×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

VMWare & IP Network Routing externally from VM

VMWare & IP Network Routing externally from VM

VMWare & IP Network Routing externally from VM

(OP)
Hi all,

Sorry, I am bit new to VMWare, so please bear with me. I am just starting to install it, but not sure if what I am trying to do is even possible in a virtual environment.

ISSUE 1: Here's my example along with example IP numbering:

MACHINE 1 (PHYSICAL MACHINE 1)
     1. VM DHCP + DNS
           192.168.1.2
     2. VM FW
           192.168.1.1,  
           192.168.2.1,  
           192.168.3.1,  
           192.168.4.1,

MACHINE 2 (PHYSICAL MACHINE 2)

     3. VM VPN Server
           192.168.2.2
     4. VM LDAP
           192.168.3.1
     5. VM FileServer
           192.168.3.2

I have added multiport cards to facilitate the network.

My question:
Can I even get the packets to traverse OUT of the [physical] box? E.g. there will be specific rules that define access between the VPN Server and the LDAP?

In other words, an authorisation request from the VPN Server should actually go through the firewall on Machine 1. I fear that since the IP addresses are locally known to the underlying OS, i.e. the IP stack on Machine 2 knows that both 192.168.2.2 and 192.168.3.2 are on the local machine, so the packets might never traverse the network at all.

Am I right? If I can force the issue, how do I do it?




ISSUE 2:
How can I assign specific network interfaces to specific machines? E.g. if I do not want eth0 to be available at all to VM4. But eth0 to be available ONLY to VM5?
Is this possible?



Any responses would be greatly appreciated.

Kind regards.

RE: VMWare & IP Network Routing externally from VM

Quote:


I fear that since the IP addresses are locally known to the underlying OS, i.e. the IP stack on Machine 2 knows that both 192.168.2.2 and 192.168.3.2 are on the local machine, so the packets might never traverse the network at all.
Switching and routing concepts don't change when you are in a virtual world. When a machine on one subnet needs to communicate with a machine on a different subnet the machine will forward the traffic to its gateway and the gateway will route the packets as per usual. Most times your VM hosts will forward the packets onto your physical network to be routed.

If you have multiple machine's that need to be on different subnets then you have two choices: 1) use VLANs and create multiple port groups, or 2) dedicate a physical interface to each virtual machine. If you have even a modest number of VM's then option 2 will not work for you as the number of physical interfaces to VM's will be 1:1. Using option 2 is what you'd use in your Issue 2 in regards to assigning a specific interface to a specific VM. Option 1 is what you'll use most any other time.

Quote:


How can I assign specific network interfaces to specific machines? E.g. if I do not want eth0 to be available at all to VM4. But eth0 to be available ONLY to VM5?
Is this possible?
Yes. Create a second vSwitch and assign this interface to the vSwitch. Then create a new Port Group. When you go into your VM settings you will be able to choose the port group that you just created. My question is, do you need to physically segment this particular host, say in a DMZ or something??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

RE: VMWare & IP Network Routing externally from VM

(OP)
Hello!

Thanks for the reply, I just tried it on my XP workstation. I don't see any traffic on my firewall, but the ping works successfully.

Am I missing something? I have configured the network in routing mode and not bridged.

Kind regards.

RE: VMWare & IP Network Routing externally from VM

(OP)
Sorry, I forgot to answer the question, yes, I need to put some hosts in the DMZ, e.g. the web server and also planning to put the VPN Server there. However, I will be using a RADIUS server with LDAP for the database for authentication which will be in a secure network.

I am just re-installing my machine again, but cannot get over what you said. Did you mean VLANs in the VM Host? Or where? I have usually created VLANs only in switches or routers, but that brings me back to the question: Will the packet even traverse out of the host machine into the VLAN. If I can get it to go that, I am done!

RE: VMWare & IP Network Routing externally from VM

When you create a Port Group you can give it a VLAN ID. Then on the physical switch be sure taht the switchport(s) is configured as a trunk. I should have asked, what version of VMWare are you running??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

RE: VMWare & IP Network Routing externally from VM

(OP)
Hello!

Thanks a lot, I'll try that. I was running VMWare Server 1.08 am currently re-doing my system to upgrade to 2.0.1.

Thanks again.

Kind regards.

RE: VMWare & IP Network Routing externally from VM

You should get the free copy of ESXi, not sure I would waste a lot of time with the VMWare Server version.  ESXi is much much much better.

http://www.vmware.com/products/esxi/

 

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close