diff --git a/CHANGELOG.md b/CHANGELOG.md
index bba9c9a5068..4ae6b09d58b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ FEATURES:
   - Added a `working_directory` configuration option to the Puppet apply
     provisioner so you can specify the working directory when `puppet` is
     called, making it friendly to Hiera data and such. [GH-1670]
+  - Ability to specify the host IP to bind forwarded ports to. [GH-1785]
 
 IMPROVEMENTS:
 
@@ -23,6 +24,8 @@ IMPROVEMENTS:
   - VirtualBox: Only configure networks if there are any to configure.
     This allows linux's that don't implement this capability to work with
     Vagrant. [GH-1796]
+  - Default SSH forwarded port now binds to 127.0.0.1 so only local
+    connections are allowed. [GH-1785]
 
 BUG FIXES:
 
diff --git a/config/default.rb b/config/default.rb
index d4cb3aa8727..95cc6ab6cc2 100644
--- a/config/default.rb
+++ b/config/default.rb
@@ -21,6 +21,7 @@
   config.vm.network :forwarded_port,
     guest: 22,
     host: 2222,
+    host_ip: "127.0.0.1",
     id: "ssh",
     auto_correct: true
 
diff --git a/plugins/providers/virtualbox/action/forward_ports.rb b/plugins/providers/virtualbox/action/forward_ports.rb
index ee64d7988b5..da4da6eb8c7 100644
--- a/plugins/providers/virtualbox/action/forward_ports.rb
+++ b/plugins/providers/virtualbox/action/forward_ports.rb
@@ -70,6 +70,7 @@ def forward_ports
             ports << {
               :adapter   => fp.adapter,
               :guestport => fp.guest_port,
+              :hostip    => fp.host_ip,
               :hostport  => fp.host_port,
               :name      => fp.id,
               :protocol  => fp.protocol
diff --git a/plugins/providers/virtualbox/driver/version_4_2.rb b/plugins/providers/virtualbox/driver/version_4_2.rb
index dded1bc6f30..f72ff0b52ae 100644
--- a/plugins/providers/virtualbox/driver/version_4_2.rb
+++ b/plugins/providers/virtualbox/driver/version_4_2.rb
@@ -140,9 +140,9 @@ def forward_ports(ports)
           ports.each do |options|
             pf_builder = [options[:name],
               options[:protocol] || "tcp",
-              "",
+              options[:hostip] || "",
               options[:hostport],
-              "",
+              options[:guestip] || "",
               options[:guestport]]
 
             args.concat(["--natpf#{options[:adapter] || 1}",
diff --git a/plugins/providers/virtualbox/model/forwarded_port.rb b/plugins/providers/virtualbox/model/forwarded_port.rb
index 88c5c115d7d..5f8e8ed84c2 100644
--- a/plugins/providers/virtualbox/model/forwarded_port.rb
+++ b/plugins/providers/virtualbox/model/forwarded_port.rb
@@ -29,6 +29,11 @@ class ForwardedPort
         # @return [Integer]
         attr_reader :guest_port
 
+        # The IP that the forwarded port will bind to on the host machine.
+        #
+        # @return [String]
+        attr_reader :host_ip
+
         # The port on the host used to access the port on the guest.
         #
         # @return [Integer]
@@ -43,6 +48,7 @@ def initialize(id, host_port, guest_port, options)
           @auto_correct = true
           @auto_correct = options[:auto_correct] if options.has_key?(:auto_correct)
           @adapter  = (options[:adapter] || 1).to_i
+          @host_ip = options[:host_ip] || nil
           @protocol = options[:protocol] || "tcp"
         end