VMware Communities
patpat
Contributor
Contributor

NAT & ICMP echo (ping) not working

Host: MS Vista

Guest: Ubuntu 8.10 Jeos

Networking : NAT, I have to use NAT.

The Host has full Internet acces

The Guest has Internet internet acces but ping fails in a weird way.

$ping www.google.com

returns the first line displaying the IP address of www.google.com

but there are not returned ping packets; lost 100%

how can I solve this?

Reply
0 Kudos
14 Replies
Scissor
Virtuoso
Virtuoso

Are you running any 3rd party firewalls on your Host? What AntiVirus are you running on your Host?

Do other Guests configured with NAT work properly?

Can you attach the vmware.log and .vmx file from the directory containing your Guest?

Reply
0 Kudos
patpat
Contributor
Contributor

no 3rd party firewalls on my host...

host antivirus ESET Nod32 Business Ed

I only work with 1 guest (ubuntu)

files requested attached (log from running the VM with Player and trying to ping www.google.com & www.ibm.com)

I've found on the net people with exactly the same problem

please let me know

thanks

Reply
0 Kudos
patpat
Contributor
Contributor

please I need an answer on this...

everything works, even Putty with ssh from the Vista Host logged-in into the Unbuntu Guest

but I cannot receive ping packets back pinging from the guest to the VM outside world !! what's going on??

thanks.

Reply
0 Kudos
patpat
Contributor
Contributor

I'm still dealing with this problem...

where can I ask about this?? it seems here is not the right place....

plese let me know

Patpat

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

Are you using the Jars Ubuntu VM Image that can be downloaded at the link you previously provided? If so, I can verify that when that particular Guest is set up for NAT networking that pings work for me. That tells us that the VM is good and the problem is with your Host.

Here is what I would recommend trying:

1. Are you using a wired or wireless network connection on your Host? If possible, test with a wired connection.

2. See if there is a newer Network card driver available for your Host network card. Then look at the advanced properties for your Host network card and try (temporarily) disabling any "Task Offload" or other "offload" settings to see if that makes a difference.

3. If the above doesn't help, try uninstalling your Host antivirus to rule it out as the cause (simply disabling the antivirus application might not be enough).

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

where can I ask about this?? it seems here is not the right place....

This is a community support forum so other end users help each other out on here.

If you require official support from VMware you can Create a Support Request, or Call Technical Support for a small charge here: http://www.vmware.com/support/

Reply
0 Kudos
patpat
Contributor
Contributor

Scissor

I've made my own VM.

When you say that the one contained on the link I've mentioned worked for you where you using Vista as Host ?

about 1) I cannot se the relationship to my problem...

about 2) Please I've said that everything works perfect with download speeds up to 400kbps and you suggest that the driver might be a problem???

about 3) what's the relationship between Nod32 and the ICMP trafic??

I've tested my VM on the SAME hardware but booting Windows Server 2003 and the ping worked w/o problem....

This points out to the Vista and the Vista firewall settings but the ICMP echo is enabled...

There's something between VISTA and VMWARE NAT....

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

Scissor

I've made my own VM.

Oh, ok.

When you say that the one contained on the link I've mentioned worked for you where you using Vista as Host ?

64-bit Vista SP1 Host running VMWare Workstation 6.5.1.

about 1) I cannot se the relationship to my problem...

I am suggesting to try a wired connection in order to rule out the wireless as the cause of the problem. Takes less time to test then debate about it.

about 2) Please I've said that everything works perfect with download speeds up to 400kbps and you suggest that the driver might be a problem???

Yup. I have seen a buggy driver and/or the "task offload" settings cause strange things like this before.

What Network Card do you have installed in your Host and what is the version number of the installed driver?

about 3) what's the relationship between Nod32 and the ICMP trafic??

Sometimes people install "Security Suites" that include AntiVirus and a Firewall without knowing about it. Notice that I suggested this as a last resort. If you're certain the Nod32 doesn't do any type of firewall functions and it doesn't interfere with the way VMware works with the Windows kernel then feel free to ignore this suggestion.

I've tested my VM on the SAME hardware but booting Windows Server 2003 and the ping worked w/o problem....

Good, then your Guest VM and your Host hardware is fine. However, drivers used on Server 2003 might differ from drivers on Vista.

This points out to the Vista and the Vista firewall settings but the ICMP echo is enabled...

There's something between VISTA and VMWARE NAT....

Correction.. There's something between your VISTA and VMWARE NAT. My Vista and VMware NAT work. I run AVG antivirus on my Host.

Reply
0 Kudos
patpat
Contributor
Contributor

VMware installs 2 virtual adapters...

from the guest I can ping just only one of them ... that does not even touch my host wireless driver...and does not work...

Lets forget about the antivirus, I have an antivirus no an extra firewall..

when you installed your VM on your Vista 64 the ping worked first try or u were touching the Vista firewall?

if your anwer is that it worked right out of the box I would say It couldn't be posible 'cause the ICMP echo default is not allowed on Vista's FW

then if you touched the Firewall, what did you do???

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

I'm confused. I thought you were having problems pinging www.google.com from a Guest? Why are you now talking about pinging your Host's virtual adapters?

By default your host will have 2 new "VMware Virtual Ethernet Adapters" after installing VMware Workstation (Player). One of those Virtual Adapters is attached to the VMnet1 virtual switch and the second is attached to the VMnet8 virtual switch. By default the VMNet1 virtual switch is used for Guests configured for NAT, and the VMNet8 virtual switch is used for Guests configured for "Host only" networking (neither one is used when the Guest is configured for Bridged networking).

On my computer, the "first" (it is actually called Local Area Connection 3) VMware Virtual Ethernet Adapter is attached to "VMnet1" and is used for NAT. The "second" (actually called Local Area Connection 4) is attached to VMnet8 and is used for Host-Only networking.

Note: I don't think you can easily "see" this information with only the VMware Player installed -- if you install VMware Workstation you will be able to view this networking information.

So if you do want to try to ping the VMware Virtual Ethernet Adapters from your Guest while configured for NAT networking it is logical that only the "first" adapter would respond to pings as it is the one plugged into the same virtual switch (VMNet1). The "second" adapter is not "attached" to the same virtual switch so it isn't accessible to your Guest.

=====

On a separate note, when you install VMware Workstation/Player on Vista, the appearance of two new virtual Ethernet Adapters causes the Vista Firewall to get confused. This (as you have noticed) causes the Vista firewall to revert to "Public" profile which blocks incoming pings by default. However, I believe it only blocks incoming pings to the Host -- ping replies sent by Guests trying to ping www.google.com should still work.*

You can "fix" the Firewall behavior by running the PowerShell script here: http://www.nivot.org/2008/09/05/VMWareVMNETAdaptersTriggeringPublicProfileForWindowsFirewall.aspx .

These forum threads have additional information as well:

http://communities.vmware.com/thread/85154

http://communities.vmware.com/message/713815

**I have a hunch that VMware does things slighly differently when using a Host wired connection vs a Wireless connection. But that's a topic for a whole other day. Please just try a wired connection at first to see if it works.

======

So, to recap, this is what I would do if it was my machine:

1. Make sure the Host is connected using a wired connection (disable wireless adapter to make sure).

2. Switch Guest to Bridged networking and test to see if ping replies from www.google.com work.

3. If ping replies are seen, then change the Guest to NAT networking and try ping tests again (reboot Guest in between).

4. If ping replies over NAT work, then repeat the tests while the Host is connected over a wireless connection (disable the wired adapter to make sure)

If things work with the Host Wired adapter and not the Wireless (or vice versa), look for driver updates and also try temporarily disabling any "Task Offload" or other "Offload" settings for the problem adapter.

Reply
0 Kudos
patpat
Contributor
Contributor

I'm confused. I thought you were having problems pinging www.google.com from a Guest? Why are you now talking about pinging your Host's virtual adapters?

yes, I'm pinging from the host; the first ping was the guest own address (OK) after that the guest default gateway (OK) after that the second VMware adapter address (NOK) after that the Internet adapter address (NOK) after that www.XXX.com (NOK) clear now?

By default your host will have 2 new "VMware Virtual Ethernet Adapters" after installing VMware Workstation (Player). One of those Virtual Adapters is attached to the VMnet1 virtual switch and the second is attached to the VMnet8 virtual switch. By default the VMNet1 virtual switch is used for Guests configured for NAT, and the VMNet8 virtual switch is used for Guests configured for "Host only" networking (neither one is used when the Guest is configured for Bridged networking).

On my computer, the "first" (it is actually called Local Area Connection 3) VMware Virtual Ethernet Adapter is attached to "VMnet1" and is used for NAT. The "second" (actually called Local Area Connection 4) is attached to VMnet8 and is used for Host-Only networking.

Note: I don't think you can easily "see" this information with only the VMware Player installed -- if you install VMware Workstation you will be able to view this networking information.

I see everithing you said so far... nothing new.

So if you do want to try to ping the VMware Virtual Ethernet Adapters from your Guest while configured for NAT networking it is logical that only the "first" adapter would respond to pings as it is the one plugged into the same virtual switch (VMNet1). The "second" adapter is not "attached" to the same virtual switch so it isn't accessible to your Guest.

=====

well both virtual switches are attached to the Host.... the host acts like a router , the host can ping both V switches interfaces, then why I cannot ping the second adapter?

On a separate note, when you install VMware Workstation/Player on Vista, the appearance of two new virtual Ethernet Adapters causes the Vista Firewall to get confused. This (as you have noticed) causes the Vista firewall to revert to "Public" profile which blocks incoming pings by default. However, I believe it only blocks incoming pings to the Host -- ping replies sent by Guests trying to ping www.google.com should still work.*

You can "fix" the Firewall behavior by running the PowerShell script here: .

These forum threads have additional information as well:

http://communities.vmware.com/thread/85154

http://communities.vmware.com/message/713815

**I have a hunch that VMware does things slighly differently when using a Host wired connection vs a Wireless connection. But that's a topic for a whole other day. Please just try a wired connection at first to see if it works.

======

So, to recap, this is what I would do if it was my machine:

1. Make sure the Host is connected using a wired connection (disable wireless adapter to make sure).

2. Switch Guest to Bridged networking and test to see if ping replies from www.google.com work.

3. If ping replies are seen, then change the Guest to NAT networking and try ping tests again (reboot Guest in between).

4. If ping replies over NAT work, then repeat the tests while the Host is connected over a wireless connection (disable the wired adapter to make sure)

If things work with the Host Wired adapter and not the Wireless (or vice versa), look for driver updates and also try temporarily disabling any "Task Offload" or other "Offload" settings for the problem adapter.

OK enough, thanks for your help but you have not answered my previous question?

You said you got the ping working with Vista 64(H)Ubuntu(G)NAT, I've said you have to touch the host firewall for doing so.

I've asked what did you do on it?... do you have a concise plain answer for this?

Reply
0 Kudos
Scissor
Virtuoso
Virtuoso

well both virtual switches are attached to the Host.... the host acts like a router , the host can ping both V switches interfaces, then why I cannot ping the second adapter?

By default, the Host (Vista) will not act "like a router" unless you have installed some additional software/features to enable it to route traffic between different IP subnets.

You can "fix" the Firewall behavior by running the PowerShell script here: .

These forum threads have additional information as well:

http://communities.vmware.com/thread/85154

http://communities.vmware.com/message/713815

OK enough, thanks for your help but you have not answered my previous question?

You said you got the ping working with Vista 64(H)Ubuntu(G)NAT, I've said you have to touch the host firewall for doing so.

I've asked what did you do on it?... do you have a concise plain answer for this?

Sorry I wasn't clear. Several months ago I ran the PowerShell script I pointed you towards to fix my Vista Firewall profile. (I also said the same in a reply to the last forum thread I linked to.) I still don't think it applies to your specific problem, but if you want to run the PowerShell script first it shouldn't hurt anything.

I've already spent well over an hour of my time trying to help and you still apparently haven't even tried my suggestions from yesterday morning. It is a bit frustrating from my point of view, but maybe you have your own way of troubleshooting software...

Reply
0 Kudos
patpat
Contributor
Contributor

Are you using the Jars Ubuntu VM Image that can be downloaded at the link you previously provided? If so, I can verify that when that particular Guest is set up for NAT networking that pings work for me. That tells us that the VM is good and the problem is with your Host.

well, you said you run that Ubuntu guest VM with NAT, later you said your host was Vista-64 and that the ping worked !

now you say that you were not clear...

no offense, I know you are trying to help me and I appreciatte that a lot but you are driving me crazy...

I'm not following your yesterday suggestions 'cause they make no sense at all to me...

I have to debug this, Hey VMware people is there any debugging logging technique that I can use in order to know what's going on with those ICMP packets???

Reply
0 Kudos
patpat
Contributor
Contributor

Wireshark seems to be the tool...

my set up

http://192 . 168 . 1 . 1 = Wireless router--


[http://192 . 168 . 1 . 39 = HOST = 192 . 168 . 232 . 1|http://192 . 168 . 1 . 39 = HOST = 192 . 168 . 232 . 1]----[http://192 . 168 . 232 . 128|http://192 . 168 . 232 . 128] =GUEST

the first run Wireshark interface was set to 192 . 168 . 232 .1

always from the guest

I've initiated a telnet sesion against http://192 . 168 . 1 . 1 = Wireless router =OK

I've pinged against http://192 . 168 . 1 . 1= Wireless router the requests are OK but no Answers .

http://img3.imageshack.us/img3/2659/capture1ux9.jpg

the second run Wireshark interface was set to 192 . 168 . 1 . 39

always from the guest

Ive pinged http://192 . 168 . 1 . 1= Wireless router there are ICMP requests & answers OK but the answers do not reach the Guest.

I've pinged against www.vmware.com, DNS =OK, ICMP requests & answers OK but the answers do not reach the Guest.

http://img167.imageshack.us/img167/8121/capture2ux5.jpg

for some reason the answer ICMP packets that reach the HOST are not re-routed to the guest

it seems the Firewallor some problem on the translation part of NAT might be the responsible; both on Microsoft side

off course the network driver nothing has to do here....

any real help appreciated.

PS On this web site is impossible to write an IP address without being parsed... 'cmon...

Reply
0 Kudos