Differences between bridged and NAT networking

Solution 1:

How NAT works in a nutshell

An external address, usually routable, is the "outside" of the NAT. The machines behind the NAT have an "inside" address that is usually non-routable. When a connection is made between an inside address and an outside address, the NAT system in the middle creates a forwarding table entry consisting of (outside_ip, outside_port, nat_host_ip, nat_host_port, inside_ip, inside_port). Any packet matching the first four parts gets its destination re-written to the last two parts.

If a packet is received that doesn't match an entry in the NAT table, then there is no way for the NAT box to know where to forward it unless a forwarding rule was manually defined. That's why, by default, a machine behind a NAT device is "protected".

Bridged

Bridged mode acts just like the interface you're bridging with is now a switch and the VM is plugged into a port on it. Everything acts the same as if it were another regular machine attached to that network.

Solution 2:

With NAT the IPs of the virtual machines and the network your host is connecting to are separated. Meaning your VMs are on a different subnet. You can access the network because your host is doing Network Address Translation (if you don't know what that is What is strict, moderate and open NAT? ). The IP is assigned by a DHCP running on the host

With a bridged interface your virtual machines are directly connected to the network the network interface they are using is connected to. This means in your case that they will be directly connected to the network your host connects to, getting IP addresses from the DHCP server running on the network (which probably also gives your host its IP).

Now why can't you access these machines:

Because you would need to enable portforwarding on the NAT segment. The NAT translates your virtual machines IPs to a single IP. Incomming connections have to be routed with portforwarding as the host cannot know for what virtual machine the connection is meant.

While NAT can provide some protection it's not a firewall, for the same reason as above( when using NAT, inbound hosts can't connect unless portforwarding is enabled). However NAT is NOT SECURITY (http://blog.ioshints.info/2011/12/is-nat-security-feature.html).

NAT has some side effects that resemble security mechanisms commonly used at the network edge. That does NOT make it a security feature, more so as there are so many variants of NAT.

Solution 3:

Bridged connections are just that, essentially a virtual switch is connected between the VM and your physical network connection.

NAT'd connections are also just that, instead of a switch a NAT router is between the VM and your physical network connection.

Solution 4:

With a NAT connection, the host computer (your primary, physical machine) is acting like a router/firewall. The VM piggybacks off the network interface of the host and all packets to/from the VM are routed through it. Since the host computer actually sees IP packets and TCP datagrams, it can filter or otherwise affect the traffic.

When the VM is using bridged mode, it's connecting to the network via the host at a lower level (Layer 2 of the OSI model). The host machine still sees the traffic, but only at the Ethernet frame level. So it's unable see where traffic is coming from/going to or what kind of data is contained in that traffic.