# vmware networking

## Lockup

i just installed vmware and setup win2k in it etc...

i wanted give it networking access, so i read the docs, which confused me more than manpages:P

but from what i understood, i should use bridged networking...

thing is i have no idea how to set it up(i think its setup correctly in linux) in windows, i looked around the network options etc it seemed to be able to connect(how do i verify?), but i didnt have net access on it...

could someone give me a little explanation of what to do?

the other thing that concerns me is...is that method secure? since it uses some kind of samba thing...just wondering

----------

## waverider202

The method you use for networking should depend on what your network setup is like.  I have vmware running with bridged networking, but I'm on a university lan, so my vmware machine gets its very one internet ip number.

----------

## Lockup

k well what should i use?

im completely clueless regarding networking

i just have this pc plugged on cable and want my VM to be able to connect:P

----------

## waverider202

A bridged network won't work then, cause you don't have 2 ip numbers.  You need to set up NAT.  As for security with samba, just tell samba to be exclusive to the vmware network, and security is no longer an issue.

----------

## Lockup

ok uhm so...how would i go and setup a NAT then =p

----------

## waverider202

vmware-config.pl asks about nat configuring.  I've never actually set up nat for vmware before, so I odn't know if it creates the firewall rulse for you.  If it doesn't, you have to find a firewall script and install it.  You'll find plenty on freshmeat.net.  configure your default gateway on your vmware os to the ip of your gentoo box (the 192.168.x.x number).  You may need to add your dnses from your gentoo box into your vmware os

----------

## Lockup

ok ill try erm understanding what to do:P

gonna mess around with it a bit tonight

any howtos etc i should check out? maybe some NAT-specific one...ive found a pretty nice iptables one so thats a start...

btw the vmware'd os is win2k pro

----------

## waverider202

I haven't found any good nat howtos, but it isn't that hard if you have a good script for it.  I've never set up a win2k machine behind a firewall before, just various linuxes and win98's, so I can't give you much help there

----------

## Lockup

hmm could you gimme a quick explanation of NAT instead please then ? :Razz: 

----------

## waverider202

NAT (Network Address Translation) is a routing method.  You have a computer with an eth0 and eth1.   Eth0 is the internet, eth1 is your internal network (in vmware, its the virtual network between win2k and gentoo, its vmnet8 I believe).  All the machines in the internal network set the firewall as there default gateway.  When a comp on the network sends a packet to an ip on the net, the packet is sent to the firewall, and then sent to the net.  The firewall keeps track of what packets go out, so that it knows when to send packets from the net to your machine on the internal network.  This is all controlled by iptables.  Thats where the firewall script comes in, it runs a list of iptables commands to set it up for NAT.  You just have to tell the script what your net device is (eth0) and what your trusted network (vmnet8) is.  From there, you should be able to ping ip's from win2k.  Add the 2 dns ip's from your /etc/resolv.conf to win2k, and you should be able to ping by name.  That should be it.

----------

## Lockup

thanks:) i'll check it out in a few secs:)

----------

## Lockup

ah good theyre both able to ping each other

i didnt need to get any firewall script or anything...

just re-ran vmware-config.pl, enabled NAT...then messed around the stuff in win2k

edit: err ok they can ping each other but i still dont have net access lol

now is there a way to know if its secure?

----------

## waverider202

can the win2k machine ping the world?

as for security between machines, no packets ever pass through eth0 (the internet), so there is no security problems.  Put this in your smb.conf file:

interfaces = vmnet8

that will tell samba to bind only to the virtual network between win2k and gentoo.  The internet has no way to find out vmware is running at all, and can't do anything through smb or to your win2k.

----------

## Lockup

nope win2k cant ping the world, only local

...i dont have samba hehe

----------

## waverider202

just get your nat script up and running, and you should be fine.

----------

## Lockup

lol sorry im just a bit tired ehehe

im not really sure how to do that nat forwarding by hand yet so ill try and find a decent script for that....you know any good ones? brain's fried here at the mo...would be nice to have a NAT-only script so i dont have to mess around with 23984729384723984 settings that ill never need   :Very Happy: 

----------

## waverider202

I used one a while ago.  I twas Arno's Firewall Script, something like that.  It worked well, but it didn't do ftp tracking well.  Its a start, though.

----------

## Lockup

sigh, no matter wtf i try, i can only ping internal addresses (from win2k to linux and the other way around)

----------

## Furtim

Looks like you have not set up Win2k. Add your IP & DNS addresses

If you don't know how ......Right click on My Network Places ....click Properties ....click on Local Area Connection ....click on Properties

High light Internet Protercol [TCP/IP] ....add settings there.

----------

## Lockup

did that part

though im not sure what to give it for gateway...

192.168.195.1 or .0?

----------

## waverider202

the default gateway should be the ip for your gentoo box, which should be 192.168.0.1

----------

## Lockup

well after noticing the lack of howtos i just grabbed a few things from scripts and made my own(been setting up basic firewall rules this afternoon, such as ports to block etc)

for nat now, from what i understand, i only need this rule right?:

$IPT -t nat -A POSTROUTING -o vmnet8 -j MASQUERADE

($IPT is /sbin/iptables...)

----------

## Lockup

ok heres a little update

for some unknown reason, i now can ping stuff on the internet from my vm'd win2k...

i cant resolve though(and the DNS servs are the same as in resolv.conf)

i also cannot do anything except pinging (i tried to telnet somewhere...and to open up www.google.ca (using it's ip), but nothing...hmmm

thats while using this rule:

$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE

strange, ideas?  :Razz: 

----------

## Furtim

ok you have .... iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

now try to add

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT

so you are forwarding the requests.

win2k ip should be 192.168.0.what you like

----------

## Lockup

still the same symptoms...

hell, i even tried changing the eth setup in vmware (the hostonly-nat thing)...

tried regenerating the configs with vmware-config.pl and networking etc, still nothing, can only ping...

another thing i noticed is i can only ping local network too, by that i mean: i cant, for example, ssh to my normal box...even though i can ping it

so that narrows the possiblities down a bit, im guessing something isnt getting forwarded or something

----------

## Furtim

what device is the internet on ?

Try - 

disable hostonly network

----------

## waverider202

when blocking ports, did you tell it to block those ports only on eth0, cause that makes a difference

----------

## Lockup

well, to make things simpler, heres the whole script heh...if im missing any rules or something please tell me...i know its a bit big but its just a basic setup that ill base myself on to make it a bit more advanced later, when i get this [..­.] vmware networking up  :Razz: 

now just to make sure...is there anything else to setup on the linux box except the rules?

```

#!/bin/sh

###############################################

# Configuration:

###############################################

# Internet Connection Configuration

INET_IFACE="eth0"

INET_IP="`/sbin/ifconfig eth0 | /bin/grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"

echo ${INET_IP} > /etc/inet_ip

# LAN Configuration

LAN_IFACE="eth0"

LAN_IP="192.168.0.1"

LAN_IP_RANGE="192.168.0.0/24"

LAN_BCAST_ADDR="192.168.0.255"

# Localhost Configuration

LO_IFACE="lo"

LO_IP="127.0.0.1"

# IPTables Configuration

IPT="/sbin/iptables"

BLOCK_BAD_PORTS="yes"

echo "Loading iptables firewall:"

###########################################################################

# /proc Configuration ####################################################

###########################################################################

# IP Forwarding

echo -n "Checking IP Forwarding..."

if [ -e /proc/sys/net/ipv4/ip_forward ] ; then

echo 1 > /proc/sys/net/ipv4/ip_forward

echo "enabled."

else

echo "Support not found. (this will probably cause problems)"

fi

# TCP Syncookies

echo -n "Checking IP SynCookies..."

if [ -e /proc/sys/net/ipv4/tcp_syncookies ] ; then

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

echo "enabled."

else

echo "support not found, but that's OK."

fi

###############################################

# Ruleset ###############################################

# Default Policies

echo "Building default policies and tables"

$IPT -P INPUT DROP

$IPT -P OUTPUT DROP

$IPT -P FORWARD DROP

# Bad TCP packets chain

$IPT -N bad_tcp_packets

# Bad ports and droplog chain

$IPT -N bad_ports

$IPT -N drop_log

# ICMP, TCP and UDP chains

$IPT -N allowed

$IPT -N icmp_packets

$IPT -N tcp_packets

$IPT -N udp_packets

# bad_tcp_packets chain

# :logs then drops bad tcp packets

echo "Building the bad_tcp_packets chain"

$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:"

$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

# drop_log chain

# :logs then drops packets that were sent from bad_ports chain

echo "Building the drop_log chain"

$IPT -A drop_log -p all -s 0/0 -j LOG --log-prefix "Bad port:"

$IPT -A drop_log -p all -s 0/0 -j DROP

# bad_ports chain

# :forwards ports we want logged to the drop_log chain

echo "Building the bad_ports chain"

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 23 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 25 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 50 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 80 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 110 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 111 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 137 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 138 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 139 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 389 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 512 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 513 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 514 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 515 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 522 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 664 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 679 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 708 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 1080 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 1503 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 2049 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 2064 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 3306 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 3128 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 7100 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 12345 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 12346 -j drop_log

$IPT -A bad_ports -p tcp -s 0/0 --destination-port 31337 -j drop_log

$IPT -A bad_ports -p udp -s 0/0 --destination-port 137 -j drop_log

$IPT -A bad_ports -p udp -s 0/0 --destination-port 139 -j drop_log

# allowed chain

echo "Building the allowed chain"

$IPT -A allowed -p TCP --syn -j ACCEPT

$IPT -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A allowed -p TCP -j DROP

$IPT -A allowed -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT

# tcp_packets chain

echo "Building the tcp_packets chain"

$IPT -A tcp_packets -p TCP -s 0/0 --dport 666 -j LOG --log-prefix "SSH connection from:"

$IPT -A tcp_packets -p TCP -s 0/0 --dport 666 -j allowed

$IPT -A tcp_packets -p TCP -s 127.0.0.1 --dport 6000 -j allowed

$IPT -A tcp_packets -p TCP -s $INET_IP --dport 6000 -j allowed

# udp_packets chain

echo "Building the udp_packets chain"

$IPT -A udp_packets -p UDP -s 0/0 --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT

# icmp_packets

echo "Building the icmp_packets chain"

$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP #block pings

$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

# INPUT chain

echo "INPUT chain..."

# Bad TCP packets we don't want.

echo "Bad TCP packets we dont want"

$IPT -A INPUT -p tcp -j bad_tcp_packets

# Block bad ports

echo "Block bad ports"

if [ $BLOCK_BAD_PORTS == "yes" ]; then

  $IPT -A INPUT -p ALL -i $INET_IFACE -j bad_ports

fi

# Rules for localhost & intranet

echo "Setting rules for localhost & intranet"

$IPT -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT

$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT

$IPT -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT

$IPT -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT

$IPT -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT

$IPT -A INPUT -p ALL -i $LAN_IFACE -d $LAN_BCAST_ADDR -j ACCEPT

# Rules for incoming packets from the internet.

echo "Setting rules for incoming packets from the internet"

$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_packets

$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_packets

$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets

# Log weird packets that don't match the above.

echo "Logging weird packets that dont match any rules"

$IPT -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "

# FORWARD chain

echo "FORWARD chain..."

# Bad TCP packets we don't want

echo "Bad TCP packets we dont want"

$IPT -A FORWARD -p tcp -j bad_tcp_packets

# Block bad ports

echo "Blocking bad ports"

if [ $BLOCK_BAD_PORTS == "yes" ]; then

  $IPT -A FORWARD -p ALL -s ! $LAN_IP_RANGE -d $LAN_IP_RANGE -j bad_ports

fi

# Accept the packets we actually want to forward

echo "Accept the packets we want to forward"

$IPT -A FORWARD -i $LAN_IFACE -j ACCEPT

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPT -A FORWARD -s $LAN_IP_RANGE -j ACCEPT 

$IPT -A FORWARD -d $LAN_IP_RANGE -j ACCEPT 

# Log weird packets that don't match the above.

echo "Logging weird packets that dont match the above"

$IPT -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT FORWARD packet died:"

# OUTPUT chain

echo "OUTPUT chain..."

# Bad TCP packets we don't want.

echo "Bad TCP packets we dont want"

$IPT -A OUTPUT -p tcp -j bad_tcp_packets

# Special OUTPUT rules to decide which IP's to allow.

echo "Special rules to decide which IP's to allow"

$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT

$IPT -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT

$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT

$IPT -A OUTPUT -p ALL -s $INET_IP -j ACCEPT

# Log weird packets that don't match the above.

echo "Log weird packets that dont match rules"

$IPT -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died"

####################################################################

#

# NAT table

#

echo "NAT POSTROUTING chain..."

# POSTROUTING chain

# Enable IP Masquerading

$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

echo "Enabling Masq"

echo "Done."

```

keep in mind that the ping drop rule isnt enabled when i test the networking, as it might obviously cause problems when..err...pinging   :Wink: 

ps: yeah i know that badports thing is a bit long, ill turn it into a simple var with the ports i want logged and just use a 'for'...

and with that set of rules, which networking "protocol" should i exactly tell vmware to use? im not sure between host-only and nat...(both arent working but itd be nice to be sure:p

----------

## waverider202

Both your inet and lan interface are set to eth0.  That can do some really screwy things.  Your lan interface should be vmnet8.  Plug that in then try.

----------

## Lockup

hmm ill try when i get home i guess(at college atm...urgh...10 hours of class:(

so i just change this one to vmnet8, nothing else?

id change it right away but apparantly i either lost connection or power at home, cause i cant ssh in

actually, when i get home, ill paste an ifconfig over, and a screenie of my windows network setup heh...so... host-only, bridged, or nat? still confused  :Razz: 

----------

## waverider202

you'll be using NAT.

----------

## Furtim

your setup will work if you change your LAN_IFACE to vmnet1 or vmnet8

what ever you have

Just set my machine up like yours and it worked

normally i don't have hostonly ( prefer samba share ) as i have an internal

network as well

waverider i thought you had the wrong iface till i set this up and found i could

do the same on both

----------

## waverider202

vmnet8 was my guess, if that didn't work I was gonna say use vmnet1   :Embarassed: 

lol

----------

## Lockup

well nat is vmnet8....hostonly is vmnet1, and bridged is err nothing  :Very Happy: 

just got home gonna try the script...once again

edit: hrm...just enabled NAT with vmware-config.pl and now theres no vmnet in ifconfig *rolleyes* this is really starting to annoy me

edit2: ah it just popped up...heh....right time to try

----------

## Lockup

heres my ifconfig

```

eth0      Link encap:Ethernet  HWaddr 00:50:DA:11:31:8C  

          inet addr:24.202.24.171  Bcast:255.255.255.255  Mask:255.255.255.0

          UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1

          RX packets:826455 errors:0 dropped:0 overruns:0 frame:0

          TX packets:349441 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100 

          RX bytes:249251445 (237.7 Mb)  TX bytes:36894162 (35.1 Mb)

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:98430 errors:0 dropped:0 overruns:0 frame:0

          TX packets:98430 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:5337136 (5.0 Mb)  TX bytes:5337136 (5.0 Mb)

vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08  

          inet addr:192.168.177.1  Bcast:192.168.177.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:77 errors:0 dropped:0 overruns:0 frame:0

          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

```

and heres a strange part of my log when i tried to ping 192.168.177.1...the weird thing is, pinging 192.168.177.2 works, but i dont see that ip mentioned anywhere...

```

Dec  2 18:09:54 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=00:50:56:c0:00:08:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=102 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=8448 

Dec  2 18:09:55 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=00:50:56:c0:00:08:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=103 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=8704 

Dec  2 18:09:57 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=00:50:56:c0:00:08:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=104 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=8960 

Dec  2 18:11:30 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=122 PROTO=UDP SPT=137 DPT=137 LEN=58 

Dec  2 18:11:30 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=123 PROTO=UDP SPT=137 DPT=137 LEN=58 

Dec  2 18:11:31 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=124 PROTO=UDP SPT=137 DPT=137 LEN=58 

Dec  2 18:11:30 Beast IPT INPUT packet died: IN=vmnet8 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:40:00:5e:08:00 SRC=192.168.177.5 DST=192.168.177.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=123 PROTO=UDP SPT=137 DPT=137 LEN=58 

```

and here is the link to the screenshot of my windows setup, if you need anything translated(old french cd version:P, just gimme a shout:)

http://membres.lycos.fr/freezer666/vmware.jpg

----------

## Furtim

ok your firewall script is set to 192.168.0.1

your win2k is set to 192.168.177.5

you must set your firewall script to match your win2k  192.168.177.5

----------

## Lockup

k lets see....gonna edit this when im done trying  :Razz: 

edit: still no luck...whats strange is i cant ping 192.168.177.1, but can ping .2...wtf?

----------

## Furtim

Lockup you can ping because it's the same card bridged  :Smile: 

I tested your setup on my box and it worked ok

If you read my earier post you would have seen

----------

## Lockup

hm well then what could be wrong? getting desperate here :\

----------

## Furtim

Just noticed your default gateway on your win2k

change it to your Gentoo ip ( you are not routeing anything )

just stuck in your vmware box

----------

## Lockup

you mean my 'real' ip?

just tried with 24.202.24.171, and i STILL can only ping the usual crap(same as above)

----------

## Furtim

Yeah 24.202.24.171

bad if it's dynamic though

----------

## Lockup

yeah its dynamic thats one of the main probs i guess....but for now it still doesnt work so dynamic or not doesnt change much =p

----------

## Furtim

go do a vmware-cofig.pl

enable networking and no hostonly 

check your settings again

Get it working that way first

You can back up your /etc/vmware ( for quick revert )

----------

## Lockup

hmm i just found out theres a file in /etc/vmware/vmnet8/nat called nat.conf....hmm and it has a few settings that look like i should change them *scratch*

```

# Linux NAT configuration file

[host]

# NAT gateway address

ip = 192.168.177.2

netmask = 255.255.255.0

# or ip = 192.168.177.2/24

# enable configuration; disabled by default for security reasons

#configport = 33445

# VMnet device if not specified on command line

device = /dev/vmnet8

# Allow PORT/EPRT FTP commands (they need incoming TCP stream...)

activeFTP = 1

# Allows the source to have any OUI.  Turn this one if you change the OUI

# in the MAC address of your virtual machines.

#allowAnyOUI = 1

[udp]

# Timeout in seconds, 0 = no timeout, default = 60; real value might

# be up to 100% longer

timeout = 60

[incomingtcp]

# Use these with care - anyone can enter into your VM through these...

# FTP (both active and passive FTP is always enabled)

#      ftp localhost 8887

#8887 = 192.168.177.128:21

# WEB (make sure that if you are using named webhosting, names point to

#     your host, not to guest... And if you are forwarding port other

#     than 80 make sure that your server copes with mismatched port

#     number in Host: header)

#      lynx http://localhost:8888

#8888 = 192.168.177.128:80

# SSH

#      ssh -p 8889 root@localhost

#8889 = 192.168.177.128:22

[incomingudp]

# UDP port forwarding example

#6000 = 192.168.177.128:6001

```

----------

## Furtim

Your route table tells you what you need to know

ext_ip .... lan_ip ( then setup you firewall script to match

did you change your firewall setting ?

LAN_IP="192.168.0.1"

LAN_IP_RANGE="192.168.0.0/24"

LAN_BCAST_ADDR="192.168.0.255

to match you you win2k

----------

## Lockup

# LAN Configuration

LAN_IFACE="vmnet8"

LAN_IP="192.168.0.5"

LAN_IP_RANGE="192.168.0.0/24"

LAN_BCAST_ADDR="192.168.0.255"

----------

## Furtim

is that your firewall settings ?

if it is you have not set them to match your win2k

should be ( firewall script )

LAN_IP="192.168.177.5"

LAN_IP_RANGE="192.168.177.0/24"

LAN_BCAST_ADDR="192.168.177.255"

win2k

ip = 192.168.177.5

subnet = 255.255.255.0

default gateway = 24.202.24.171

----------

## Lockup

still not working... *twitches uncontrollably*

----------

## waverider202

shouldn't the defualt gateway be the internal ip. it should be 192.168.177.1.  cause, the win2k machine doesn't know about anything else, but the internal lan.  If, without the firewall, you can't ping the gentoo box's internal lan ip, then something else is wrong

----------

## Furtim

the only thing i can suggest now is to go over ever step again making

sure you have not missed something 

check your vmware setup 

win2k setup

firewall setup

anyway going down for a while 

good luck

----------

## Lockup

well ive modified my script for the time being, put all defaults on ACCEPT....

now i can ping .1(dunno what was blocking it...), but still not net access, @#W(%*@#)(

----------

## Furtim

ok my setup 

samba for lan

internet = eth1

lan = eth0 ( 192.168.0.1 ) ---> 7 other machines

vmnet1 

ip = 172.16.107.1  --- > citrix metaframe ( serve the lan )

network ( no hostonly )

win2k

ip = 192.169.0.15

subnet = 255.255.255.0

gateway = 192.168.0.1

eth0      Link encap:Ethernet  HWaddr 00:20:18:56:D3:44

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

eth1      Link encap:Ethernet  HWaddr 00:50:BF:53:1B:77

inet addr:213.106.98.10  Bcast:255.255.255.255  Mask:255.255.255.0

vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01

inet addr:172.16.107.1  Bcast:172.16.107.255  Mask:255.255.255.0

Hope this will help

----------

## Lockup

well i dont have samba...and as for host-only imnot sure how to turn that off,not even sure if its on

----------

## Furtim

you are missing something i had your setup earlier and i was ok

do a vmware-conif.pl and say yes to network and no to host's file system

----------

## Lockup

ah then its ok, its what i answered earlier..

tempted to just fuck it over and forget about it *sigh*

----------

## waverider202

if you think the firewall script if configured the way is should be, try a different one.  When I was setting up the firewall box back home, it took me 3 tries to find a firewall script tahts worked the way I liked it.

----------

## gi1242

*sigh*. I had the same problems. I tried all the suggestions in this thread, and various firewall scripts. Still no luck.

I finally gave up, and set up two networks on my virtual machine: One host only to share files, and NAT to access the internet.

It's been a *long* time since I've had to deal with windows. And I must say windows does suck quite a bit!

GI

----------

