NAT

Network Address Translation (NAT) mode is the default networking mode used by VirtualBox.

The following are the features of the NAT settings:

1. Allows connection to the host machine (NAT gateway IP address)

2. Does not allow connection to the guest machine from the host

3. Does not allow connections to the machines on the same LAN as the host machine

4. Allows internet access

Scenario

Given the following configurations:

1. Guest machine in a "NAT" network setting(note: this is different from the "NAT network" network setting)

2. Host machine with 2 services running: 111/tcp, 631/tcp, IP: 10.0.2.2 — this is the NAT gateway IP for the guest machine

The following image below displays the output from an nmap scan on the host machine (from the guest machine).

The image below displays the output from 3 commands:

1. TCP connection to the host machine at port 111 (with netcat)

2. TCP connection at port 631

3. TCP connection at port 632 — for control purposes

Notice that the response shows that ports 111 and 631 are open, while connection to port 632 is reufsed — port is closed.

Conclusion

We can see that the guest machine in a "NAT" network setting is able to communicate with the services on the host machine. For a more secure network setting, refer to the "NAT network" configuration.