the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Settings dialog of a virtual machine, go to the "Network" page and select
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "Bridged network" in the drop down list for the "Attached to" field.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Finally, select desired host interface from the list at the bottom of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync page, which contains the physical network interfaces of your systems. On a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync typical MacBook, for example, this will allow you to select between "en1:
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync AirPort" (which is the wireless interface) and "en0: Ethernet", which
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync represents the interface with a network cable.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <note><para>Bridging to a wireless interface is done differently from
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync bridging to a wired interface, because most wireless adapters do not
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync support promiscuous mode. All traffic has to use the MAC address of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host's wireless adapter, and therefore VirtualBox needs to replace the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync source MAC address in the Ethernet header of an outgoing packet to make
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync sure the reply will be sent to the host interface. When VirtualBox sees
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync an incoming packet with a destination IP address that belongs to one of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the virtual machine adapters it replaces the destination MAC address in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the Ethernet header with the VM adapter's MAC address and passes it on.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox examines ARP and DHCP packets in order to learn the IP
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Depending on your host operating system, the following limitations
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync should be kept in mind:<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On <emphasis role="bold">Macintosh</emphasis> hosts,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync functionality is limited when using AirPort (the Mac's wireless
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking) for bridged networking. Currently, VirtualBox supports
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync only IPv4 over AirPort. For other protocols such as IPv6 and IPX,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync you must choose a wired interface.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On <emphasis role="bold">Linux</emphasis> hosts, functionality
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is limited when using wireless interfaces for bridged networking.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Currently, VirtualBox supports only IPv4 over wireless. For other
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync protocols such as IPv6 and IPX, you must choose a wired
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interface.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Also, setting the MTU to less than 1500 bytes on wired
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interfaces provided by the sky2 driver on the Marvell Yukon II EC
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Ultra Ethernet NIC is known to cause packet losses under certain
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync conditions.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Some adapters strip VLAN tags in hardware. This does not allow
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to use VLAN trunking between VM and the external network with
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync pre-2.6.27 Linux kernels nor with host operating systems other than
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Linux.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On <emphasis role="bold">Solaris</emphasis> hosts, there is no
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync support for using wireless interfaces. Filtering guest traffic using
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync IPFilter is also not completely supported due to technical
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync restrictions of the Solaris networking subsystem. These issues would
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync be addressed in a future release of Solaris 11.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Starting with VirtualBox 4.1, on Solaris 11 hosts (build 159
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync and above), it is possible to use Solaris' Crossbow Virtual Network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Interfaces (VNICs) directly with VirtualBox without any additional
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync configuration other than each VNIC must be exclusive for every guest
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network interface.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Starting with VirtualBox 2.0.4 and up to VirtualBox 4.0, VNICs
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync can be used but with the following caveats:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>A VNIC cannot be shared between multiple guest network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interfaces, i.e. each guest network interface must have its own,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync exclusive VNIC.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The VNIC and the guest network interface that uses the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VNIC must be assigned identical MAC addresses.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>When using VLAN interfaces with VirtualBox, they must be named
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync according to the PPA-hack naming scheme (e.g. "e1000g513001"), as
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync otherwise the guest may receive packets in an unexpected
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync format.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Internal Networking is similar to bridged networking in that the VM
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync can directly communicate with the outside world. However, the "outside
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync world" is limited to other VMs on the same host which connect to the same
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync internal network.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Even though technically, everything that can be done using internal
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking can also be done using bridged networking, there are security
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync advantages with internal networking. In bridged networking mode, all
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync traffic goes through a physical interface of the host system. It is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync therefore possible to attach a packet sniffer (such as Wireshark) to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host interface and log all traffic that goes over it. If, for any reason,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync you prefer two or more VMs on the same machine to communicate privately,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hiding their data from both the host system and the user, bridged
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking therefore is not an option.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Internal networks are created automatically as needed, i.e. there is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync no central configuration. Every internal network is identified simply by
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync its name. Once there is more than one active virtual network card with the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync same internal network ID, the VirtualBox support driver will automatically
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "wire" the cards and act as a network switch. The VirtualBox support
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync driver implements a complete Ethernet switch and supports both
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync broadcast/multicast frames and promiscuous mode.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In order to attach a VM's network card to an internal network, set
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync its networking mode to "internal networking". There are two ways to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync accomplish this:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>You can use a VM's "Settings" dialog in the VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync graphical user interface. In the "Networking" category of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync settings dialog, select "Internal Networking" from the drop-down
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync list of networking modes. Now select the name of an existing
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync internal network from the drop-down below or enter a new name into
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the entry field.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>You can use <screen>VBoxManage modifyvm "VM name" --nic<x> intnet</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Optionally, you can specify a network name with the command <screen>VBoxManage modifyvm "VM name" --intnet<x> "network name"</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync If you do not specify a network name, the network card will be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync attached to the network <computeroutput>intnet</computeroutput> by
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync default.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Unless you configure the (virtual) network cards in the guest
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync operating systems that are participating in the internal network to use
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync static IP addresses, you may want to use the DHCP server that is built
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync into VirtualBox to manage IP addresses for the internal network. Please
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync see <xref linkend="vboxmanage-dhcpserver" /> for details.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>As a security measure, the Linux implementation of internal
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking only allows VMs running under the same user ID to establish an
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync internal network.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Host-only networking is another networking mode that was added with
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync version 2.2 of VirtualBox. It can be thought of as a hybrid between the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync bridged and internal networking modes: as with bridged networking, the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtual machines can talk to each other and the host as if they were
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync connected through a physical Ethernet switch. Similarly, as with internal
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync networking however, a physical networking interface need not be present,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync and the virtual machines cannot talk to the world outside the host since
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync they are not connected to a physical networking interface.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Instead, when host-only networking is used, VirtualBox creates a new
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software interface on the host which then appears next to your existing
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network interfaces. In other words, whereas with bridged networking an
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync existing physical interface is used to attach virtual machines to, with
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host-only networking a new "loopback" interface is created on the host.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync And whereas with internal networking, the traffic between the virtual
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync machines cannot be seen, the traffic on the "loopback" interface on the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host can be intercepted.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Host-only networking is particularly useful for preconfigured
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtual appliances, where multiple virtual machines are shipped together
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync and designed to cooperate. For example, one virtual machine may contain a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync web server and a second one a database, and since they are intended to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync talk to each other, the appliance can instruct VirtualBox to set up a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host-only network for the two. A second (bridged) network would then
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync connect the web server to the outside world to serve data to, but the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync outside world cannot connect to the database.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To change a virtual machine's virtual network interface to "host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync only" mode:<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>either go to the "Network" page in the virtual machine's
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync settings notebook in the graphical user interface and select
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "Host-only networking", or</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>on the command line, type <computeroutput>VBoxManage modifyvm
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "VM name" --nic<x> hostonly</computeroutput>; see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync linkend="vboxmanage-modifyvm" /> for details.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For host-only networking, like with internal networking, you may
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync find the DHCP server useful that is built into VirtualBox. This can be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync enabled to then manage the IP addresses in the host-only network since
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync otherwise you would need to configure all IP addresses
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync statically.<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In the VirtualBox graphical user interface, you can configure
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync all these items in the global settings via "File" -> "Settings"
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync -> "Network", which lists all host-only networks which are
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync presently in use. Click on the network name and then on the "Edit"
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync button to the right, and you can modify the adapter and DHCP
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync settings.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Alternatively, you can use <computeroutput>VBoxManage
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync dhcpserver</computeroutput> on the command line; please see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync linkend="vboxmanage-dhcpserver" /> for details.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><note>On Linux and Mac OS X hosts the number of host-only interfaces is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync limited to 128. There is no such limit for Solaris and Windows hosts.</note></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>This networking mode allows to interconnect virtual machines running
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync on different hosts.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Technically this is done by encapsulating Ethernet frames sent or
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync received by the guest network card into UDP/IP datagrams, and sending them
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync over any network available to the host.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>UDP Tunnel mode has three parameters:<glosslist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The port on which the host listens. Datagrams arriving on
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync this port from any source address will be forwarded to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync receiving part of the guest network card.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>IP address of the target host of the transmitted
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync data.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Port number to which the transmitted data is sent.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>When interconnecting two virtual machines on two different hosts,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync their IP addresses must be swapped. On single host, source and destination
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync UDP ports must be swapped.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In the following example host 1 uses the IP address 10.0.0.1 and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync host 2 uses IP address 10.0.0.2. Configuration via command-line:<screen> VBoxManage modifyvm "VM 01 on host 1" --nic<x> generic
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 01 on host 1" --nicgenericdrv<x> UDPTunnel
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dest=10.0.0.2
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> sport=10001
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dport=10002</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync and <screen> VBoxManage modifyvm "VM 02 on host 2" --nic<y> generic
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 02 on host 2" --nicgenericdrv<y> UDPTunnel
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dest=10.0.0.1
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> sport=10002
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dport=10001</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Of course, you can always interconnect two virtual machines on the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync same host, by setting the destination address parameter to 127.0.0.1 on
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync both. It will act similarly to "Internal network" in this case, however
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the host can see the network traffic which it could not in the normal
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Internal network case.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to bind to ports below 1024 from applications that are not run by
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>root</computeroutput>. As a result, if you try to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync configure such a source UDP port, the VM will refuse to start.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VDE is a project developed by Renzo Davoli, Associate Professor
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync at the University of Bologna, Italy.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </footnote>) is a flexible, virtual network infrastructure system,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync spanning across multiple hosts in a secure way. It allows for L2/L3
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync switching, including spanning-tree protocol, VLANs, and WAN emulation. It
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is an optional part of VirtualBox which is only included in the source
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync code.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The basic building blocks of the infrastructure are VDE switches,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VDE plugs and VDE wires which inter-connect the switches.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The VirtualBox VDE driver has one parameter:<glosslist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The name of the VDE network switch socket to which the VM
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync will be connected.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossdef>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </glossentry>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The following basic example shows how to connect a virtual machine
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to a VDE switch:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Create a VDE switch: <screen>vde_switch -s /tmp/switch1</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Configuration via command-line: <screen>VBoxManage modifyvm "VM name" --nic<x> generic</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <screen>VBoxManage modifyvm "VM name" --nicgenericdrv<x> VDE</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync To connect to automatically allocated switch port, use: <screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync To connect to specific switch port <n>, use: <screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1[<n>]</screen>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync The latter option can be useful for VLANs.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Optionally map between VDE switch port and VLAN: (from switch
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync CLI) <screen>vde$ vlan/create <VLAN></screen> <screen>vde$ port/setvlan <port> <VLAN></screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VDE is available on Linux and FreeBSD hosts only. It is only
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync available if the VDE software and the VDE plugin library from the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualSquare project are installed on the host system<footnote>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For Linux hosts, the shared library libvdeplug.so must be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync available in the search path for shared libraries</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </footnote>. For more information on setting up VDE networks, please see
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the documentation accompanying the software.<footnote>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync url="http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking">http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking</ulink>.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Starting with version 4.2, VirtualBox allows for limiting the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync maximum bandwidth used for network transmission. Several network adapters
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync of one VM may share limits through bandwidth groups. It is possible
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to have more than one such limit.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <note><para>VirtualBox shapes VM traffic only in the transmit direction,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync delaying the packets being sent by virtual machines. It does not limit
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the traffic being received by virtual machines.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Limits are configured through
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>VBoxManage</computeroutput>. The example below creates a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync bandwidth group named "Limit", sets the limit to 20 Mbit/s and assigns the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync group to the first and second adapters of the VM:<screen>VBoxManage bandwidthctl "VM name" add Limit --type network --limit 20m
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsyncVBoxManage modifyvm "VM name" --nicbandwidthgroup1 Limit
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsyncVBoxManage modifyvm "VM name" --nicbandwidthgroup2 Limit</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>All adapters in a group share the bandwidth limit, meaning that in the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync example above the bandwidth of both adapters combined can never exceed 20
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Mbit/s. However, if one adapter doesn't require bandwidth the other can use the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync remaining bandwidth of its group.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The limits for each group can be changed while the VM is running,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync with changes being picked up immediately. The example below changes the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync limit for the group created in the example above to 100 Kbit/s:<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 100k</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To completely disable shaping for the first adapter of VM use the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync following command:
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <screen>VBoxManage modifyvm "VM name" --nicbandwidthgroup1 none</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>It is also possible to disable shaping for all adapters assigned to a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync bandwidth group while VM is running, by specifying the zero limit for the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync group. For example, for the bandwidth group named "Limit" use:
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <screen>VBoxManage bandwidthctl "VM name" set Limit --limit 0</screen></para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox provides a variety of virtual network adapters that can be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "attached" to the host's network in a number of ways. Depending on which
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync types of adapters and attachments are used the network performance will
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync be different. Performance-wise the <emphasis>virtio</emphasis> network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync adapter is preferable over <emphasis>Intel PRO/1000</emphasis> emulated
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync adapters, which are preferred over <emphasis>PCNet</emphasis> family of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync adapters. Both <emphasis>virtio</emphasis> and <emphasis>Intel PRO/1000
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </emphasis> adapters enjoy the benefit of segmentation and checksum
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync offloading. Segmentation offloading is essential for high performance as
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync it allows for less context switches, dramatically increasing the sizes
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <note><para>Neither <emphasis>virtio</emphasis> nor <emphasis>Intel PRO/1000
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </emphasis> drivers for Windows XP support segmentation
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync offloading. Therefore Windows XP guests never reach the same
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync transmission rates as other guest types. Refer to MS Knowledge base
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync article 842264 for additional information.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Three attachment types: <emphasis>internal</emphasis>,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <emphasis>bridged</emphasis> and <emphasis>host-only</emphasis>, have
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync nearly identical performance, the <emphasis>internal</emphasis> type
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync being a little bit faster and using less CPU cycles as the packets never
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync reach the host's network stack. The <emphasis>NAT</emphasis> attachment
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is the slowest (and safest) of all attachment types as it provides
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network address translation. The generic driver attachment is special and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync cannot be considered as an alternative to other attachment types.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The number of CPUs assigned to VM does not improve network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync performance and in some cases may hurt it due to increased concurrency in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the guest.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Here is the short summary of things to check in order to improve
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync network performance:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Whenever possible use <emphasis>virtio</emphasis> network
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync adapter, otherwise use one of <emphasis>Intel PRO/1000</emphasis>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync adapters;</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Use <emphasis>bridged</emphasis> attachment instead of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Make sure segmentation offloading is enabled in the guest OS.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Usually it will be enabled by default. You can check and modify
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync offloading settings using <computeroutput>ethtool</computeroutput>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync command in Linux guests.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>