My. Debian.

Updated on 26/11/2008

Virtualbox default networking configuration is a classic NAT system: all the traffic being generated from the Guest machine is translated as it was generated by the Host machine.

The problem in this case is: how do I get Apache and other servers to work within a nat network?

The answer is port forwarding: you make the natting machine to forward one TCP/UDP port (or generally a range of ports) to the corresponding TCP/UDP port in the Guest machine.This way every incoming IP packet that arrives on the chosen Host’s port is forwarded to the other port on the Guest’s side.

With Virtualbox you can make Apache work on the Guest machine by simply accessing a terminal console on the Host and typing something like this:

$ VBoxManage setextradata GuestName "VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/HostPort" 8888
$ VBoxManage setextradata GuestName "VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/GuestPort" 80
$ VBoxManage setextradata GuestName "VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/Protocol" TCP

where GuestName is the name of the virtualized machine (the one you typed when you created it on VirtualBox), Apache is just a name (it could be foo and nothing would change), and HostPort can be any TCP port that is greater than or equal to 1024 (thanks to Joril that reminded me of it).

However, If you want to connect to a port lesser than 1024, for example just the 80, you can use iptables, the default professional Linux firewall:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $ipaddress:8888

where $ipaddress stores the ip address associated to the network interface. Or better:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8888

which uses the REDIRECT target. Both of them don’t work for traffic being generated from the same machine (localhost) because it doesn’t pass through the PREROUTING chain but only through the OUTPUT one.
Hence, if you need to allow connections from localhost you have to add another rule:

# iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:8888

or

# iptables -t nat -A OUTPUT -o lo -p tcp -dport 80 -j REDIRECT --to-ports 8888

If you want to remove a past Port Forwarding just rewrite the above commands without the final value:

$ VBoxManage setextradata GuestName "VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/HostPort"

$ VBoxManage setextradata GuestName "VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/GuestPort"

$ VBoxManage setextradata GuestName "VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/Protocol"

Finally, you can retrieve all the forwarded ports, as well as other useful information, with the command:

$ VBoxManage getextradata GuestName enumerate

For example, here is what I get for a virtual machine called “Debian Lenny”:

$ VBoxManage getextradata "Debian Lenny" enumerate
VirtualBox Command Line Management Interface Version 2.0.4
(C) 2005-2008 Sun Microsystems, Inc.
All rights reserved.

Key: GUI/SaveMountedAtRuntime, Value: yes
Key: GUI/LastWindowPostion, Value: 252,200,640,532
Key: GUI/Fullscreen, Value: off
Key: GUI/Seamless, Value: off
Key: GUI/AutoresizeGuest, Value: on
Key: GUI/LastCloseAction, Value: powerOff
Key: GUI/InfoDlgState, Value: 400,450,normal
Key: VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/HostPort, Value: 8888
Key: VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/GuestPort, Value: 80
Key: VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/Protocol, Value: TCP

Hope this helps!

Reference:

• iptables on wikipedia.org