[ale] DNAT/SNAT for VMware WinXP Guest?
James P. Kinney III
jkinney at localnetsolutions.com
Tue Jan 8 10:23:05 EST 2008
iptables -A POSTROUTING -t nat -s <vmnet1 IP> -j SNAT --to-source <NIC2
IP>
iptables -A PREROUTING -t nat -d <NIC2 IP> -j DNAT --to-destination
<vmnet1 IP>
iptables -A FORWARD -i <nic2> -j ACCEPT
iptables -A fORWARD -o <nic2> -j ACCEPT
NOTE: no security AT ALL in this setup. Add specific ports for tighter
access control and make default policy to DROP.
NIC2 has an externally viewable IP (for the hosted environment). Local
machine handles routing transparently. Set default route for NIC2 to
that provided.
On Tue, 2008-01-08 at 10:03 -0500, Jeff Hubbs wrote:
> I'm in a network environment where the Ethernet switch won't accept
> having more than one MAC address appearing on a single drop. This means
> that putting an Ethernet switch on a drop in order to hook up more than
> one machine per drop won't work.
>
> This also breaks VMware guests when bridged networking is used for the
> VMware guest. NAT for the VMware guest *does* work, but if you need
> Windows networking stuff (shares, logins, etc) like a WinXP guest would,
> it won't work through NAT.
>
> I've been told that if I use host-only networking on the VMware guest -
> and I've gotten it to work such that the host's VMware-generated
> "vmnet1" interface and the WinXP guest can see each other - I could use
> DNAT and possibly also SNAT to pass traffic from vmnet1 to an extra NIC
> in the host, eth2, and cable eth2 to a separate drop. Windows
> authentication, network browsing, etc. should then work. I understand
> that I would have to remove anything from the routing table that would
> involve eth2, basically "disconnecting" it from the host OS.
>
> Is this at all possible? If so, what would the iptables invocation look
> like?
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
770-493-8244
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Ale
mailing list