VMware Communities
xverify
Contributor
Contributor
‎02-19-2009 10:17 PM

Isolating a VM from others on the NAT

Hi everyone,

I have several VMs connected to the NAT interface but I want to isolate one of them from others on the NAT (that is, I want it to be impossible for it to access anything but the internet and the host) . Is this possible?

I'm running VMWare Workstation 6.5.1 on XP SP3.

Thanks

0 Kudos
4 Replies
AWo
Immortal
Immortal
‎02-20-2009 12:51 AM

Yes, that is possible by adding a new custom network which uses NAT.

You need to edit the VMware Virtual Network settings:

Let's assume we use VMnet2 as a new NAT network.

1. Configure the Subnet for VMnet2

"Virtual Network Editor... > Host Virtual Adapters"

Click in the arror on the right side next to VMNet2 and choose subnet. Configure the IP settings.

2. Enable DHCP and NAT on VMNet2

"Virtual Network Editor... > NAT"

Choose VMnet2, answer "Yes" when you're aked if you want to enable DHCP on VMnet2.

3. Add the VMnet2 host NIC

"Virtual Network Editor... > Host Virtual Adapters > Add > VMnet2"

4. Set the vNIC of the appropriate guest to "Custom - VMnet2"


If you found this information useful, please consider awarding points for "Correct" or "Helpful" answers/replies. Thanks!!

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
xverify
Contributor
Contributor
‎02-20-2009 02:19 AM

Thanks for responding.

I did what you described and while the machine I wanted to isolate has internet access, the others don't anymore; they can only access the host now. When I go back to the NAT tab and select the old adapter from the drop-down menu, things return to normal, except now the one I wanted to isolate ceases to have internet access. It seems like only one adapter can be assigned to the NAT ... ?

0 Kudos
AWo
Immortal
Immortal
‎02-20-2009 02:38 AM

Yes, you're right. I can see it know myself, only one network at a time is shown as NAT in the summary. So it doesn't seem to work. Sorry.


If you found this information useful, please consider awarding points for "Correct" or "Helpful" answers/replies. Thanks!!

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
rkr002
Enthusiast
Enthusiast
‎02-20-2009 03:55 AM

Hello,

I also could not find any solution to setup a second NAT network directly,

but I can see there is another way: you can create second-level NAT networks.

You have the Main-Host which allows NAT connections for 2 machines: NatGuest1 and NatGuest2,

and each of NatGuest1/NatGuest2 can act as NAT router for their internal sub-networks having different subnet addresses.

Possible it requires additional setup on firewalls on NatGuest1 and NatGuest2 to disallow communication between those 2 subnets.

Of course, the subnets can also access external Internet across two-level NAT devices: SubNetGuest -> NatGuest -> NatMainHost.

I know, this is a bit complicated solution and requires manual configuration of NAT network on the two guest systems, but this really fulfills your requirements of having 2 isolated NAT networks.

0 Kudos