Connect to virtualbox guest machine from LAN machine?

Let’s discuss the following scenario


you are on a network (corporative or just your house’s LAN) and there is a machine (host)  that has a virtual machine (guest) that you want to reach from another machine on the network (client)

  • all the machines are running CentOS 6.7
  • the guest has the network configured as NAT

the goal is to establish an ssh connection from the client to the guest

the first step is to make sure that the host is can see the guest with this configuration, in order to do this, you need to create a port forward rule in VirtualBox





I was doing this on a CentOS 7 server and I noticed that the listening address was only,  this means that the port won’t be available from an outside client 


to fix this, just set to the host IP, once you update it you should see

once this is done we will be able to see the guest from the host, we can log within the guest using

ssh -p 2280 vmuser@localhost #

now we can log into the guest from client performing two ssh connections

1-client->host # ssh
2-host->guest  # ssh -p 2280 vmuser@localhost #


but this is not cool because we have to provide two different passwords but there is a way in which we can do it just in one step

How we can access the guest bypassing the host?

make sure that on your /etc/ssh/sshd_config you have uncommented/enabled

GatewayPorts yes
AllowTcpForwarding yes

restart your ssh service

sudo service sshd restart

now we can access the guest from any machine on the network that can see the host

ssh -p 2280 


be aware that you need to enable the port in your firewall if you use ufw you can do

sudo ufw allow 2280/tcp

one important thing to remember is that we are not doing an ssh port forward, when I first was trying to achieve this I thought that would need ssh port forwarding but I was wrong (and I waste 1 day of my life haha) 🙂

another thing is that in this case, I chose NAT because I couldn’t use “bridge” as the network type since I didn’t have a DHCP configured and the IPs were restricted if you are lucky and you can have DHCP, it is easier, there is no need of forwarding anything