Using VMWare Workstation as a firewall/router on W...

oddballheader · ‎07-09-2010

Here is what I would like to do: Route every packet to and from a Windows system through a VMWare Workstation (or VMWare Player) instance running on the same system. Specifically, this is what I'd like to have for when I go to connect to untrusted wireless (WiFi) networks using my laptop. Has anyone done this before? I've searched Google and came up empty-handed. I'm open to suggestions as to the host OS for the "router". The key is to make sure EVERY packet goes through the VMWare instance in both directions and have VMWare manage the connection to the wireless network.

Another option would be a hardware device that is USB powered that is a router/firewall/repeater-ish thing. I envision connecting a short Ethernet cable to it, it runs some sort of hardened OS and is a router that creates a mini-LAN of one user, and manages a connection to a WiFi network using a wireless radio. If the hardware has to be powered by plugging it into the wall, that defeats the purpose of it being powered by USB. This would be an acceptable alternate solution but I'm pretty sure such a device doesn't exist. Hence my question about using VMWare Workstation.

P.S. I realize software firewalls exist for Windows. I'd prefer this solution over a software firewall since it means one additional OS layer to break through.

wila · ‎07-09-2010

Hi,

The setup you are after is possible, but..

Another option would be a hardware device that is USB powered that is a router/firewall/repeater-ish thing. I envision connecting a short Ethernet cable to it, it runs some sort of hardened OS and is a router that creates a mini-LAN of one user, and manages a connection to a WiFi network using a wireless radio. If the hardware has to be powered by plugging it into the wall, that defeats the purpose of it being powered by USB. This would be an acceptable alternate solution but I'm pretty sure such a device doesn't exist.

You'll have to check if this one is USB powered, but the device you are after exists:

Linksys USBVPN1 USB VPN and Firewall Adapter reviewed

here's one that claims to be USB powered:

ZyWALL P1

I haven't tried any one of those and was actually trying to find another one, but it does exist as hardware device.

--
Wil
_____________________________________________________
VI-Toolkit & scripts wiki at http://www.vi-toolkit.com

Contributing author at blog www.planetvm.net

Twitter: @wilva

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

newbie93 · ‎07-09-2010

Wow, that 1st link is dated 2003... Hmmm. It also appears to be for a desktop ("2X the width of a normal PCI card"). I have been looking to do something on a laptop.

Anyways, I also have been investigating doing something like this. The closest I have come is to set up a VM and not use Workstation's networking. Rather I use a USB->100BaseT adapter. (inexpensive ~$25 here in the US at Radio Shack) and do not load the host OS with the drivers so that it doesn't recognize the device. I then connect it (via USB passthrough) directly to the VM. Newer versions of Linux kernel has the drivers already or if the VM is Windows I load the drivers inside the VM so that the device is recognized. Once there the VM can implement whatever is needed: firewall, proxy, router, switch, VPN, etc. and then place it on an internal network for access by other VMs. I have done this with a Windows Host (XP and Win7) and both Linux (Debian-based: Ubuntu 9.04+) and Windows (XP) VMs.

You could probably do the exact same thing but using a WiFi USB dongle instread of the hardwired one I am using. I will probably try something like this when I have to travel and am worried about public WiFi.

It's a little bit inconvenient with external adapters, but not too bad. The worst part is the additional power drain. This can be partly offset by shutting off the internal network hardware on the host (since I am not using it anyways under these conditions).

wila · ‎07-09-2010

Yes using an external USB device is the cleanest way to do this and works quite well with recent linux kernels.

I've now also remembered what i was looking for.

A bit old too (2008) Yoggie Gatekeeper Pico Security Mini-Computer

Though their web site seems to be a bit umm... dodgy ... served of an IP instead of a URL after a manual redirect? Weird...

--
Wil
_____________________________________________________
VI-Toolkit & scripts wiki at http://www.vi-toolkit.com

Contributing author at blog www.planetvm.net

Twitter: @wilva

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

oddballheader · ‎07-11-2010

Both of those appear to be wired-only devices with no mention of wireless anywhere.

oddballheader · ‎07-11-2010

Yes using an external USB device is the cleanest way to do this and works quite well with recent linux kernels.
I've now also remembered what i was looking for.
A bit old too (2008) Yoggie Gatekeeper Pico Security Mini-Computer
Though their web site seems to be a bit umm... dodgy ... served of an IP instead of a URL after a manual redirect? Weird...
--
Wil
_____________________________________________________
VI-Toolkit & scripts wiki at
Contributing author at blog www.planetvm.net
Twitter: @wilva

Ah the Yoggie. I remember reading something about it a while back. I'm really only looking for the router/firewall aspect - could do without the anti-malware suite. The VMWare approach would give me refined control over the OS I use to manage the wireless device.

The website appears to be a Yahoo hosted website - maybe they ran out of bandwidth at one point and the IP-based hosting was an IT "solution" to the problem. That sounds like something I might come up with if I were desperate to get a website back up and running really fast. Then I'd get busy and forget about it.

Except for the part where their online store is broken. And very poor reviews pretty much everywhere. It appears to be a good idea but poorly executed.

oddballheader · ‎07-11-2010

Wow, that 1st link is dated 2003... Hmmm. It also appears to be for a desktop ("2X the width of a normal PCI card"). I have been looking to do something on a laptop.

Anyways, I also have been investigating doing something like this. The closest I have come is to set up a VM and not use Workstation's networking. Rather I use a USB->100BaseT adapter. (inexpensive ~$25 here in the US at Radio Shack) and do not load the host OS with the drivers so that it doesn't recognize the device. I then connect it (via USB passthrough) directly to the VM. Newer versions of Linux kernel has the drivers already or if the VM is Windows I load the drivers inside the VM so that the device is recognized. Once there the VM can implement whatever is needed: firewall, proxy, router, switch, VPN, etc. and then place it on an internal network for access by other VMs. I have done this with a Windows Host (XP and Win7) and both Linux (Debian-based: Ubuntu 9.04+) and Windows (XP) VMs.
You could probably do the exact same thing but using a WiFi USB dongle instread of the hardwired one I am using. I will probably try something like this when I have to travel and am worried about public WiFi.
It's a little bit inconvenient with external adapters, but not too bad. The worst part is the additional power drain. This can be partly offset by shutting off the internal network hardware on the host (since I am not using it anyways under these conditions).

I guess the real trick is to find a USB Wifi dongle that works well under a Linux-based firewall/router distro AND one that won't be picked up instantly by Windows and install drivers for.

oddballheader · ‎07-12-2010

So if I got this:

http://www.amazon.com/Wireless-802-11N-150Mbps-Network-Adapter/dp/B00333F2YU/

And didn't install drivers and used USB passthrough, would it work?

wila · ‎07-13-2010

Hi,

I'm afraid no-one can guarantee you that it will work for you. Not even if they have the device and if it works that way for them. Hardware configurations and host OS details/configurations might still be different enough to your setup to make it not work.

But having said that, it is very likely to work. Haven't had any problems with connecting USB nics directly to VMs myself and haven't seen much complains on the forum about it either.

As for not installing the drivers in the host OS. Why not? You can connect the device to either host OS or guest OS, it is never connected to both at the same time, so that shouldn't be a big problem unless you are afraid to connect it directly to the host OS by accident (you can still disable the device or hardwire configuration that it only works when in your home or something like that)

--
Wil
_____________________________________________________
VI-Toolkit & scripts wiki at http://www.vi-toolkit.com

Contributing author at blog www.planetvm.net

Twitter: @wilva

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

All

Using VMWare Workstation as a firewall/router on Windows?