Problem routing to Guest (VMWare not allowing pack...

kirkbauer · ‎11-10-2007

I am trying to make a virtual machine that does some unusual

things at the network layer and have run into a few problems. Turns out

even a bridged interface in VMWare is not a very good simulation of the guest

OS being directly connected to the network.

Here is the scenario: Windows XP is the host OS, running

VMWare Workstation 6, and Fedora Linux as the guest OS (I am only running ONE

guest OS). VMNet0 is bridged to the wireless adaptor on my XP host and

shows up as eth0 on the Linux guest. The guest is configured to use DHCP

for eth0. When the guest boots the MAC address that Linux shows on eth0

is the MAC address that my DHCP server sees a request from. My DHCP

server then assigns an IP to this new MAC address (which is different than the

MAC of my XP host).

As far as I can tell this is the last time that guest’s MAC

is seen on the physical network. Any traffic generated from the guest OS

shows up to other hosts on the physical network as coming from the MAC of the

XP host. Obviously the bridged network interface in VMWare is a Layer 2

bridge – packets from the guest OS going out to the physical network are

converted to come from the real physical MAC on the Windows host.

Obviously there is something special for the DHCP request since the DHCP server

sees the guest’s MAC – or maybe that is embedded within the DHCP request and

not taken from the layer 2 headers? I can’t remember the DHCP details

exactly.

Now, my previous problem (that I gave up trying to solve and

found a work around) was that I was trying to use multiple tagged VLANs on my

Linux guest. The guest could actually send out 802.1q tagged packets and

the vlan id header would remain intact on the physical network. But

packets going back to the guest with the VLAN header would not make it through –

presumably the VMWare bridge didn’t like them. I have avoided this

problem by eliminating the use of tagged VLANs in my guest OS, but now that I

know TMOS runs on VMware there must have been a solution to this as well.

Now to my question *

My current problem is a bit different and I really need to

find a solution to this. The IP of eth0 on the guest host was assigned

via DHCP but then I assign a number of other IPs as follows:

eth0: 10.1.2.252/16 (given out by my DHCP server)

eth0:1: 10.10.100.11 (static)

eth0:2: 10.10.100.12 (static)

(and so on…)

Then there is another physical machine on the physical

network (actually a physical BIG-IP with an untagged vlan) at address

10.10.100.100. The Linux guest can ping this address no problem – it is

on the same network as one of the Linux guest’s IPs.

I then define a static route within my XP host and several

other systems on the physical network (physical network is 10.1.0.0/16)

pointing 10.10.0.0/16 to a gateway of 10.1.2.252. These machines can ping

10.1.2.252 no problem. In the arp table they see the XP host’s MAC

address. They can also ping 10.10.100.11, 10.10.100.12, and any other

address defined on the Linux guest.

Now to my specific problem *

My XP host and another Windows machine on my network have a

static route to 10.10.0.0/16 pointing to the Linux guest (10.1.2.252) and they

can ping 10.10.100.11, 10.10.100.12, etc, no problem. But they can not

ping 10.10.100.100. This is NOT an IP on the Linux guest, instead it is

an IP on some other host that the Linux guest knows how to get to. I have

routing enabled on the Linux guest, that is not the problem. The problem

is that when I run a tcpdump on the Linux guest I never see the packets

destined for 10.10.100.100.

Here is what happens – the hosts trying to ping

10.10.100.100 find the route of 10.10.0.0/16 through 10.1.2.252. The

address 10.1.2.252 resolves to the XP host’s MAC address. They then send

a packet with a layer 3 destination of 10.10.100.100 and a layer 2 destination

of the XP host’s MAC. VMWare does *not* pass this through to the

Linux guest. If, however, a packet with a layer 3 destination of

10.10.100.11 and a layer 2 destination of the XP host’s MAC then the packet

will be bridged by VMWare to the Linux guest.

I also found that VMWare is doing proxy arping. If the

BIG-IP with a self-ip of 10.10.100.100 pings 10.10.100.11, it sends out an ARP

request for 10.10.100.11and it gets a response with the XP Host’s MAC. My

tcpdump in the Linux guest never sees the ARP. This means that VMWare is

responding to the ARP request on its own. From time to time I do see an

arp request on the Linux guest for 10.10.100.11 and it correctly responds with

its eth0 MAC but this doesn’t seem to be correlated with the ARP requests from

the physical BIG-IP.

As a test I had the BIG-IP arp for 10.10.100.150 (by pinging

it). This IP is not defined on the Linux guest. The Linux guest

does see the ARP for this. So I believe that if VMWare gets an ARP for an

IP that it hasn’t seen it relays it to the Linux guest. But if it already

knows the Linux guest responds to ARPs for that IP then it responds on its own.

So my guess is that VMWare remembers all of the IPs the

guest OS is ARPing for and will only forward packets that are destined for an

IP that the virtual machine has previously responded to an ARP request for…

therefore, how do I use a VMWare guest as a default router? VMWare would need

to forward any packets destined for the XP host’s MAC address (that are

presumably not caught by XP for other stuff) to the Linux guest. I

know it has to be possible as there are Virtual appliances that are routers,

I’m just missing something that needs to be done to get it to work.

rsa911 · ‎11-11-2007

Any traffic generated from the guest OS shows up to other hosts as coming from the MAC of the XP host.

Are you running any firewall or security software on the host ?

like zonealarm or similar product ?

Would you mind posting the list of installed software on your xp host ?

you can use Microsoft Tool PSINFO for this: execute psinfo -s

available from www.sysinternals.com

did you observed the same behaviour when bridging vmnet0 to your XP host WIRED i/f instead of wifi one ?

kirkbauer · ‎11-11-2007

I have Windows Firewall disabled on all interfaces and don't believe that I have anything else installed. I have not tried it on my wired network connection yet -- however everything I said before holds true even when testing from the XP host (i.e. the XP host has the same access problems to the guest as other hosts on the physical network). Here is the info you requested, thanks for your help so far!

Uptime: 0 days 17 hours 53 minutes 14 seconds

Kernel version: Microsoft Windows XP, Multiprocessor Free

Product type: Professional

Product version: 5.1

Service pack: 2

Kernel build number: 2600

Registered organization: F5 Networks, Inc

Registered owner: F5 User

Install date: 5/22/2007, 3:58:12 PM

Activation status: Error reading status

IE version: 6.0000

System root: C:\WINDOWS

Processors: 2

Processor speed: 2.1 GHz

Processor type: Genuine Intel(R) CPU T2600 @

Physical memory: 2038 MB

Video driver: Mobile Intel(R) 945GM Express Chipset Family

Applications:

3CDaemon

Adobe Reader 8.1.1 8.1.1

BrettspielWelt

Broadcom Gigabit Integrated Controller 8.22.11

Clarify CRM Client 13.1

Clarify ClearConfigurator 11.5SR1.21

Clarify ClearConfigurator Rule Wizard 11.5SR1.21 (Remove Only)

ClarifyCRM eFrontOffice11.5SR1.21 Client for Microsoft SQL Server

Conexant HDA D110 MDC V.92 Modem

High Definition Audio Driver Package - KB835221 20040219.000000

Hotfix for Windows XP (KB896256) 1

Hotfix for Windows XP (KB908673) 1

Hotfix for Windows XP (KB914642) 1

Hotfix for Windows XP (KB915800) 1

Hotfix for Windows XP (KB915865) 10

Hotfix for Windows XP (KB921411) 1

HttpWatch Professional 5.0.14 5.0.14

Intel(R) Graphics Media Accelerator Driver

Intel(R) PROSet/Wireless Software 10.1.1.4

J2SE Runtime Environment 5.0 Update 7 1.5.0.70

Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10

KeyTweak - Keyboard Remapper (remove only)

Lookout 1.3.0

MSXML 4.0 SP2 (KB927978) 4.20.9841.0

MSXML 4.0 SP2 (KB936181) 4.20.9848.0

McAfee VirusScan Enterprise 8.6.0

Microsoft .NET Framework 2.0 2.0.50727

Microsoft .NET Framework 2.0

Microsoft Office Access MUI (English) 2007 12.0.4518.1014

Microsoft Office Access Setup Metadata MUI (English) 2007 12.0.4518.1014

Microsoft Office Excel MUI (English) 2007 12.0.4518.1014

Microsoft Office InfoPath MUI (English) 2007 12.0.4518.1014

Microsoft Office Live Meeting Add-in Pack 7.5.3819.0

Microsoft Office Outlook MUI (English) 2007 12.0.4518.1014

Microsoft Office PowerPoint MUI (English) 2007 12.0.4518.1014

Microsoft Office Professional Plus 2007 12.0.4518.1014

Microsoft Office Proof (English) 2007 12.0.4518.1014

Microsoft Office Proof (French) 2007 12.0.4518.1014

Microsoft Office Proof (Spanish) 2007 12.0.4518.1014

Microsoft Office Proofing (English) 2007 12.0.4518.1014

Microsoft Office Publisher MUI (English) 2007 12.0.4518.1014

Microsoft Office Shared MUI (English) 2007 12.0.4518.1014

Microsoft Office Shared Setup Metadata MUI (English) 2007 12.0.4518.1014

Microsoft Office Visio MUI (English) 2007 12.0.4518.1014

Microsoft Office Visio Standard 2007 12.0.4518.1014

Microsoft Office Visio Viewer 2007 12.0.4518.1014

Microsoft Office Word MUI (English) 2007 12.0.4518.1014

Microsoft SQL Server 7.0

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs 12.0.4518

.1014

Microsoft Software Update for Web Folders (English) 12 12.0.4518.1014

Mozilla Firefox (2.0.0.9) 2.0.0.9 (en-US)

OPSWAT AntiVirus and Firewall Integration Libraries

OZ776 SCR CardBus Windows Driver 0.0.0.1

PowerDVD 5.6

SMS Advanced Client 2.50.4160.2000

Security Update for Excel 2007 (KB936509)

Security Update for Microsoft .NET Framework 2.0 (KB928365) 2

Security Update for Office 2007 (KB934062)

Security Update for Office 2007 (KB936514)

Security Update for Publisher 2007 (KB936646)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB890046) 1

Security Update for Windows XP (KB893756) 1

Security Update for Windows XP (KB896358) 1

Security Update for Windows XP (KB896423) 1

Security Update for Windows XP (KB896428) 1

Security Update for Windows XP (KB899587) 1

Security Update for Windows XP (KB899591) 1

Security Update for Windows XP (KB900725) 1

Security Update for Windows XP (KB901017) 1

Security Update for Windows XP (KB901214) 1

Security Update for Windows XP (KB902400) 1

Security Update for Windows XP (KB904706) 2

Security Update for Windows XP (KB905414) 1

Security Update for Windows XP (KB905749) 1

Security Update for Windows XP (KB908519) 1

Security Update for Windows XP (KB911562) 1

Security Update for Windows XP (KB911927) 1

Security Update for Windows XP (KB912812) 1

Security Update for Windows XP (KB913580) 1

Security Update for Windows XP (KB914388) 1

Security Update for Windows XP (KB914389) 1

Security Update for Windows XP (KB917344) 1

Security Update for Windows XP (KB917422) 1

Security Update for Windows XP (KB917953) 1

Security Update for Windows XP (KB918118) 1

Security Update for Windows XP (KB918439) 1

Security Update for Windows XP (KB919007) 1

Security Update for Windows XP (KB920213) 1

Security Update for Windows XP (KB920670) 1

Security Update for Windows XP (KB920683) 1

Security Update for Windows XP (KB920685) 1

Security Update for Windows XP (KB921503) 1

Security Update for Windows XP (KB922819) 1

Security Update for Windows XP (KB923191) 1

Security Update for Windows XP (KB923414) 1

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694) 1

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB923980) 1

Security Update for Windows XP (KB924191) 1

Security Update for Windows XP (KB924270) 1

Security Update for Windows XP (KB924496) 1

Security Update for Windows XP (KB924667) 1

Security Update for Windows XP (KB925902) 1

Security Update for Windows XP (KB926255) 1

Security Update for Windows XP (KB926436) 1

Security Update for Windows XP (KB927779) 1

Security Update for Windows XP (KB927802) 1

Security Update for Windows XP (KB928255) 1

Security Update for Windows XP (KB928843) 1

Security Update for Windows XP (KB929123) 1

Security Update for Windows XP (KB929969) 1

Security Update for Windows XP (KB930178) 1

Security Update for Windows XP (KB931261) 1

Security Update for Windows XP (KB931768) 1

Security Update for Windows XP (KB931784) 1

Security Update for Windows XP (KB932168) 1

Security Update for Windows XP (KB933729) 1

Security Update for Windows XP (KB935839) 1

Security Update for Windows XP (KB935840) 1

Security Update for Windows XP (KB936021) 1

Security Update for Windows XP (KB938127) 1

Security Update for Windows XP (KB938829) 1

Security Update for Windows XP (KB939653) 1

Security Update for Windows XP (KB941202) 1

Security Update for the 2007 Microsoft Office System (KB936960)

SigmaTel Audio 5.10.4803.0

SmartFTP Client 2.0 2.0.1000

SmartFTP Client 2.0 Setup Files (remove only) "2.0"

Sonic DLA 4.95

Sonic RecordNow! Plus 7.3

Sonic Update Manager 2.9

Update for Office 2007 (KB932080)

Update for Office 2007 (KB934391)

Update for Office 2007 (KB934393)

Update for Outlook 2007 (KB937608)

Update for Outlook 2007 Junk Email Filter (kb942575)

Update for Windows XP (KB894391) 1

Update for Windows XP (KB898461) 1

Update for Windows XP (KB900485) 2

Update for Windows XP (KB908531) 2

Update for Windows XP (KB910437) 1

Update for Windows XP (KB911280) 2

Update for Windows XP (KB916595) 1

Update for Windows XP (KB920872) 1

Update for Windows XP (KB922582) 1

Update for Windows XP (KB927891) 3

Update for Windows XP (KB930916) 1

Update for Windows XP (KB931836) 1

Update for Windows XP (KB933360) 1

Update for Windows XP (KB936357) 1

Update for Windows XP (KB938828) 1

Update for Word 2007 (KB934173)

VMware Workstation 6.0.2.59824

VZAccess Manager for RIM 6.2.1

Vim 7.1 (self-installing)

WebFldrs XP 9.50.7523

WinPcap 4.0.1 4.0.0.901

WinZip 9.0 SR-1 (6224)

Windows Desktop Search 3.01 03.01.6000.72

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803) 3.1

Windows XP Hotfix - KB839210 1

Windows XP Hotfix - KB873339 20041117.092459

Windows XP Hotfix - KB885835 20041027.181713

Windows XP Hotfix - KB885836 20041028.173203

Windows XP Hotfix - KB885855 20040930.104104

Windows XP Hotfix - KB886185 20041021.090540

Windows XP Hotfix - KB887472 20041014.162858

Windows XP Hotfix - KB888302 20041207.111426

Windows XP Hotfix - KB890859 1

Windows XP Hotfix - KB891781 20050110.165439

Wireshark 0.99.6a 0.99.6a

mCore 5.74.0000

mDrWiFi 5.74.0000

mDriver 5.74.0000

mHlpDell 5.74.0000

mIWA 5.74.0000

mLogView 5.74.0000

mMHouse 5.74.0000

mPfMgr 5.74.0000

mPfWiz 5.74.0000

mProSafe 9.00.0000

mSSO 5.74.0000

mWMI 5.74.0000

mWlsSafe 9.00.0000

mXML 5.74.0000

mZConfig 5.74.0000

?:?:e☻4♀?:?:?:

?:?:8☻O♀?:?:?:

rsa911 · ‎11-11-2007

I see 3 potential apps conflicting with vmware:

1. Virusscan Enterprise: make sure the firewall module is not installed

2: OPSWAT AntiVirus and Firewall Integration Libraries

3. WinPcap

before going further: try with wired ethernet: rebind vmnet0 to wired ethernet and reperform some tests

then if it's still the same issue: uninstall the 3 products above ( if possible one at a time with a batch of tests after each one)

Have fun

All

Problem routing to Guest (VMWare not allowing packets through)