FFrankenbot
Contributor
Contributor

VMWare Player, NAT, and Firewalls

Jump to solution

Hi,

I'm running VMWare Player 7.1.2 with Windows 8.1 as the host and Debian Linux as the target.  I want to run the network adapter in NAT mode for the isolation it provides to Linux.  I have hardened my windows machines and thus, have configured the windows firewall to block all outgoing connections except those covered by specific rules.  When I turn this firewall blocking OFF, NAT networking works fine, when I turn it ON, NAT doesn't work.  I've tried adding every firewall rule I can think of, such as allowing vmnat, VMnetDHCP, and vmware-authd, both as a program and as a service.  The rules I've configured include all ports and protocols.  No rule allows NAT traffic from VMWare Player.

Thoughts?

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
FFrankenbot
Contributor
Contributor

Ok, I've found a solution.

First I need to state that I'm using Windows  Firewall, not McAfee etc.

The crux of the problem is that there are two instances of vmnat.exe on my machine.  The first is in the VMWare Player folder (as I expected), and the second is in \Windows\SysWOW64.

* Opening a rule for the program in VMWare Player, for all services, does not work. 

* Opening a rule for the Windows services (which is defined as the version SysWOW64), for all programs, does not work.

* However, opening a rule for the program in SysWOW64, for all services, DOES work.

It's odd, because Player is definitely using the Windows services, as stopping it causes the VM to loose connectivity, but creating a firewall rule for that service is insufficient.  Instead I must define a program-based rule, and point to the exe run by the service.  No other firewall rules are needed.

I don't fully understand it, but that's the solution to my problem.

View solution in original post

2 Replies
FFrankenbot
Contributor
Contributor

Ok, I've found a solution.

First I need to state that I'm using Windows  Firewall, not McAfee etc.

The crux of the problem is that there are two instances of vmnat.exe on my machine.  The first is in the VMWare Player folder (as I expected), and the second is in \Windows\SysWOW64.

* Opening a rule for the program in VMWare Player, for all services, does not work. 

* Opening a rule for the Windows services (which is defined as the version SysWOW64), for all programs, does not work.

* However, opening a rule for the program in SysWOW64, for all services, DOES work.

It's odd, because Player is definitely using the Windows services, as stopping it causes the VM to loose connectivity, but creating a firewall rule for that service is insufficient.  Instead I must define a program-based rule, and point to the exe run by the service.  No other firewall rules are needed.

I don't fully understand it, but that's the solution to my problem.

View solution in original post

arichardson1
Contributor
Contributor

FFrankenbot, thank you for posting this question/answer. The second vmnat.exe surprised me and was overlooked as I scanned the task manager for relevant running applications in the VMWare folder. I am now able to use Firefox in a Debian Linux Guest and access websites in the browser. Most importantly, I now have a known-good starting point for further rules.

My relevant Windows Defender Firewall outbound rules are:

1) DNS

  • Allow
  • All programs, packages, services, compartments
  • Protocol: UDP, Remote ports: 53, 5353

2) VMWare TCP

  • Allow
  • Program: %SystemRoot%\SysWOW64\vmnat.exe
  • All packages, services, compartments
  • Protocol: TCP, Remote ports: 80, 443

3) Default outbound connection behavior: Block

0 Kudos