How to use port forwarding in VirtualBox

Need to keep your VirtualBox VMs on a different network, yet still have access to them? Use Port Forwarding to make this easy.

How to use port forwarding in VirtualBox

If you depend on VirtualBox, you probably know the fundamentals of its networking system: You create a virtual machine and use either NAT or Bridged for networking. Thing is, if you use NAT (to keep your virtual machines on a different IP address scheme than your primary network), you won't be able to reach those guest servers. If you use Bridged Networking, those virtual machines wind up on your company network. Although Bridged is far simpler than NAT, in some cases it could be considered a security issue (especially if you use those VMs for development or testing purposes). 

So what do you do when you want to isolate the VMs to a different network, but still want to reach specific services (via specific ports)? You use port forwarding.

SEE: Choosing your Windows 7 exit strategy: Four options (TechRepublic Premium)

I'm going to walk you through the steps for setting up a port forwarding rule in VirtualBox. I'll be demonstrating the process of creating a rule for SSH to a Ubuntu Desktop machine, but this same process can be done with nearly any guest that accepts Secure Shell traffic. Also, this example can be modified for use on any port for any service.

What you need

The only things you'll need to make this work are:

  • VirtualBox installed and running.
  • A guest VM accepting SSH traffic.

And that's it. Let's work.

Creating the rule

Open VirtualBox and select the VM you want to alter. Click Settings and then click on the Network tab. In the Network window expand the Advanced section and click Port Forwarding (Figure A).


Figure A: The Port Forwarding button.

In the Port Forwarding Rules window, click the + button and fill out the new rule as such:

  • Name - SSH
  • Protocol - TCP
  • Host IP - leave blank
  • Host Port - 2222
  • Guest IP - leave blank
  • Guest Port - 22

Once you've filled that out (Figure B), click OK to save the rule.


Figure B: Our new port forwarding rule.

One thing to note: Leaving the Host IP blank will default to and leaving the Guest IP address blank will default to whatever IP address is assigned to the Guest. This is the most logical choice, as IP addresses change and you never know what address you'll be connecting from. 

If the guest VM isn't running, start it up and wait for the boot process to complete.

Connecting to the guest

Now it's time to connect to the guest. As it stands, we're routing port 2222 on the Host to port 22 on the guest. So if you're on the Host machine, you'll Secure Shell to the guest with the command:

ssh -p2222 USERNAME@

Where USERNAME is a valid username on the Guest. You will be prompted for the user password and be given access.

But what if you're trying to gain access to the Guest from a machine other than the host? Simple, you'd use the Host IP address instead of In other words, if the Host IP address is and you want to gain access to that Guest from another machine on your 192.168.1.x network, you'd issue the command:

ssh -p2222 USERNAME@

Where USERNAME is a valid username on the Guest.

You'd be prompted for the Guest user's password, and (upon successful authentication) be given access.

Guest access made easy

And that's all there is to setting up a port forward rule, such that you can access a VirtualBox Guest that is running on a different network address scheme than your host. 

Also see


Image: Jack Wallen