虚拟机之 NAT & Bridged Networking

参考自VirtualBox官网：https://www.virtualbox.org/manual/UserManual.html#networkingdetails

NAT Network

Network Address Translation (NAT) is the simplest way of accessing an external network from a virtual machine. Usually, it does not require any configuration on the host network and guest system. For this reason, it is the default networking mode in Oracle VM VirtualBox. A virtual machine with NAT enabled acts much like a real computer that connects to the Internet through a router. The router, in this case, is the Oracle VM VirtualBox networking engine, which maps traffic from and to the virtual machine transparently. In Oracle VM VirtualBox this router is placed between each virtual machine and the host. This separation maximizes security since by default virtual machines cannot talk to each other.   The Network Address Translation (NAT) service works in a similar way to a home router, grouping the systems using it into a network and preventing systems outside of this network from directly accessing systems inside it, but letting systems inside communicate with each other and with systems outside using TCP and UDP over IPv4 and IPv6.

Brideged Network

This is for more advanced networking needs, such as network simulations and running servers in a guest. When enabled, Oracle VM VirtualBox connects to one of your installed network cards and exchanges network packets directly, circumventing your host operating system's network stack.   With bridged networking, Oracle VM VirtualBox uses a device driver on your host system that filters data from your physical network adapter. This driver is therefore called a net filter driver. This enables Oracle VM VirtualBox to intercept data from the physical network and inject data into it, effectively creating a new network interface in software. When a guest is using such a new software interface, it looks to the host system as though the guest were physically connected to the interface using a network cable. The host can send data to the guest through that interface and receive data from it. This means that you can set up routing or bridging between the guest and the rest of your network.

 NAT Network 总结：

1、无需配置即可访问外网，简单快捷，因此是VirtualBox默认模式；

2、启用了NAT的虚拟机的行为就像是一台通过路由器连接到Internet的真实计算机。在这种情况下，路由器是Oracle VM VirtualBox网络引擎，该引擎透明地映射来往虚拟机的流量。在Oracle VM VirtualBox中，此路由器放置在每个虚拟机和主机之间。由于默认情况下虚拟机无法相互通信，因此这种隔离可最大程度地提高安全性；

3、NAT模式的缺点是，就像路由器后面的专用网络一样，虚拟机是不可见的，并且无法从外部Internet访问。除非设置端口转发，否则无法以这种方式运行服务器；

4、NAT有限制:

• ICMP协议限制。 一些常用的网络调试工具（例如 ping或traceroute）依赖于ICMP协议来发送和接收消息。Oracle VM VirtualBox ICMP支持有一些限制，这意味着ping应该可以工作，但其他一些工具可能无法可靠地工作。
• 接收UDP广播。来宾不能可靠地接收UDP广播。为了节省资源，访客仅在特定端口上发送UDP数据后，它仅侦听一定时间。因此，基于广播的NetBios名称解析并非始终有效，但WINS始终有效。解决方法是，可以在 符号中使用所需服务器的数字IP 。 \\server\share
• 不支持某些协议。不支持TCP和UDP以外的协议。不支持GRE。这意味着不能使用某些VPN产品，例如Microsoft的PPTP。还有其他仅使用TCP和UDP的VPN产品。
• 转发低于1024的主机端口。在基于UNIX的主机（例如Linux，Oracle Solaris和Mac OS X）上，无法从不能运行的应用程序绑定到低于1024的端口 root。因此，如果您尝试配置此类端口转发，则VM将拒绝启动。

 

Brideged Network 总结：

1、为更高的网路需求服务；

2、通过桥接网络，Oracle VM VirtualBox使用宿主机Host系统上的设备驱动程序来过滤来自物理网络适配器的数据。使VirtualBox可以拦截来自物理网络的数据并将数据注入到其中，从而有效地在软件中创建新的网络接口。当虚拟机Guest使用这种新的软件接口时，它看起来像是使用网络电缆将Guest物理连接到主机系统的主机系统。Host可以通过该接口向Guest发送数据，并从Guest接收数据；

 

Plus：

Mode	VM→Host	VM←Host	VM1↔VM2	VM→Net/LAN	VM←Net/LAN
Host-only	+	+	+	–	–
Internal	–	–	+	–	–
Bridged	+	+	+	+	+
NAT	+	Port forward	–	+	Port forward
NATservice	+	Port forward	+	+	Port forward