vagrant/website/source/docs/networking/public_network.html.md

---
layout: "docs"
page_title: "Public Networks - Networking"
sidebar_current: "networking-public"
description: |-
  Vagrant public networks are less private than private networks, and the exact
  meaning actually varies from provider to provider, hence the ambiguous
  definition. The idea is that while private networks should never allow the
  general public access to your machine, public networks can.
---

# Public Networks

**Network identifier: `public_network`**

Vagrant public networks are less private than private networks, and the exact
meaning actually varies from [provider to provider](/docs/providers/),
hence the ambiguous definition. The idea is that while
[private networks](/docs/networking/private_network.html) should never allow the
general public access to your machine, public networks can.

<div class="alert alert-info">
  <strong>Confused?</strong> We kind of are, too. It is likely that
  public networks will be replaced by <code>:bridged</code> in a
  future release, since that is in general what should be done with
  public networks, and providers that do not support bridging generally
  do not have any other features that map to public networks either.
</div>

<div class="alert alert-warning">
  <strong>Warning!</strong> Vagrant boxes are insecure by default
  and by design, featuring public passwords, insecure keypairs
  for SSH access, and potentially allow root access over SSH.  With
  these known credentials, your box is easily accessible by anyone on
  your network.  Before configuring Vagrant to use a public network,
  consider <em>all</em> potential security implications
  and review the <a href="/docs/boxes/base.html">default box
  configuration</a> to identify potential security risks.
</div>

## DHCP

The easiest way to use a public network is to allow the IP to be assigned
via DHCP. In this case, defining a public network is trivially easy:

```ruby
Vagrant.configure("2") do |config|
  config.vm.network "public_network"
end
```

When DHCP is used, the IP can be determined by using `vagrant ssh` to
SSH into the machine and using the appropriate command line tool to find
the IP, such as `ifconfig`.

### Using the DHCP Assigned Default Route

Some cases require the DHCP assigned default route to be untouched. In these cases one
may specify the `use_dhcp_assigned_default_route` option. As an example:

```ruby
Vagrant.configure("2") do |config|
  config.vm.network "public_network",
    use_dhcp_assigned_default_route: true
end
```

## Static IP

Depending on your setup, you may wish to manually set the IP of your
bridged interface. To do so, add a `:ip` clause to the network definition.

```ruby
config.vm.network "public_network", ip: "192.168.0.17"
```

## Default Network Interface

If more than one network interface is available on the host machine, Vagrant will
ask you to choose which interface the virtual machine should bridge to. A default
interface can be specified by adding a `:bridge` clause to the network definition.

```ruby
config.vm.network "public_network", bridge: "en1: Wi-Fi (AirPort)"
```

The string identifying the desired interface must exactly match the name of an
available interface. If it cannot be found, Vagrant will ask you to pick
from a list of available network interfaces.

With some providers, it is possible to specify a list of adapters to bridge
against:

```ruby
config.vm.network "public_network", bridge: [
  "en1: Wi-Fi (AirPort)",
  "en6: Broadcom NetXtreme Gigabit Ethernet Controller",
]
```

In this example, the first network adapter that exists and can successfully be
bridge will be used.

## Disable Auto-Configuration

If you want to manually configure the network interface yourself, you
can disable auto-configuration by specifying `auto_config`:

```ruby
Vagrant.configure("2") do |config|
  config.vm.network "public_network", auto_config: false
end
```

Then the shell provisioner can be used to configure the ip of the interface:

```ruby
Vagrant.configure("2") do |config|
  config.vm.network "public_network", auto_config: false

  # manual ip
  config.vm.provision "shell",
    run: "always",
    inline: "ifconfig eth1 192.168.0.17 netmask 255.255.255.0 up"

  # manual ipv6
  config.vm.provision "shell",
    run: "always",
    inline: "ifconfig eth1 inet6 add fc00::17/7"
end
```

## Default Router

Depending on your setup, you may wish to manually override the default
router configuration. This is required if you need access the Vagrant box from
other networks over the public network. To do so, you can use a shell
provisioner script:

```ruby
Vagrant.configure("2") do |config|
  config.vm.network "public_network", ip: "192.168.0.17"

  # default router
  config.vm.provision "shell",
    run: "always",
    inline: "route add default gw 192.168.0.1"

  # default router ipv6
  config.vm.provision "shell",
    run: "always",
    inline: "route -A inet6 add default gw fc00::1 eth1"

  # delete default gw on eth0
  config.vm.provision "shell",
    run: "always",
    inline: "eval `route -n | awk '{ if ($8 ==\"eth0\" && $2 != \"0.0.0.0\") print \"route del default gw \" $2; }'`"
end
```

Note the above is fairly complex and may be guest OS specific, but we
document the rough idea of how to do it because it is a common question.
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`---`
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`layout: "docs"`
website/docs: page titles on everything, cover more info 2013-09-06 16:50:43 +00:00			`page_title: "Public Networks - Networking"`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`sidebar_current: "networking-public"`
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`description: \|-`
Tabs to spaces 2016-01-19 19:54:13 +00:00			`Vagrant public networks are less private than private networks, and the exact`
			`meaning actually varies from provider to provider, hence the ambiguous`
			`definition. The idea is that while private networks should never allow the`
			`general public access to your machine, public networks can.`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`---`

			`# Public Networks`

website/docs: page titles on everything, cover more info 2013-09-06 16:50:43 +00:00			Network identifier: `public_network`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`Vagrant public networks are less private than private networks, and the exact`
			`meaning actually varies from [provider to provider](/docs/providers/),`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`hence the ambiguous definition. The idea is that while`
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`[private networks](/docs/networking/private_network.html) should never allow the`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`general public access to your machine, public networks can.`

			`<div class="alert alert-info">`
Tabs to spaces 2016-01-19 19:54:13 +00:00			`<strong>Confused?</strong> We kind of are, too. It is likely that`
			`public networks will be replaced by <code>:bridged</code> in a`
			`future release, since that is in general what should be done with`
			`public networks, and providers that do not support bridging generally`
			`do not have any other features that map to public networks either.`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`</div>`

$David\ Beitey$ Add security note for public networks 2014-10-08 06:05:46 +00:00			`<div class="alert alert-warning">`
Tabs to spaces 2016-01-19 19:54:13 +00:00			`<strong>Warning!</strong> Vagrant boxes are insecure by default`
			`and by design, featuring public passwords, insecure keypairs`
			`for SSH access, and potentially allow root access over SSH. With`
			`these known credentials, your box is easily accessible by anyone on`
			`your network. Before configuring Vagrant to use a public network,`
			`consider <em>all</em> potential security implications`
			`and review the <a href="/docs/boxes/base.html">default box`
			`configuration</a> to identify potential security risks.`
$David\ Beitey$ Add security note for public networks 2014-10-08 06:05:46 +00:00			`</div>`

website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`## DHCP`

			`The easiest way to use a public network is to allow the IP to be assigned`
			`via DHCP. In this case, defining a public network is trivially easy:`

			```ruby
			`Vagrant.configure("2") do \|config\|`
website/docs: page titles on everything, cover more info 2013-09-06 16:50:43 +00:00			`config.vm.network "public_network"`
website: add docs back to the main Vagrant repo 2013-09-03 18:08:28 +00:00			`end`
			```

			When DHCP is used, the IP can be determined by using `vagrant ssh` to
			`SSH into the machine and using the appropriate command line tool to find`
			the IP, such as `ifconfig`.
website/docs: bring in changes from docs.vagrantup.com 2013-09-03 18:59:49 +00:00
copied documentation from docs to website for use_dhcp_assigned_default_route in order to complete documentation 2015-09-23 03:29:11 +00:00			`### Using the DHCP Assigned Default Route`

			`Some cases require the DHCP assigned default route to be untouched. In these cases one`
resolve formatting issues 2015-09-23 03:58:01 +00:00			may specify the `use_dhcp_assigned_default_route` option. As an example:
copied documentation from docs to website for use_dhcp_assigned_default_route in order to complete documentation 2015-09-23 03:29:11 +00:00
			```ruby
			`Vagrant.configure("2") do \|config\|`
resolve formatting issues 2015-09-23 03:58:01 +00:00			`config.vm.network "public_network",`
			`use_dhcp_assigned_default_route: true`
copied documentation from docs to website for use_dhcp_assigned_default_route in order to complete documentation 2015-09-23 03:29:11 +00:00			`end`
			```

Updating docs to include :ip option 2014-06-03 02:16:41 +00:00			`## Static IP`

			`Depending on your setup, you may wish to manually set the IP of your`
			bridged interface. To do so, add a `:ip` clause to the network definition.

			```ruby
			`config.vm.network "public_network", ip: "192.168.0.17"`
			```

website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`## Default Network Interface`

			`If more than one network interface is available on the host machine, Vagrant will`
			`ask you to choose which interface the virtual machine should bridge to. A default`
			interface can be specified by adding a `:bridge` clause to the network definition.

			```ruby
Update docs for handling a list of NICs 2015-05-31 03:48:33 +00:00			`config.vm.network "public_network", bridge: "en1: Wi-Fi (AirPort)"`
website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			```

			`The string identifying the desired interface must exactly match the name of an`
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`available interface. If it cannot be found, Vagrant will ask you to pick`
website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`from a list of available network interfaces.`

Update docs for handling a list of NICs 2015-05-31 03:48:33 +00:00			`With some providers, it is possible to specify a list of adapters to bridge`
			`against:`

			```ruby
			`config.vm.network "public_network", bridge: [`
			`"en1: Wi-Fi (AirPort)",`
			`"en6: Broadcom NetXtreme Gigabit Ethernet Controller",`
			`]`
			```

			`In this example, the first network adapter that exists and can successfully be`
			`bridge will be used.`

example to set default router on public net Add disable auto-configuration on public net Add example to setup manually ip and ipv6 Add example to set default router for ip and ipv6 2015-02-14 03:27:22 +00:00			`## Disable Auto-Configuration`

			`If you want to manually configure the network interface yourself, you`
website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			can disable auto-configuration by specifying `auto_config`:
example to set default router on public net Add disable auto-configuration on public net Add example to setup manually ip and ipv6 Add example to set default router for ip and ipv6 2015-02-14 03:27:22 +00:00
			```ruby
			`Vagrant.configure("2") do \|config\|`
			`config.vm.network "public_network", auto_config: false`
			`end`
			```

website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`Then the shell provisioner can be used to configure the ip of the interface:`
example to set default router on public net Add disable auto-configuration on public net Add example to setup manually ip and ipv6 Add example to set default router for ip and ipv6 2015-02-14 03:27:22 +00:00
			```ruby
			`Vagrant.configure("2") do \|config\|`
			`config.vm.network "public_network", auto_config: false`
website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00
			`# manual ip`
			`config.vm.provision "shell",`
			`run: "always",`
			`inline: "ifconfig eth1 192.168.0.17 netmask 255.255.255.0 up"`

			`# manual ipv6`
			`config.vm.provision "shell",`
			`run: "always",`
			`inline: "ifconfig eth1 inet6 add fc00::17/7"`
example to set default router on public net Add disable auto-configuration on public net Add example to setup manually ip and ipv6 Add example to set default router for ip and ipv6 2015-02-14 03:27:22 +00:00			`end`
			```

			`## Default Router`

website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`Depending on your setup, you may wish to manually override the default`
			`router configuration. This is required if you need access the Vagrant box from`
			`other networks over the public network. To do so, you can use a shell`
			`provisioner script:`
example to set default router on public net Add disable auto-configuration on public net Add example to setup manually ip and ipv6 Add example to set default router for ip and ipv6 2015-02-14 03:27:22 +00:00
			```ruby
Rebrand to match HashiCorp styles 2017-03-28 01:19:52 +00:00			`Vagrant.configure("2") do \|config\|`
example to set default router on public net Add disable auto-configuration on public net Add example to setup manually ip and ipv6 Add example to set default router for ip and ipv6 2015-02-14 03:27:22 +00:00			`config.vm.network "public_network", ip: "192.168.0.17"`

website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`# default router`
			`config.vm.provision "shell",`
			`run: "always",`
			`inline: "route add default gw 192.168.0.1"`
website/docs: bring in changes from docs.vagrantup.com 2013-09-03 18:59:49 +00:00
website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`# default router ipv6`
			`config.vm.provision "shell",`
			`run: "always",`
			`inline: "route -A inet6 add default gw fc00::1 eth1"`
website/docs: bring in changes from docs.vagrantup.com 2013-09-03 18:59:49 +00:00
website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`# delete default gw on eth0`
			`config.vm.provision "shell",`
			`run: "always",`
			inline: "eval `route -n \| awk '{ if ($8 ==\"eth0\" && $2 != \"0.0.0.0\") print \"route del default gw \" $2; }'`"
Rebrand to match HashiCorp styles 2017-03-28 01:19:52 +00:00			`end`
website/docs: bring in changes from docs.vagrantup.com 2013-09-03 18:59:49 +00:00			```

website/docs: wording of default router docs 2015-02-24 17:30:58 +00:00			`Note the above is fairly complex and may be guest OS specific, but we`
			`document the rough idea of how to do it because it is a common question.`