Question VirtualBox NAT function vs bridged mode, should I be able to ping the VM from the host?

Toggle sidebar Toggle sidebar
I

iamgenius

Senior member
Jun 6, 2008
803
88
91
Hi to all,

I have built a VM for a special purpose. It is now in my virtualbox, and it is running okay and all is fine. However, I have a little question. The default option for the network adapter in the VM is set to NAT and not bridged, so the VM will be behind my host machine and acquire a different 10.0.2.x ip address rather than an ip address in my 192.168.1.1/24 subnet. The VM can access the internet and can ping all my machines, but it can't be pinged. My main machine can't ping it and all other connected machines can't ping it. I presume this is normal because that is how NATing works. But how are my clients are supposed to communicate back and forth to this VM behind the NAT ?

Please shed me some light in here

Thanks.
 
Sort by date Sort by votes
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,529
416
126
It will communicate via Remote Apps like TeamViewer, VNC, File Zilla and the like, set to communicate through the Internet.


:cool:
 
Upvote 0 Downvote
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
69,729
13,348
126
www.betteroff.ca
Since it's a NAT, it's normal. However in Virtualbox itself you can set port forwards on the NAT like you would a router, so if you want the VM to listen on specific ports you can forward those and the ports will be accessible via your machine's IP address. You can think of your machine as being like a router and it's IP is the "outside" IP.
 
  • Like
Reactions: DAPUNISHER
Upvote 0 Downvote
I

iamgenius

Senior member
Jun 6, 2008
803
88
91
Hmmmm.


This must be the window you guys are referring to :

ZVpcBH2.jpg


So what am I supposed to do exactly? The only time I used port forwarding was when I used DDNS for my dynamic public ip address so that I can reach my security ip cameras from outside. I setup port forwarding in my router so that when I enter the domain name + the port number in a browser windows, it will forward me to the internal ip address of the specific ip camera and I will be able to view the video.

So what I do here exactly? And what does that has to do with my main machine pinging the VM? Like I said, the VM can ping all my machine, both physical and virtual and can access the internet and the outside world.

The actual reason I'm asking all of this is because if I try to nmap this VM from my main machine, will I be able to ? Or is it impossible because it is behind a NAT ?
 
Upvote 0 Downvote
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Seems VirtualBox NAT is different from VMware?

VMware will create a host NAT adapter, but VirtualBox will not. I wonder how host PC can communcate with VirtualBox VM.

I tried to use NAT and NATNetwork (both in 10.0.2.x range), enabled WIndows VM's File & Printer Sharing ICMPv4 Echo Request firewall rule, neither will let me ping VirtualBox VM even with port forwarding rule set.

Win7 FW.png

VB Network.png
 
Last edited:
Upvote 0 Downvote
Mr Evil

Mr Evil

Senior member
Jul 24, 2015
464
187
116
mrevil.asvachin.com
You can't forward a port for ping, as it's ICMP, not TCP/UDP.

I just successfully configured port forwarding for a VM. First I started a VM that runs a webserver on port 80 and is configured to use NAT. Then I used VirtualBox's port forwarding to forward TCP port 80 to port 80 (leaving both IP address fields blank, since I don't care what the host or guest addresses are). Then I made a request to http://localhost and it returned the page served by the VM.
 
Upvote 0 Downvote
I

iamgenius

Senior member
Jun 6, 2008
803
88
91
Mr Evil said:
You can't forward a port for ping, as it's ICMP, not TCP/UDP.

I just successfully configured port forwarding for a VM. First I started a VM that runs a webserver on port 80 and is configured to use NAT. Then I used VirtualBox's port forwarding to forward TCP port 80 to port 80 (leaving both IP address fields blank, since I don't care what the host or guest addresses are). Then I made a request to http://localhost and it returned the page served by the VM.
Click to expand...

Aha, I see. I now see it. But, can I conclude from this that a VM configured to use NAT just can't be pinged from the host machine. Sounds like a good security measure.

To help me understand more, tell me which statement has more truth in it:

A machine behind a NAT is harder to reach from the outside world

or

A machine behind a NAT is impossible to reach from the outside world


The first statement should be the right one as the machine can't be pinged directly, but you can reach services running on it via port forwarding. Right?

Sorry for being a noob!
 
Upvote 0 Downvote
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
OK. visiting http://localhost on host did work, it forwarded to the VM's web HTTP server, but visiting http://10.0.2.15 (VM's IP) on the host wouldn't work.

The way it works is totally different from VMware, however, since VirtualBox does not create a virtual host NAT adapter.

=

And how can you ping the VM?
 
Last edited:
Upvote 0 Downvote
Mr Evil

Mr Evil

Senior member
Jul 24, 2015
464
187
116
mrevil.asvachin.com
iamgenius said:
Aha, I see. I now see it. But, can I conclude from this that a VM configured to use NAT just can't be pinged from the host machine. Sounds like a good security measure.

To help me understand more, tell me which statement has more truth in it:

A machine behind a NAT is harder to reach from the outside world

or

A machine behind a NAT is impossible to reach from the outside world


The first statement should be the right one as the machine can't be pinged directly, but you can reach services running on it via port forwarding. Right?

Sorry for being a noob!
Click to expand...
That's right. Without having been configured, when a NAT router receives a packet, it cannot know which machine it should forward it to, so it just drops it. For a machine to be reachable from the outside, ports must be forwarded, which can be by someone manually setting them up, or by UPnP, or other means.

mxnerd said:
...And how can you ping the VM?
Click to expand...
I don't think you can if it's using NAT. You have to use one of the other networking types.
 
Upvote 0 Downvote
I

iamgenius

Senior member
Jun 6, 2008
803
88
91
When you know guys, I originally asked the question because I wanted to know whether it is possible to nmap a machine with an internal ip address (behind the firewall or router NAT) from the outside world. This is a pentesting question. From the looks of it, it is just impossible because of the way NAT works...

Scan a computer behind NAT

Network Address Translation resolve the problem of limited IPv4 by allocating one public IPv4. When a node inside the network want to send a packet to the internet a special port is generated that ...
security.stackexchange.com

The above link explains it better than me. I found other articles also but didn't save the links.

I'm learning pentesting...I will just switch to bridged mode.

Comments are welcomed

Thanks to all of you
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom