This continues our run-through of virtual networking in VirtualBox. This is all heading toward setting up a virtual server for Ubuntu 11.10 with a sandboxed instance of WordPress. Completing our tour of the Network Adapter options available to our guest machine, there are two left.
Under the Host-only adapter, virtual machines can communicate between each other and with the hosting system but not outside. The Host-only adapter uses its own dedicated network device, called vboxnet0, to set up a sub-net and allocates IP addresses to guest machines. The guest machines cannot communicate with the outside world, since they are not connected via a physical interface. Host-only provides restricted services, useful for creating private networks under a VirtualBox host for its’ guests.
Unlike other virtualisation products, the VirtualBox NAT adapter, doesn’t bridge the default network device on your hosts, so there is no direct network access to NAT-ed machines and no access to applications and data on the host itself. Let’s look at an example.
Typically your host has its’ own network address, the one it uses to access the Internet – commonly 192.168.0.1. Under Host-only, the host machine also becomes the VirtualBox router, with the default IP address of 192.168.56.1. The Host creates an internal local area network serving all the guest machines set-up for Host-only, visible to the rest of your network. The vboxnet0 adapter starts issuing IP addresses from 192.168.56.101 onward, but you can change the default IP address allocation, if you want.
Similar to the Bridged adapter, Host-only uses different address ranges. You can easily allow guest machines to obtain addresses using the DCHP (dynamic allocation, which will likely be a different address per session) that VirtualBox provides.
Additionally, the Host-only network for the host and guest does not have a gateway out to the Internet. It’s just used to connect the host and the guest, much like a network switch. Therefore Host-only adapter does not provide guest machines with Internet access; vboxnet0 has no default gateway, so while the addition of vboxnet0 greatly simplifies networking between the Host and guests using it, you don’t get external access or port forwarding, so you may still need a second NAT or Bridged adapter attached to your guest to achieve full access.
If you want several guests machines to communicate with each other on one host, but with nothing else, then we can use this Internal network mode. Although you can use Bridged Networking for this, Internal Network is more secure. In Bridged networking, all the packets are sent/received from the physical network adapter in the Host machine, the traffic through which can be tapped (say, by attaching a packet sniffer to the Host).
The Internal network option creates, according to the VirtualBox manual, “a software-based network which is visible to selected virtual machines, but not to applications running on the host or to the outside world.” This provides a network containing the host and a set of virtual machines, but none of it goes through the host’s physical network interface – it is entirely virtual, with VirtualBox acting as a network switch. What you get is a private LAN for your guest machines only, without any access to the external world, which makes it very secure. Possible uses might be running a top-secret development server and clients, conducting penetration testing or otherwise creating a secure Intranet for a team or organisation.
It’s an ideal way to lock down an environment against unauthorised software installs, downloads, uploads and Facebook-ing during work time.
This is where you begin to see the different types of network set-ups come into their own, being fit for different purposes. Which brings me back to my start-point; creating a virtual server for WordPress development and testing. We’ll work through this as an example next time. RC
Image credit: Fiber Optic_vortex on flickr by rq, licensed cc share-alike, some rights reserved