search

Networking

CiderStack provides built-in networking for macOS virtual machines using Apple’s native virtualization stack. Networking works out of the box — no kernel extensions, no system configuration changes.

hashtag
Overview

Each macOS virtual machine created by CiderStack includes a virtual network interface that allows the VM to:

  • Access the internet

  • Reach internal network services

  • Communicate with the host Mac

Networking is isolated per VM and managed entirely by macOS.

hashtag
Native virtualization networking

CiderStack uses Apple’s Virtualization.framework networking APIs.

This means:

  • Networking is provided by the host OS

  • No root privileges are required

  • No system extensions are installed

  • No manual bridge configuration is needed

The VM behaves like a standard macOS system connected to a private virtual network.

hashtag
Default network mode (NAT)

By default, all VMs use NAT (Network Address Translation) networking.

In NAT mode:

  • The VM can access the internet

  • The VM can reach outbound services

  • The host can communicate with the VM

  • External devices cannot directly access the VM

This mode is safe, reliable, and requires zero configuration.

hashtag
NAT characteristics

Feature
Supported

Outbound internet

Access LAN services

Host → VM

VM → Host

LAN → VM

Public IP

This mirrors how most desktop virtualization platforms operate.

hashtag
IP addressing

When a VM starts:

  • macOS automatically assigns a private IP address

  • DHCP is handled internally by the virtualization framework

  • No configuration is required

IP addresses are typically in a private range and may change between boots.

hashtag
Viewing a VM’s IP address

GUI

The VM dashboard displays the current IP address once the VM has booted.

CLI

You can also wait for networking during startup:

hashtag
SSH access

CiderStack makes SSH access simple.

Once the VM has an IP address:

CiderStack automatically:

  • Detects the VM’s IP

  • Establishes the SSH connection

  • Handles retries during boot

You can also execute a single command:

hashtag
Headless networking

Networking behaves identically for:

  • GUI VMs

  • Headless VMs

  • CLI-started VMs

  • Fleet-managed VMs

There is no difference in network capabilities between interactive and automated workloads.

hashtag
Networking in Fleet environments

When using Fleet Manager:

  • Each worker node manages networking locally

  • VMs remain NATed behind their host

  • Networking does not span hosts automatically

VMs on different Macs communicate through standard network routing, not shared virtual bridges.

hashtag
Remote access via Fleet

Fleet Manager allows remote control even when:

  • VMs are behind NAT

  • No inbound ports are exposed

  • The VM has no routable LAN address

Commands such as:

are proxied through the worker node using Fleet RPC, not direct network access.

hashtag
Port forwarding

At this time, CiderStack does not require manual port forwarding configuration.

Most workflows rely on:

  • SSH access

  • Outbound connections

  • Fleet command execution

Future releases may introduce optional port forwarding support.

hashtag
Bridged networking

macOS restricts bridged networking for virtual machines.

Because of Apple platform limitations:

  • Full LAN-bridged networking is not always available

  • Bridging requires restricted system entitlements

  • Availability varies by macOS version

CiderStack defaults to NAT for reliability and security.

hashtag
Firewall behavior

VM networking respects:

  • Host firewall rules

  • macOS security policies

  • System network preferences

No firewall changes are required to use VMs.

hashtag
Performance

Networking performance is suitable for:

  • Package downloads

  • CI runners

  • API testing

  • Git operations

  • Internal services

Throughput and latency are comparable to other native virtualization solutions.

hashtag
Common networking scenarios

hashtag
Internet access

✅ Works automatically.

hashtag
Local service access

VMs can reach:

  • Internal APIs

  • Databases

  • Package mirrors

  • VPN-connected networks

As long as the host can reach the service, the VM can as well.

hashtag
VM-to-VM communication

VMs running on the same host can communicate via their assigned IP addresses.

Across different hosts, communication follows standard network routing.

hashtag
Troubleshooting networking

hashtag
VM has no IP address

  • Ensure the VM is fully booted

  • Wait 10–30 seconds after login

  • Run:

hashtag
No internet access

Check:

  • Host internet connectivity

  • VPN configuration on host

  • Corporate firewall restrictions

VMs inherit host network access.

hashtag
SSH cannot connect

Verify:

  • The VM has completed first boot

  • Remote login is enabled in macOS

  • Credentials are correct

hashtag
Summary

Feature
Description

Default mode

NAT

Internet access

Yes

LAN access

Outbound only

Inbound connections

Host-only

IP assignment

Automatic DHCP

SSH support

Built-in

Fleet support

RPC-proxied

Kernel extensions

None

hashtag
What’s next

You can now explore:

  • Fleet Manager Overview

  • CLI Reference

  • CI/CD Runner Workflows

  • VM Migration

  • Advanced orchestration

PreviousShared FolderNextFleet Manager

Last updated

Was this helpful?