As the virtual machine is connected to a private network internal to VirtualBox and invisible to the host, network services on the guest are not accessible to the host ma-chine or to other computers on the same network. However, VirtualBox can make given services available outside of the guest by using port forwarding. This means that VirtualBox listens to certain ports on the host and resends all packages which arrive on them to the guest on the ports used by the services being forwarded. To an application on the host or other physical (or virtual) machines on the network, it looks as though the service being proxied is actually running on the host (note that this also means that you cannot run the same service on the same ports on the host). However, you still gain the advantages of running the service in a virtual machine – for example, services on the host machine or on other virtual machines cannot be compromised or crashed by a vulnerability or a bug in the service, and the service can run in a different operating system to the host system.

You can set up a guest service which you wish to proxy using the command line tool VBoxManage. You will need to know which ports on the guest the service uses and to decide which ports to use on the host (often but not always you will want to use the same ports on the guest and on the host). You can use any ports on the host which are not already in use by a service. An example of how to set up incoming NAT connections to a ssh server on the guest requires the following three commands:


VBoxManage setextradata "GuestName” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/Protocol” TCP

VBoxManage setextradata “GuestName” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/GuestPort” 80

VBoxManage setextradata “GuestName” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/Apache/HostPort” 8880


The name Apache is an arbitrary one chosen for this particular forwarding configuration.
The name GuestName is the name you gave your virtual machine.
With that configuration in place, all TCP connections to port 8880 on the host will be forwarded to port 80 on the guest. Protocol can be either of TCP or UDP (these are case insensitive). To remove a mapping again, use the same commands, but leaving out the values (in this case TCP, 80 and 8880).

It is not possible to configure incoming NAT connections while the VM is running. However you can change the settings for a VM which is currently saved (or powered off at a snapshot).

NAT limitations

There are four limitations of NAT mode which users should be aware of:

• ICMP protocol is very limited: Some frequently used network debugging tools (e.g. ping) rely on sending/receiving messages based on the ICMP protocol. The ICMP protocol cannot be used directly by normal applications such as VirtualBox, as it would, at least on Linux hosts, require root permissions (more precisely CAP_NET_RAW). Since this is not desirable, no attempt has been made to support ICMP to addresses other than 10.0.2.2 and 10.0.2.15. If you try to ping any other IP address you will not get any response.
• Receiving of UDP broadcasts is not reliable: The guest does not reliably receive broadcasts, since, in order to save resources, it only listens for a certain amount of time after the guest has sent UDP data on a particular port. As a consequence, NetBios name resolution based on broadcasts is not always working (but WINS always works). As a workaround, you can use the numeric IP of the desired server in the \\server\share notation.
• Protocols other than TCP and UDP are not supported: This means some VPN products (e.g. PPTP from Microsoft) can not be used. There are other VPN products which use simply TCP and UDP.
• Forwarding host ports < 1024 impossible: On Unix-based hosts (e.g. Linux, Solaris, MacOS X) it is not possible to bind to ports below 1024 from applications that are not run by root. Therefore if you try to configure such a port forwarding, then the VM will refuse to start.

These limitations normally don’t affect standard network use. But the presence of NAT has also subtle effects that may interfere with protocols that are normally working. One example is NFS, where the server is often configured to refuse connections from non-provileged ports (i.e. ports not below 1024).

Monster Cable Products Inc., the company that’s synonymous with expensive video and audio cables, is going wireless.

On Thursday, Monster is introducing a set of two boxes: a receiver that plugs into the back of a high-definition TV and a transmitter that connects to a DVD player or other components of a home entertainment center.

The transmitter can send an HD video signal wirelessly up to 30 feet to the receiver, using so-called ultra-wideband, or UWB, technology from Sigma Designs Inc.

“This is our Monster Cable-less solution,” joked Monster Cable president Noel Lee, in an interview.

The Monster Digital Express HD boxes will be available in October for $299.95 each.

Ever wonder whether you’d be better off working some place else?

A new Web site called Glassdoor.com is trying to make it easier to find out by compiling free snapshots of the current salaries paid by hundreds of major employers, along with reviews anonymously written by current and past workers.

“We think it’s super important that people are able to find a job where they can go home happy at the end of the day,” said Robert Hohman, Glassdoor’s co-founder and chief executive.

The Sausalito-based startup’s other founders include Rich Barton, CEO of online home appraisal site Zillow.com.

By providing free access to sensitive salary information and sometimes blunt reviews of companies, Glassdoor is bound to upset some employers, predicted Jupiter Research analyst Barry Parr.

Multiple congressional computers have been hacked by people working from inside China, lawmakers said Wednesday, suggesting the Chinese were seeking lists of dissidents.

Two congressmen, both longtime critics of Beijing’s record on human rights, said the compromised computers contained information about political dissidents from around the world. One of the lawmakers said he’d been discouraged from disclosing the computer attacks by other U.S. officials.

Rep. Frank Wolf, R-Va., said four of his computers were compromised beginning in 2006. New Jersey Rep. Chris Smith, a senior Republican on the House Foreign Affairs Committee, said two of the computers at his global human rights subcommittee were attacked in December 2006 and March 2007.

Wolf said that following one of the attacks, a car with license plates belonging to Chinese officials went to the home of a dissident in Fairfax County, Va., outside Washington and photographed it.

During the same time period, The House International Relations Committee - now known as the House Foreign Affairs Committee - was targeted at least once by someone working inside China, said committee spokeswoman Lynne Weil.

Wednesday’s disclosures came as U.S. authorities continued to investigate whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce Department computers.

The Pentagon last month acknowledged at a closed House Intelligence committee meeting that its vast computer network is scanned or attacked by outsiders more than 300 million times each day.

Wolf said the FBI had told him that computers of other House members and at least one House committee had been accessed by sources working from inside China. The Virginia Republican suggested that Senate computers could have been attacked as well.

He said the hacking of computers in his Capitol Hill office began in August 2006, that he had known about it for a long time and that he had been discouraged from disclosing it by people in the U.S. government he refused to identify.

“The problem has been that no one wants to talk about this issue,” he said. “Every time I’ve started to do something I’ve been told ‘You can’t do this.’ A lot of people have made it very, very difficult.”

The FBI and the White House declined to comment.

Microsoft Corp. and Harrah’s Entertainment Inc. introduced a high-tech interactive bar table Wednesday that lets patrons order drinks, watch YouTube videos, play touch-screen games and even flirt with each other.

The tables offer Harrah’s a new way to track its customers’ habits and behaviors, adding to its sophisticated costumer rewards program that tracks users’ gambling habits.

“Of all the goodies up our sleeves lately, this is one of the most dramatic,” Tim Stanley, chief information officer of Harrah’s, told The Associated Press. “The range of opportunities are fairly limitless.”

The six rectangular tables with built-in 30-inch flat screens using Microsoft Surface technology were installed in a lounge at the Rio All-Suite Hotel & Casino in Las Vegas, with custom applications built for Harrah’s.

A spokeswoman for Microsoft said the units sold for a base price of $10,000.