6 Virtual networking VBoxManage modifyvm "VM name" --natpf1 delete "guestssh" If for some reason the guest uses a static assigned IP address not leased from the built-in DHCP server, it is required to specify the guest IP when registering the forwarding rule: VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22" This example is identical to the previous one, except that the NAT engine is being told that the guest can be found at the 10.0.2.19 address. To forward all incoming traffic from a specific host interface to the guest, specify the IP of that host interface like this: VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22" This forwards all TCP traffic arriving on the localhost interface (127.0.0.1) via port 2222 to port 22 in the guest. It is not possible to configure incoming NAT connections while the VM is running. However, you can change the settings for a VM which is currently saved (or powered off at a snapshot). 6.3.2 PXE booting with NAT PXE booting is now supported in NAT mode. The NAT DHCP server provides a boot file name of the form vmname.pxe if the directory TFTP exists in the directory where the user’s VirtualBox.xml file is kept. It is the responsibility of the user to provide vmname.pxe. 6.3.3 NAT limitations There are four limitations of NAT mode which users should be aware of: ICMP protocol limitations: Some frequently used network debugging tools (e.g. ping or tracerouting) rely on the ICMP protocol for sending/receiving messages. While ICMP sup- port has been improved with VirtualBox 2.1 (ping should now work), some other tools may not work reliably. Receiving of UDP broadcasts is not reliable: The guest does not reliably receive broadcasts, since, in order to save resources, it only listens for a certain amount of time after the guest has sent UDP data on a particular port. As a consequence, NetBios name resolution based on broadcasts does not always work (but WINS always works). As a workaround, you can use the numeric IP of the desired server in the \\server\share notation. Protocols such as GRE are unsupported: Protocols other than TCP and UDP are not sup- ported. This means some VPN products (e.g. PPTP from Microsoft) cannot be used. There are other VPN products which use simply TCP and UDP. Forwarding host ports 1024 impossible: On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible to bind to ports below 1024 from applications that are not run by root. As a result, if you try to configure such a port forwarding, the VM will refuse to start. These limitations normally don’t affect standard network use. But the presence of NAT has also subtle effects that may interfere with protocols that are normally working. One example is NFS, where the server is often configured to refuse connections from non-privileged ports (i.e. ports not below 1024). 86