Sorry if this has already been covered. Please point me to a whitepaper/faq/or forum topic if this problem has already be solved. (I am running current RTM of Vmw Wks6)
Problem:
When running NAT guests under host Vista x64, windows firewall blocks traffic to guest. Bridged guests work just fine.
Example:
Guest-xp can not ping anything in NAT-mode since all ICMP-replies are dropped by Vista firewall. If guest is bridged all works fine. I have read other topics where vpn-users have serious problems when running NAT on guest with a Vista host.
Dropping ICMP (in my case) may seem like a small problem, but a guest that is member of a domain in Active Directory will (at least in my setup) not get the latest policies, no loginscripts will be run etc etc due to firewall blocking in host(!). Much traffic from DC:s in AD will be dropped by Vista firewall when destination is a guest with NAT (except ICMP UDP is also dropped)
Adding a firewall rule on host which allows ICMP from all IP:s solves most problems (my guest get correct policy and can map sambashare as homedrive via login script).
Either VMw6 should seamlessly integrate with the firewall when running NAT or there should be a white paper/faq on how to configure host. I can not find one or the other.
The answer to my question might be RTFM which I have not done for v6. I will happily read such material if the answer lies therin.
Reproduce the problem:
Install a windows guest on Vista (x64) host which has firewall enabled, use NAT for guest.
-> You can not ping anything from guest
Switch to bridged network for guest.
-> Ping works fine
Switch to NAT and add firewall rule in Vista host to allow ICMP.
-> Ping works fine
(ping is just an example of ICMP that Vista blocks for guests)
Since NAT does not work "out of the box" when running Vista as a host I would expect a whitepaper or at least a FAQ but I get nada on my searches?
Problem:
When running NAT guests under host Vista x64, windows firewall blocks traffic to guest. Bridged guests work just fine.
Example:
Guest-xp can not ping anything in NAT-mode since all ICMP-replies are dropped by Vista firewall. If guest is bridged all works fine. I have read other topics where vpn-users have serious problems when running NAT on guest with a Vista host.
Dropping ICMP (in my case) may seem like a small problem, but a guest that is member of a domain in Active Directory will (at least in my setup) not get the latest policies, no loginscripts will be run etc etc due to firewall blocking in host(!). Much traffic from DC:s in AD will be dropped by Vista firewall when destination is a guest with NAT (except ICMP UDP is also dropped)
Adding a firewall rule on host which allows ICMP from all IP:s solves most problems (my guest get correct policy and can map sambashare as homedrive via login script).
Either VMw6 should seamlessly integrate with the firewall when running NAT or there should be a white paper/faq on how to configure host. I can not find one or the other.
The answer to my question might be RTFM which I have not done for v6. I will happily read such material if the answer lies therin.
Reproduce the problem:
Install a windows guest on Vista (x64) host which has firewall enabled, use NAT for guest.
-> You can not ping anything from guest
Switch to bridged network for guest.
-> Ping works fine
Switch to NAT and add firewall rule in Vista host to allow ICMP.
-> Ping works fine
(ping is just an example of ICMP that Vista blocks for guests)
Since NAT does not work "out of the box" when running Vista as a host I would expect a whitepaper or at least a FAQ but I get nada on my searches?
) from VMnet8 which is by default the NAT device. Shouldn't this do it?