VirtualBox - "host-only" with internet

INTRODUCTION

It is a complete guide to have the accesses "VM <-> Host", "VM1 <-> VM2" and "VM -> Internet" on the guests using a single network interface ("host-only") on VirtualBox.

IMPORTANT: Run all the commands as "root".

EXECUTE ON HOST

NOTE: We use a Manjaro (Arch based) host as a template. You may need adjustments and changes to other distros.

You need to copy the iptables template configuration file...

$ cp /etc/iptables/empty.rules /etc/iptables/iptables.rules

... so you can start the "iptables.service".

Enable and start "iptables.service"...

$ systemctl enable --now iptables.service

Enable IP forwarding...

$ sysctl -w net.ipv4.ip_forward=1
$ printf "net.ipv4.ip_forward=1\n" >> /etc/sysctl.d/30-ipforward.conf

Add the following iptables rules. This will forward packets through the host ("vboxnet0") and to the internet...

$ iptables -t filter -I FORWARD --in-interface vboxnet0 --out-interface <HOST_INTERFACE_WITH_INTERNET> --source 192.168.56.0/24 -j ACCEPT
$ iptables -t filter -I FORWARD --in-interface <HOST_INTERFACE_WITH_INTERNET> --out-interface vboxnet0 --destination 192.168.56.0/24 -j ACCEPT
$ iptables -t nat -I POSTROUTING -o <HOST_INTERFACE_WITH_INTERNET> -j MASQUERADE

... OR add the following iptables rules...

$ iptables -t nat -I POSTROUTING -s 192.168.56.0/24 -j MASQUERADE
$ iptables -P FORWARD ACCEPT
$ iptables -t nat -P POSTROUTING ACCEPT

NOTE: On the "TEMPLATE II" you do not need to inform the name of the host interface (<HOST_INTERFACE_WITH_INTERNET>) and the name of the VirtualBox interface (vboxnet0). In that way any host interface that has internet will work, that is, I do not have to adjust the name of the interface that has internet whenever it changes. An example of this is when we change from the wired interface (eg .: enp4s0f2) to the wireless interface (eg: wlp3s0) and vice-versa.

FURTHER QUESTION: I presented two ways to configure "iptables" because I do not know if there is any advantage in using the "TEMPLATE I". Any comment?

TIP: To find out the name of the network interface (<HOST_INTERFACE_WITH_INTERNET>) that has internet use the "ip a" command.

Save rules to iptables configuration and restart the service...

$ iptables-save > /etc/iptables/iptables.rules
$ systemctl restart iptables.service

Enable and start "dnsmasq" in host...

$ systemctl enable --now dnsmasq.service

NOTE: "dnsmasq" is a small caching DNS proxy and DHCP/TFTP server.

EXECUTE ON GUEST

NOTE: We use a CentOS 7 guest as a template. You may need adjustments and changes to other distros.

Configure the network interface according to the model...

NOTE: The network configuration file is in the "/etc/sysconfig/network-scripts/" folder path.

BOOTPROTO=static
DEVICE=<NETWORK_INTERFACE_NAME>
DNS1=<HOST-ONLY_HOST_IP>
GATEWAY=<HOST-ONLY_HOST_IP>
IPADDR=<HOST-ONLY_GUEST_IP>
IPV6INIT=NO
NETMASK=255.255.255.0
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
USERCTL=NO
ZONE=

Eg.:

BOOTPROTO=static
DEVICE=eno16777736
DNS1=192.168.56.1
GATEWAY=192.168.56.1
IPADDR=192.168.56.101
IPV6INIT=NO
NETMASK=255.255.255.0
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
USERCTL=NO
ZONE=

Restart the network service...

$ systemctl restart network.service

To test...

$ curl http://www.google.com

REFERENCE

• https://jackal777.wordpress.com/2012/02/13/internet-access-in-virtualbox-host-only-networking/
• https://askubuntu.com/questions/293816/in-virtualbox-how-do-i-set-up-host-only-virtual-machines-that-can-access-the-in
• https://kyrofa.com/posts/virtualbox-internet-access-with-host-only-network
• http://archlinux.org.ru/forum/topic/2219/
• https://wiki.archlinux.org/index.php/Iptables
• https://wiki.archlinux.org/index.php/Internet_sharing