How NAT works in a nutshell

An external address, usually routable, is the "outside" of the NAT. The machines behind the NAT have an "inside" address that is usually non-routable. When a connection is made between an inside address and an outside address, the NAT system in the middle creates a forwarding table entry consisting of (outside_ip, outside_port, nat_host_ip, nat_host_port, inside_ip, inside_port). Any packet matching the first four parts gets its destination re-written to the last two parts.

If a packet is received that doesn't match an entry in the NAT table, then there is no way for the NAT box to know where to forward it unless a forwarding rule was manually defined. That's why, by default, a machine behind a NAT device is "protected".


Bridged mode acts just like the interface you're bridging with is now a switch and the VM is plugged into a port on it. Everything acts the same as if it were another regular machine attached to that network.

  • 0
Reply Report

Host-only only permits network operations with the Host OS.

NAT mode will mask all network activity as if it came from your Host OS, although the VM can access external resources.

Bridged mode replicates another node on the physical network and your VM will receive it's own IP address if DHCP is enabled in the network.

  • 0
Reply Report

Related Questions

Trending Tags