Hacker News new | ask | show | jobs
by tomjakubowski 2379 days ago
I'm missing something - even without bridged networking, the VMs should still be able to network with each other, and the VM host should also be able to reach each VM. So I don't see how the lack of bridged networking prevents you from testing the deployed VMs. Do you need to control the tests from somewhere outside the VM host?
1 comments
jsjohnst 2379 days ago
NAT networking does not imply the host running Multipass can access ports exposed on the VMs, quite the opposite. Host only would imply that, but not typical NAT in a virtual machine. Not saying it’s not possible with Multipass, just saying it shouldn’t be assumed it does.
link
mlyle 2379 days ago
Generally if you are on a router performing NAT, you have routes to the hosts behind the NAT. Whenever I've used VMs with NAT I've been able to interact with the NAT'd network from the actual hypervisor host.
link
jsjohnst 2379 days ago
Which hypervisor are you using?

As one example, VirtualBox[0] only allows host -> VM via port forwards when using NAT networking.

[0] see table 6.1 here: https://www.virtualbox.org/manual/ch06.html

link
mlyle 2378 days ago
Yes, VirtualBox is an exception, because it does its own weird NAT.

VMware:

> The host computer has an adapter on the NAT network (identical to the host-only adapter on the host-only network). This adapter allows the host and the virtual machines to communicate with each other for such purposes as file sharing. The NAT never forwards traffic from the host adapter.

Libvirt/KVM:

> By default, guests that are connected via a virtual network with <forward mode='nat'/> can make any outgoing network connection they like. Incoming connections are allowed from the host, and from other guests connected to the same libvirt network, but all other incoming connections are blocked by iptables rules.

Hyper-V lets you connect from host to NAT'd guests, though the documentation doesn't explicitly say this. Parallels works this way too. Xen is a weird one, because it doesn't really do the NAT itself; if you follow the Linux instructions it'll work the way I describe.

link
jsjohnst 2378 days ago
While I agree, some hypervisors act differently, but my original comment stands as due to at least one major hypervisor not allowing direct host access to NAT’d VMs, you can’t assume it works given no context.

Either way, thanks for the research. I stopped after checking VMware.

link