I’ve been playing around with bridged mode in VirtualBox, trying to see how I can get it to work. Turns out it’s fairly easy to do, so this article will be somewhat shorter than what I usually write. I just want to look at what I did to enable bridged networking in my VirtualBox VMs and the procedure I went through to test this functionality.
In case you don’t know, bridged mode allows a VirtualBox VM to have its own IP address on your physical network, so it’s treated like any other host. This is as opposed to NAT mode, where the VM is essentially on its own private LAN and is not in the same address space as the other hosts on your network. Bridged networking allows other devices on the network to access the VM as if it were a physical device.
Just as importantly for me, it allows the VM to access other hosts on the physical network if you’re behind a VPN. If two hosts are on different private network segments and you try to access one from the other while using a VPN, it will contact the VPN first and then try to access the device from the VPN. This means you’re trying to access a device on a private LAN from the external Internet, which is impossible. So if I want to use say a Kali Linux VM to connect to my HackMe server for pen-testing purposes, I will have to either turn off the VPN (which I don’t want to do) or make it so both devices are in the same address space. Bridged mode allows me to do this.
All VirtualBox VMs use NAT mode for networking by default. To switch to bridged mode, go into VirtualBox’s Settings for the VM, then go to the Network tab, then go to the drop-down menu labeled “Attached to” and select “Bridged Adapter”, as shown in the screenshot:
Below this menu is another drop-down menu that allows you to select the adapter to virtualize. In this case I have selected my Ethernet NIC because the only other options are the WNIC and the TUN/TAP adapters for the VPN. I never use my WNIC because I believe WiFi is inherently insecure, and obviously I’m not going to use my TUN/TAP adapter because then I would be going through my VPN, which would defeat the purpose of using bridged mode.
In addition to allowing you to select the adapter and adapter type, VirtualBox also lets you refresh the MAC address field, giving you a new MAC address. This can be useful if you need to spoof your MAC for whatever reason.
After changing my Kali Linux VM to bridged mode, I booted up and ran
ifconfig to determine the MAC and IP address. This is information that I would need to test connectivity from outside VirtualBox. I then proceeded to ping my NAS server, which was successful. After that I did an SSH login into the server just to be sure (not pictured).
I scanned my entire wired network from outside VirtualBox using ZenMap (a graphical frontend for NMap):
Unfortunately as you can see the ping scan didn’t pick up the VirtualBox VM. I still haven’t figured out why this was. At first I thought I had done something wrong in setting bridged mode and it wasn’t working, but then I did a ping scan using just the default
ping utility in the command prompt, and I was able to connect from both the host that VirtualBox was running on as well as an entirely different physical computer.
So basically, it looks like I have everything I need if I want to work on hacking lab projects using a Kali Linux VM, or if I want to experiment with running servers in VirtualBox. Maybe I could have a Plan 9 CPU server or file server like I mentioned in the previous post on Plan 9. That would be cool.