7 June 2007

VMWare and NAT

In my effort to make Ubuntu my single boot desktop, I have VMWare Server to run my Windows applications which I need to use for work. I initially set up the network for the VM to run as "Bridged" where the VM takes on the same network address as my host machine. This is good to start of with, but eventually it becomes a problem when I take my laptop back home, where there is no network to join.

So it would be better if the VM resided in one of the virtual networks within VMWare. When you install VMWare, there are two vmnets:

# ifconfig
...
vmnet1
Link encap:Ethernet HWaddr 00:50:56:C0:00:01
inet addr:172.16.46.1 Bcast:172.16.46.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:168 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vmnet8
Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet addr:192.168.221.1 Bcast:192.168.221.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7105 errors:0 dropped:0 overruns:0 frame:0
TX packets:20943 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

I chose the VM to have the 192.168.221.x network, and manually fixed the IP in the Windows XP VM, with the gateway as 192.168.221.1 (the linux host). Also configure the "VMware Settings / Hardware / Ethernet 1 / Network Connection" to "NAT: Used to share the host's IP address"

The next part is to allow network traffic to flow freely from the VM through the linux host. To do so forwarding and iptables need to be configured. This page explains the commands quite well.

Ensure that Forwarding is enabled (if not already):
# echo 1 > /proc/sys/net/ipv4/ip_forward

Masquerade all traffic
# iptables --table nat --append POSTROUTING -j MASQUERADE

(I purposely left out --out-interface eth0 because I want it to pass through all devices; if connected to work, via eth0, connected at home via wifi at eth1 and remote via bluetooth dialup at ppp0)

And only forward from the vmnet8 device
# iptables --append FORWARD --in-interface vmnet8 -j ACCEPT

This should allow all traffic from the virtual machines and use the linux host as a gateway.


yk.
at
Labels: , , ,