Nat – Differences between bridged and NAT networking

bridgenat;networking

I don't fully understand the differences between NAT and a bridged connection over an virtual machine. As far as I've found, machines which are on the same network with our host machine can access our virtual machine if we make a bridged connection.

Well, on the internet, people write that both NAT and bridged virtual machines can have IP address like a host machine but if it is NAT, machines which are on the same network can NOT access our vm but if it is bridged, then they can.

If both NAT and bridged connections can have different IP addresses, then why can't I access a NAT'd address while I can access a bridged address?

Note: stating that NAT connections are protected is insufficient; I want to know how that is.

Best Answer

How NAT works in a nutshell

An external address, usually routable, is the "outside" of the NAT. The machines behind the NAT have an "inside" address that is usually non-routable. When a connection is made between an inside address and an outside address, the NAT system in the middle creates a forwarding table entry consisting of (outside_ip, outside_port, nat_host_ip, nat_host_port, inside_ip, inside_port). Any packet matching the first four parts gets its destination re-written to the last two parts.

If a packet is received that doesn't match an entry in the NAT table, then there is no way for the NAT box to know where to forward it unless a forwarding rule was manually defined. That's why, by default, a machine behind a NAT device is "protected".

Bridged

Bridged mode acts just like the interface you're bridging with is now a switch and the VM is plugged into a port on it. Everything acts the same as if it were another regular machine attached to that network.