3 Replies Latest reply on Oct 26, 2010 10:30 AM by WoodyZ

    Creating two (or more) Host-Only networks totally isolated

    guilsson Lurker

      I need to make a lab scenario to employ a Double NAT experiment using Linux.

       

      workstationA <--- LAN1 -> firewallA <- LAN2 -> firewallB <- LAN3 ---> workstationB

       

      workstationA and workstationB will have exactly the same IP/Mask/GW (LAN1 and LAN3).

      So they cannot share the same Host-Only network. Their traffic must be isolated.

      The outside NICs (on fwA and fwB) on LAN2 will be in the same Host-Only network.

       

      Is there a way to create 2 or MORE Host-Only network with isolated traffic between them using Fusion 3.1?

       

      Thanks

        • 1. Re: Creating two (or more) Host-Only networks totally isolated
          WoodyZ Guru
          guilsson wrote:

          workstationA and workstationB will have exactly the same IP/Mask/GW

           

          Each system has to have its own unique IP Address on the same Subnet, so you cannot have two computers, physical or virtual, on the same Subnet with the same IP Address and expect then to communicate properly.

           

          Anyway unfortunately the VMware Fusion GUI does not provide for a way to create and properly manage additional VMnets however depending on the version of VMware Fusion being used there are ways to manually edit the necessary files to accomplish this.

           

          What version/build of VMware Fusion are you using?

          • 2. Re: Creating two (or more) Host-Only networks totally isolated
            guilsson Lurker

             

            Each system has to have its own unique IP Address on the same Subnet, so you cannot have two computers, physical or virtual, on the same Subnet with the same IP Address and expect then to communicate properly.

             

             

            This is exactly the purpose of the test. Using NETMAP IPtables module. This module has a Double NAT feature. This enable two identical networks to talk each other.

            In fact, I already did this scenario but using workstationA and fwA in Mac OS and workstationB and firewallB in a Windows box with VMware Player.

            I need to repeat the test using only my Mac.

            The solution used was: http://www.shorewall.net/netmap.html

               

             

            Anyway unfortunately the VMware Fusion GUI does not provide for a way to create and properly manage additional VMnets however depending on the version of VMware Fusion being used there are ways to manually edit the necessary files to accomplish this.

             

            What version/build of VMware Fusion are you using?

            Fusion 3.1.1 (282344)

            • 3. Re: Creating two (or more) Host-Only networks totally isolated
              WoodyZ Guru

              You will need to edit the "/Library/Application Support/VMware Fusion/networking" file and the target Virtual Machine's .vmx configuration file in order to create and use additional VMnets.  All editing should be done with the Virtual Machine(s) shutdown, not suspended and VMware Fusion closed.

               

              This is a quick, dirty and incomplete tutorial on the contents of the networking file.

               

              Contents of Normal File:

               

              VERSION=1,0
              answer VNET_1_DHCP yes
              answer VNET_1_DHCP_CFG_HASH A062EE6F8CFF88B693E9281275179B61C9FE9911
              answer VNET_1_HOSTONLY_NETMASK 255.255.255.0
              answer VNET_1_HOSTONLY_SUBNET 172.16.241.0
              answer VNET_1_VIRTUAL_ADAPTER yes
              answer VNET_8_DHCP yes
              answer VNET_8_DHCP_CFG_HASH 91B706EF95D821D1F1499BFE3869E06E108E4697
              answer VNET_8_HOSTONLY_NETMASK 255.255.255.0
              answer VNET_8_HOSTONLY_SUBNET 192.168.70.0
              answer VNET_8_NAT yes
              answer VNET_8_VIRTUAL_ADAPTER yes
              

               

              Okay lest break this down into relevant sections and in the next block of code the "answer VNET_(n)_DHCP_CFG_HASH" lines have been removed as these are generated by Fusion and are not User editable and you do not need to add it as it will automatically be added when the Virtual Network is restarted..

               

              This next section of code is for the Default Host Only Network VMnet1:

               

              answer VNET_1_DHCP yes
              answer VNET_1_HOSTONLY_NETMASK 255.255.255.0
              answer VNET_1_HOSTONLY_SUBNET 172.16.241.0
              answer VNET_1_VIRTUAL_ADAPTER yes
              

               

              This next section of code is for the Default NAT Network VMnet8:

               

              answer VNET_8_DHCP yes
              answer VNET_8_HOSTONLY_NETMASK 255.255.255.0
              answer VNET_8_HOSTONLY_SUBNET 192.168.70.0
              answer VNET_8_NAT yes
              answer VNET_8_VIRTUAL_ADAPTER yes
              

               

              You can add another block using the above blocks as an example however change the VMNET_(n) to the appropriate number 2 - 7 or 9 and leave VNET_1 and VNET_8 alone as some functions require valid default networks or you'll break the virtual network infrastructure.

               

              As an example if another Host Only VMnet is needed then add the following as an example:

               

              answer VNET_2_DHCP yes
              answer VNET_2_HOSTONLY_NETMASK 255.255.255.0
              answer VNET_2_HOSTONLY_SUBNET 172.16.128.0
              answer VNET_2_VIRTUAL_ADAPTER yes
              

               

              Also as an example if you didn't what the Host to have the vmnet2 virtual network adapter and only the Virtual Machines have access to the VMnet2 you change "yes" to "no" on "answer VNET_2_VIRTUAL_ADAPTER".  This would isolate VMnet2 from the Host since saying "no" would remove the vmnet2 virtual network adapter from the Host.

               

              Obviously you can also say "no" to "answer VNET_2_DHCP" if you do not want the DHCP Server for that VMnet.  This is useful if  one of the Guests is acting as a DHCP Server.

               

              To edit the "/Library/Application Support/VMware Fusion/networking" file do the following in a Terminal (/Applications/Utilities/Terminal):

               

              Hint: Copy and Paste each command one at a time.

               

              cd "/Library/Application Support/VMware Fusion"
              sudo ./boot.sh --stop
              sudo nano ./networking
              sudo ./boot.sh --start
              

               

              After restarting the virtual network you'll need to edit the target Virtual Machine(s) .vmx configuration file adding the following as an example:

               

              ethernet0.connectionType = "custom"
              ethernet0.vnet = "vmnet2"
              ethernet0.bsdName = "vmnet2"
              ethernet0.displayName = "Custom Host Only VMnet2"
              

               

              Note: Do not then select "Custom Host Only VMnet2" from the VMware Fusion GUI Virtual Machine Network Settings as it will break the manual edits in the .vmx configuration file and you can ignore the fact that the status light on the "Custom Host Only VMnet2" in the list is grayed out, it still works.