NAT is useful when the number of IP addresses is limited or the host system is connected to the network through a non-Ethernet adapter.

With NAT, a virtual machine can use many standard TCP/IP protocols to connect to other machines on the external network. For example, you can use HTTP to browse Web sites, FTP to transfer files, and Telnet to log in to other computers. You also can connect to a TCP/IP network by using a Token Ring adapter on the host system. NAT works with Ethernet, DSL, and phone modems.

In the default NAT configuration, computers on the external network cannot initiate connections to the virtual machine. For example, you cannot use the virtual machine as a Web server to send Web pages to computers on the external network. This feature protects the guest operating system from being compromised before you have a chance to install security software.

NAT configurations have the following additional features and limitations.

  • NAT causes some performance loss. Because NAT requires that every packet sent to and received from a virtual machine must be in the NAT network, an unavoidable performance penalty occurs.
  • NAT is not perfectly transparent. NAT does not usually allow connections to be initiated from outside the network, although you can manually configure the NAT device to set up server connections. The practical result is that some TCP and UDP protocols that require a connection be initiated from the server machine do not work automatically and some might not work at all.
  • NAT provides some firewall protection. A standard NAT configuration provides basic-level firewall protection because the NAT device can initiate connections from the private NAT network, but devices on the external network usually cannot initiate connections to the private NAT network.