Simple

Here's a very simple iptables ruleset that masquerades everything. This one works for many simpler setups. It won't work if the box is working as a full-blown router — it has a potentially nasty habit of NATting all traffic that leaves your computer.

iptables -A POSTROUTING -o eth+ -t nat -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -j MASQUERADE

Full

If the simple solution fails to work, or if your configuration is more complex, this ruleset might help:

NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MASK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MASK -j MASQUERADE

It marks packets coming in through any vboxnet* interface, then, later, masquerades (SNAT) any packets going out of eth* or wlan* with the mark set.

Also…

In addition to the iptables rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like this one.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.

Simple

Here's a very simple iptables ruleset that masquerades everything. This one works for many simpler setups. It won't work if the box is working as a full-blown router — it has a potentially nasty habit of NATting all traffic that leaves your computer.

iptables -A POSTROUTING -o eth+ -t nat -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -j MASQUERADE

Full

If the simple solution fails to work, or if your configuration is more complex, this ruleset might help:

NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MARK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MARK -j MASQUERADE

It marks packets coming in through any vboxnet* interface, then, later, masquerades (SNAT) any packets going out of eth* or wlan* with the mark set.

Also…

In addition to the iptables rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like this one.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.

Here's an iptables ruleset that's worked for me in the past (YMMV):

NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MASK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MASK -j MASQUERADE

It marks packets coming in through any vboxnet* interface, then, later, masquerades (SNAT) any packets going out of eth* or wlan* with the mark set.

In addition to the iptables rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like that.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.

Simple

Here's a very simple iptables ruleset that masquerades everything. This one works for many simpler setups. It won't work if the box is working as a full-blown router — it has a potentially nasty habit of NATting all traffic that leaves your computer.

iptables -A POSTROUTING -o eth+ -t nat -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -j MASQUERADE

Full

If the simple solution fails to work, or if your configuration is more complex, this ruleset might help:

NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MASK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MASK -j MASQUERADE

It marks packets coming in through any vboxnet* interface, then, later, masquerades (SNAT) any packets going out of eth* or wlan* with the mark set.

Also…

In addition to the iptables rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like this one.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.

Why don't you change the VM to use bridged networking? It'll then get its own equivalent of eth0 and wlan0.

For a more general solution (in addition to the iptables rules), you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways pakcets through the host (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like that.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.

Here's an iptables ruleset that's worked for me in the past (YMMV):

NATIF='vboxnet+'
MARK=1
iptables -A PREROUTING -t mangle -i $NATIF -j MARK --set-mark $MARK
iptables -A POSTROUTING -o eth+ -t nat -m mark --mark $MASK -j MASQUERADE
iptables -A POSTROUTING -o wlan+ -t nat -m mark --mark $MASK -j MASQUERADE

It marks packets coming in through any vboxnet* interface, then, later, masquerades (SNAT) any packets going out of eth* or wlan* with the mark set.

In addition to the iptables rules, you'll need to turn your host computer into a router by enabling packet forwarding. Put:

net.ipv4.ip_forward=1

in /etc/sysctl.conf, then say

sudo sysctl -p /etc/sysctl.conf.

Alternatively:

echo 1 | sudo tee /proc/sys/net/ipv4_ip_forward

The guest must also have a default route that gateways packets through the host's external interfaces (and for this, chances are host-only mode just won't work). Check its routing table (this depends on the guest OS).

Also, install wireshark or tshark and use them to examine packets. There's no better way to solve generic networking issues like that.

Personally, I'd suggest changing the guest to use bridged mode networking and making available to it both of the host's interfaces. Then it can connect on its own, using the DHCP service on your router to get a local address on its own. No NAT needed.