VMware Communities
rcardona2k
Immortal
Immortal
‎10-19-2006 10:38 AM

Guest to Host networking 172.x or host external IP?

My guest VMs have internal NAT addresses of 172.16.108.x and I'm able to ping and access the tcp services host via my gateway address of 172.16.108.2, I have the equivalent access via the host's external Airport IP of 192.168.1.106.

Is there a preference as to which address is recommended to access the host? I've always thought it's anomaly to be able to access the host via the NAT Gateway address.

And, as on Windows hosts, the host OS firewall blocks nothing. If I enable the OS X firewall and block ports, the Guests completely bypass the firewall and can access the host. I assume this is because NAT has access to the localback interface which the firewall does not block.

0 Kudos
3 Replies
bgertzfield
Commander
Commander
‎10-19-2006 10:50 AM

The host OS firewall will only block access to ports on specific interfaces it knows about (en0, en1, etc.) It generally does not try to block access to VMware's network interfaces (vmnet0, vmnet1, etc.), which are how VMs communicate with the host and elsewhere.

Technically you could configure the host firewall to block those as well, but it's not tested and might not work.

It would probably be more efficient for the guest to access the host via its gateway address than the external address, because then it wouldn't have to go through NAT to get to the host.

0 Kudos
rcardona2k
Immortal
Immortal
‎10-19-2006 11:15 AM

I just verified it's much better to use the 172.x address since using NAT seems to bounce the traffic to the host off the Gateway. I have a Palm Treo with Sprint and pinging my external IP yields ping times that vary greatly from 300 ms to over 1000 ms!

Speaking of vmnets, is there a vmnetcfg gui or script utility to configure these?

0 Kudos
HPReg
VMware Employee
VMware Employee
‎10-19-2006 01:52 PM

VMware's network interfaces (vmnet0, vmnet1, etc.), which are how VMs

communicate with the host and elsewhere.

Technically you could configure the host firewall to block those as well, but it's not

tested and might not work.

It will not work. There is currently no such thing as a vmnet0, vmnet1, etc. network interface. The host knows nothing about the virtual switches, until we implement hostonly networking. At that point the host will be able to see one network interface per virtual switch.

0 Kudos