Difference between revisions of "VMware Server NAT Configuration"
(→Configuring NAT on Windows VMware Hosts) |
(→Configuring NAT on Windows VMware Hosts) |
||
Line 15: | Line 15: | ||
== Configuring NAT on Windows VMware Hosts == | == Configuring NAT on Windows VMware Hosts == | ||
− | The VMware Server NAT device may be configured on Windows hosts using the '' | + | The VMware Server NAT device may be configured on Windows hosts using the ''Virtual Network Editor'' tool, which is accessed by selecting ''Start -> All Programs -> VMware Server -> Manage Virtual Networks''. Once loaded, clicking on the ''NAT'' tab displays the NAT configuration screen as illustrated in the following figure: |
− | [[Image: | + | [[Image:vmware_virtual_network_editor_nat.jpg|The NAT page of the VMware Virtual Network Editor tool]] |
− | + | The main NAT page is divided into sections. The top section, titled ''NAT'', displays the IP address and netmask of the NAT device. To add NAT to other virtual networks, select the network from the ''VMnet host'' menu. If the selected virtual network is currently bridged a warning dialog will appear seeking confirmation of the change. The option of adding a DHCP server to virtual network is also provided so that virtual machines on the network can obtain dynamic IP addresses and other information such as the the If NAT is to be disabled entirely, change this menu to the ''Disabled'' option. | |
+ | The ''NAT service'' panel displays the current status of the NAT device and provides the ability to stop, start or restart the device. Additional NAT settings are configured on a per virtual network basis, and are accessed by selecting the desired virtual network and clicking the ''Edit...'' button: | ||
− | [[Image:] | + | |
+ | [[Image:vmware_nat_settings.jpg|The VMware Virtual Network Editor NAT settings dialog] | ||
== Configuring NAT on Linux Hosts == | == Configuring NAT on Linux Hosts == |
Revision as of 20:12, 15 October 2008
Network Address Translation (NAT) is a mechanism whereby a number of different computers, typically on a private internal network, are represented by a single external IP address. When one of the clients on the private network communicates with a remote system it does so through a NAT device which modifies the data to make it appear that it has been sent from the shared NAT IP address. When the remote system responds, the NAT device directs the response to the original client that initiated the connection.
In physical network environments, NAT serves two primary purposes. Firstly, it helps to conserve the limited number of class A and B IPv4 IP addresses. An entire enterprise with many thousands of computer systems can operate on the internet using up only one unique IP address by assigning proviate Ip addresses to the internal clients and using NAT to have them all represented by a single external IP address. On the general belief that the less a potential intruder knows about an internal network the better, NAT also provides an additional level of security by hiding the internal IP addresses of computer systems behind the external IP address.
In the context of VMware Server, a NAT based virtual network allows an entire private network to be created within the VMware Server environment, all participants of which are represented by a single IP address, i.e that of the host computer.
How VMware Server based NAT Works
Both the NAT device and any virtual machines connected to the default NAT virtual network use the vmnet8 virtual network switch. Also attached to this virtual switch is the VMware Server DHCP server which can be used to assign dynamic IP addresses, gateway and DNS information to the virtual machines on the NAT based network.
When a virtual machine sends a packet, the NAT device changes the source address (that of the virtual machine) to the address of the host computer before transmitting it to its intended destination. When the recipient responds, the NAT device modifies the packet so that it is addressed to the IP address of the virtual machine which initiated the connection, and subsequently forwards it to that system on the virtual network.
Unless some form of port forwarding is configured on the NAT device (a topic which is discussed later in this chapter), it is not possible for an external client to initiate a network connection with a virtual machine running inside a VMware Server NAT based virtual network.
Configuring NAT on Windows VMware Hosts
The VMware Server NAT device may be configured on Windows hosts using the Virtual Network Editor tool, which is accessed by selecting Start -> All Programs -> VMware Server -> Manage Virtual Networks. Once loaded, clicking on the NAT tab displays the NAT configuration screen as illustrated in the following figure:
The main NAT page is divided into sections. The top section, titled NAT, displays the IP address and netmask of the NAT device. To add NAT to other virtual networks, select the network from the VMnet host menu. If the selected virtual network is currently bridged a warning dialog will appear seeking confirmation of the change. The option of adding a DHCP server to virtual network is also provided so that virtual machines on the network can obtain dynamic IP addresses and other information such as the the If NAT is to be disabled entirely, change this menu to the Disabled option.
The NAT service panel displays the current status of the NAT device and provides the ability to stop, start or restart the device. Additional NAT settings are configured on a per virtual network basis, and are accessed by selecting the desired virtual network and clicking the Edit... button:
section, this essentially involves mapping an incoming UDP port on the host to the IP address and UDP port of a virtual machine. For example, to map data coming into UDP port 8081 on the host to port 8082 on a virtual machine with an IP address of 172.16.86.128, the following directive would need to be entered into the [incomingtcp] section of the configuration file:
8081 = 172.16.86.128:8082
As many port UDP forwarding directives as necessary may added to this section of the NAT configuration file.