Why do I need to use port forwarding to be able to access SFTP on my VM?

0

I'm using Debian on a Virtualbox VM, the default network mode is NAT which according to the Virtualbox documentation is "the simplest way of accessing an external network from a virtual machine. Usually, it does not require any configuration on the host network and guest system. For this reason, it is the default networking mode in Oracle VM VirtualBox.", and for some reason it's not possible to directly FTP in to my VM from my host machine without adding port forwarding.

I don't understand why I need to port forward to be able to access SFTP if this is the simplest networking method to/from a VM. Why is this?

warsong

Posted 2020-02-05T17:38:20.020

Reputation: 505

on thing is you VM to access the internet, that is what is described in the documentation that you've referred. Another thing is routing a request from your host to you guest VM. Port forwarding is telling the network which path to take when a specific address is asked. – BANJOSA – 2020-02-05T17:49:03.763

Answers

1

The quote says "simplest way of accessing an external network", that is, making outgoing connections from the VM. This does not necessarily apply to incoming connections.

In "NAT" mode, VirtualBox itself implements router functions and the host OS remains completely unaware of a virtual network happening: it thinks the VBoxVM process itself is making a bunch of TCP connections like a regular app would.

But that same reason is why you cannot make incoming connections by default: the host OS doesn't know where to send them, because there's no network interface which corresponds to the VM subnet, there are no routes, nothing.

(Really, this is exactly the same situation as if connecting a 2nd router to your physical home LAN. Keeping that 2nd router in NAT mode is definitely the simplest approach when outbound connections is all you care about – but as soon as you need to make an inbound connection from the 'outer' network towards an 'inner' host, it all breaks down and you have to use port forwarding or switch to standard routing/bridging.)

user1686

Posted 2020-02-05T17:38:20.020

Reputation: 283 655

Asked: 2020-02-05T17:38:20.020

Viewed: 30 times

Active: 2020-02-05T17:53:29.080