VirtualBox client OS (using NAT) is able to access host's LAN - How come?

networking virtualbox samba
5,152

Chapter 6. Virtual networking:

To an application on the host, or to another computer on the same network as the host, it looks like the data was sent by the VirtualBox application on the host, using an IP address belonging to the host. VirtualBox listens for replies to the packages sent, and repacks and resends them to the guest machine on its private network.

Networking in VirtualBox (Oracle Blogs):

Each vm thinks they are on their own isolated network. When they send their traffic via the gateway (10.0.2.2) VirtualBox rewrites the packets to make them appear as though they originated from the Host, rather than the Guest (running inside the Host).

Like on a physical host, NAT impedes remote connections, but allows outgoing connections. I don't think there's a networking mode that can distinguish your LAN from the rest of Internet.

Share:
5,152

Related videos on Youtube

MestreLion
Author by

MestreLion

Check out my projects at github: https://github.com/MestreLion Or my (somewhat defunct) profile at Launchpad https://launchpad.net/~mestrelion

Updated on September 18, 2022

Comments

  • MestreLion
    MestreLion over 1 year

    My network is somewhat simple: all PCs in my LAN (Ubuntu desktop, Win7 desktop, XP netbook) connected to a dlink home router, which is connected to ISP's cable modem. LAN has IP subnet 10.10.10.0/24, gateway (the dlink router) is 10.10.10.1, the PCs are 10.10.10.100-120, via DHCP. The PCs share folders among themselves (basic right-click -> share, this is samba, right?). So far, so good.

    Now the Ubuntu desktop has VirtualBox. I was planning on installing sandboxed VMs to test malware (and monitor the way they "call home"). So I installed an Ubuntu VM, network set to NAT mode (the default mode, subnet 10.0.2.0/24 I guess).

    So I open up Nautilus in the VM, go to "network", and to my surprise... the VM is able to see all the shared folder in the host's LAN!!!

    How? Isn't "Shared Folders" something that works on the LAN only? How come a VM that lives in another subnet can access, say, a shared folder in the Win7 machine? They are not in the same LAN! (that would be Virtualbox's "Bridged" mode, correct?). And no, I do not mean VirtualBox's "Share Folder" feature (that maps a host drive as a network share to the guest), I'm not using it.

    So, I clearly lack some fundamental knowledge of how shared folders and NAT works.I assumed NAT would isolate the VM from my LAN while still being able to browse the internet. I am very surprised it was able to see my LAN's workgroups even being in a different subnet.

    So, question is: How is that possible? How this relation between VirtualBox, Shared Folders and NAT works? And how to setup the VM so it can't see the guest's LAN but is still able to browse the internet?

    • Web-E
      Web-E about 11 years
      It should not happen. Only in case of bridge network it is possible. How many adapters are enabled? Check other any other adapter is configured as bridged..
    • MestreLion
      MestreLion about 11 years
      @Web-E: Nope... single adapter, default settings. Attached to 'NAT', TCP forwarding is blank. The folder sharing on my LAN is pretty permissive, but I never thought it would be visible from a non-bridged VM.
    • MestreLion
      MestreLion about 11 years
      @ignis: yes, I'm aware of that. My problem is not VB's 'Share Folders' , but my LAN 's shared folders (as used by Windows, Ubuntu, etc, via samba). The fact that a supposedly isolated VM can access those is my main concern.
  • MestreLion
    MestreLion about 11 years
    is an IP from 10.10.10.x in the same lan as one with 10.0.2.x if they both have 255.255.255.0 mask?
  • MestreLion
    MestreLion about 11 years
    So the only way to test malware is to block all networking in a VM? There is no way to "shield" my LAN from it while still allowing the VM to access (public) internet?
  • ignis
    ignis about 11 years
    It can be done with a firewall, maybe, but I don't know how to do it. Be aware that some malware detects that it is in a virtual machine, and behaves differently; other (rare) malware can escape an "isolated" virtual machine.
  • MestreLion
    MestreLion about 11 years
    I don't think this is the case, but I'll be aware of that, thanks!
  • MestreLion
    MestreLion about 11 years
    And, since I can't really isolate the VM, I guess I'll try another approach: to (somehow) configure the host to intercept all connections from guest and pretend it is the internet. Stay tuned for my next question ;)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Share a folder between Windows 8.1 guest and Ubuntu 14.04 host in VirtualBox
Ping Ubuntu by hostname in a Windows machine
Can't connect from outside to guest [VirtualBox]
Ubuntu: Can't connect to host's internet connection using NAT
How Can I access to my virtual machine with ip?
Python Linux-copy files to windows shared drive (samba)
Can't ping to virtualbox instance
Why can't I browse network shares on 12.04?
Samba Windows Share error: "NT_STATUS_ACCESS_DENIED" - Missing usershares
How to troubleshoot Samba error NT_STATUS_HOST_UNREACHABLE