143

VMWare: What is NAT vs. Bridged vs. Host-Only?

Improve this question
3

5 Answers 5

Reset to default
112

Host-only only permits network operations with the Host OS.

NAT mode will mask all network activity as if it came from your Host OS, although the VM can access external resources.

Bridged mode replicates another node on the physical network and your VM will receive it's own IP address if DHCP is enabled in the network.

Improve this answer
8
  • will the VM receive it's own IP address in NAT or Host-only mode?
    – stevebot
    Commented Dec 31, 2010 at 0:38
  • 2
    It will receive an address, but not from the DHCP server. Likely in a completely different range, and not routable on the current LAN. You will see a virtual adapter on the host OS which will have an address in the same range.
    – user1931
    Commented Dec 31, 2010 at 0:40
  • So if the IP is not from a DHCP server is it static?
    – stevebot
    Commented Dec 31, 2010 at 0:44
  • 1
    Yeap, you got it.
    – user1931
    Commented Dec 31, 2010 at 0:55
  • 1
    The description of host-only networking in this answer isn't quite accurate and implies that the VM is accessible only by the host OS. See my answer for a more thorough explanation
    – jamesdlin
    Commented Feb 20, 2017 at 21:06
81

Same concept as the normal network setup :)

  • Host-Only: The VM will be assigned one IP, but it's only accessible by the box VM is running on. No other computers can access it.

  • NAT: Just like your home network with a wireless router, the VM will be assigned in a separate subnet, like 192.168.6.1 is your host computer, and VM is 192.168.6.3, then your VM can access outside network like your host, but no outside access to your VM directly, it's protected.

  • Bridged: Your VM will be in the same network as your host, if your host IP is 172.16.120.45 then your VM will be like 172.16.120.50. It can be accessed by all computers in your host network.

Improve this answer
2
  • 7
    The description of host-only networking in this answer isn't quite accurate and implies that the VM is accessible only by the host OS. See my answer for a more thorough explanation.
    – jamesdlin
    Commented Feb 20, 2017 at 21:06
  • NAT and Bridged seems to be the same. I do not understand the difference. So the HOST is AAA.BBB.CCC.x, and the VM is AAA.BBB.CCC.y in both cases. Where is the difference?
    – Alex
    Commented Jan 31, 2023 at 10:07
49

The below table shows the connectivity between VM and Host for different network types. Please see Virtualbox Docs: Networking for a brief explanation of the modes.

Overview of Networking Modes

  • '+' means 'yes, this direction of connection-initiation is possible'
  • '-' means 'initiating connections in the direction given in the column title is not possible'

'port forward' means that you'll have to manually add to the host's network configuration instructing it as follows: "whatever connection requests come to this port on your network adapter are actually meant for this port on this VM, so simply forward it there and not to any host-based listener". This makes the hidden NAT IP and port of the VM (on which a VM service is listening) effectively visible on the host adapter and available to receive requests from external entities. See: VBox Docs: Configuring Port Forwarding with NAT for an explanation of how this can be easily done.

See also: Oracle VM VirtualBox: Networking options and how-to manage them, Virtualbox Networks: In Pictures, VirtualBox Network Settings: Complete Guide

Improve this answer
7
  • 6
    That's what means, a picture is worth a thousand words
    – abd3lraouf
    Commented Jul 3, 2018 at 17:38
  • Can I ask you a little improvement? Can you add a column that explain if VM can access other ip of the host ip network?
    – realtebo
    Commented Aug 4, 2018 at 14:18
  • The "Internal" row is what you're looking for. From the site mentioned above: "Internal Networking is similar to bridged networking in that the VM can directly communicate with the outside world. However, the "outside world" is limited to other VMs on the same host which connect to the same internal network."
    – Alok P
    Commented Sep 20, 2018 at 7:11
  • Anyone, in NAT/NAT Network - why can't the guest connect to host? The gateway/router would have to handle it just like accessing any address on the Internet.
    – samshers
    Commented Jul 11, 2019 at 22:26
  • it looks like "NAT Network" permits both VM <--> HOST ping. Don't understand why the docs says it does not.
    – samshers
    Commented Jul 13, 2019 at 13:09
26

While the other answers here provide good descriptions for the NAT and Bridged modes, their explanations for Host-only mode are not quite accurate.

From VMware's documentation, under Configuring Network Connections > Understanding Common Networking Configurations:

Host-only networking creates a network that is completely contained within the host computer. Host-only networking provides a network connection between the virtual machine and the host system by using a virtual network adapter that is visible on the host operating system.

(Emphasis mine.)

Note that it does not say that the VM will be accessible only by the host. The network is self-contained, not the connection. This is a subtle but important difference.

Additionally, as pointed out by user5389726598465, under Creating Virtual Machines > Preparing to Create a New Virtual Machine > Selecting the Network Connection Type for a Virtual Machine:

With host-only networking, the virtual machine can communicate only with the host system and other virtual machines in the host-only network. Select host-only networking to set up an isolated virtual network.

You should be aware that the Host-only, NAT, and Bridged modes are aliases to specific virtual networking switches ("VMnets") that are preconfigured for the different behaviors. As with a normal network switch, all machines connected to the same switch are visible to each other.

This means that all VMs connected to a host-only network will be visible to the host and to each other. If you want a VM that is visible only to the host, you will need to assign it a dedicated VMnet and avoid assigning any other VMs to that VMnet.

Improve this answer
5
  • 2
    +1 Your answer is correct but the line after your quote in the KB is a better quote: "With host-only networking, the virtual machine can communicate only with the host system and other virtual machines in the host-only network. Select host-only networking to set up an isolated virtual network."
    – user5389726598465
    Commented Jan 17, 2018 at 13:05
  • @user5389726598465 I agree that's a better quote, but I don't see that in the VMware Workstation product documentation. (The link I had was broken, but it's fixed now.) If your quote is from a KB article, can you please provide a reference to it?
    – jamesdlin
    Commented Jan 17, 2018 at 19:19
  • 2
    Here's the link: pubs.vmware.com/workstation-9/…. Unfortunately, the other answers seem reasonable so everyone upvotes them and skip your answer not realizing the VM's can still see e/o.
    – user5389726598465
    Commented Jan 18, 2018 at 4:17
  • You quote a thing that says "With host-only networking, the virtual machine can communicate only with the host system and other virtual machines in the host-only network. Select host-only networking to set up an isolated virtual network." <-- Does that mean you can't access the web eg Google.com from the virtual machine? And if you can then what do you actually mean by that quote?
    – barlop
    Commented Dec 4, 2022 at 2:22
  • 1
    @barlop Correct, you would not be able to connect to the Internet from a host-only network (unless one of the VMs on that network explictly bridged it).
    – jamesdlin
    Commented Dec 4, 2022 at 2:58
3

I installed IIS on virtual machine C1,H1,B1,N1 and Windows 10 on C2,H2,B2,N2. These 6 VM are on my host computer. I have another laptop connected by ethernet cable connected to same router as my host computer. I arranged them in pair of each switch type. I have tried this combination with port forwarding on my home router and on virtual machine N1 using NAT switch. This is what I concluded after trying to access the website on each of the device in network. I also configured my Virtual Network Editor settings to create two subnets 3.3.3.0 for VMnet1 (Host only switch) and 2.2.2.0 for VMnet8 (NAT switch). The settings are as below

enter image description here

Since NAT switch has Virtual Router (2.2.2.2) that also act as (Router + Default gateway + DNS server) for 2.2.2.0 subnet so N1,N2 can access Internet on it. But Host Only switch has no virtual router and default gateway so cannot access internet on H1,H2.

Just to summarize which all device can communicate with each other I have created one diagram for understanding enter image description here

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .