M HYPE SPLASH
// news

How to SSH to a to a VirtualBox VM on a Windows host with NAT from another PC on the same LAN?

By John Peck

I have an Ubuntu 20.04 VM (VirtualBox) on a Windows 11 host.

The network is attached by NAT.

I have port forwarding in VirtualBox as follows:

Name | Protocol | Host IP | Host Port | Guest IP | Guest Port
SSH | TCP | 127.0.0.1 | 2222 | 10.0.2.10 | 22

So now I can SSH to the VM from the Windows host via PuTTY from 127.0.0.1:2222 without any issues.

The IP of that host on my LAN is 192.168.10.15. So I try to ssh to that VM from another Windows PC via 192.168.10.15:2222 but I get Connection timed out.

So I thought perhaps the Windows host is blocking inbound traffic, so I opened all ports just in case (for testing) - connection still timed out.

So I added a port forwarding rule in my router on the IP 192.168.10.15 :

Name: SSH
External Port Start: 2200
External Port End: 2200
Protocol: TCP
Internal Port Start: 2222
Internal Port End: 2222
IPv4: 192.168.10.15

then I tried to SSH via 192.168.10.15:2200, but still nothing.

I even tried all sorts of combinations:

192.168.10.15:2222, 192.168.10.15:22, but all timed out.

I even added all ports to outbound rules on the Windows PC that tries to SSH to the other PC, still nothing

What is the problem?

1 Answer

Your router doesn't need a port forwarding rule if all you want is to connect to the host directly. You can just... connect to the host. The purpose of "port forwarding" is to translate addresses – e.g. when ssh'ing to the router's public (WAN) address, it would translate the destination to your computer's LAN address instead. But when you're already in the same LAN where you can directly say ssh 192.168.10.15, there is no translation involved. (In fact, a direct LAN connection doesn't even go through the router at all, so it couldn't apply port-forwarding if it wanted to.)

The real problem here is that the "Host IP" parameter in your VirtualBox's port forwarding rule only tells it to listen on 127.0.0.1 (loopback address). This means it will only accept connections made to 127.0.0.1 exactly – it doesn't matter that 192.168.10.15 is the same machine; the connection's destination address has to exactly match the listen address.

Change "Host IP" to 0.0.0.0 if you want it to listen on all IP addresses that the host machine has.

7

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in news

How to Test Website from Different Countries?

Reeling Backward: The Rainmaker (1956)