Forum OpenACS Q&A: VMWare

Collapse
1: VMWare
Posted by Tom Mizukami on 07/21/03 10:56 AM
I'm doing some OACS work on a w2k machine using vmware workstation 3.2. Sometimes it would be convenient if I could make my site publicly accessible to collaborators. I have a cable connection with a dynamic IP that has never changed, and my VM is configured using NAT. My site is viewable in the VM at localhost.localdomain:8000.

Can I use port forwarding to forward port 8000 request on the host machine to port 8000 in the VM and have my site viewable at my_host_ip:8000? Has anyone done something similar? Thanks.

Collapse
2: Re: VMWare (response to 1)
Posted by xx xx on 07/21/03 03:08 PM
A standard NAT configuration provides basic-level firewall protection because the NAT device can initiate connections from the private NAT network, but devices on the external network cannot normally initiate connections to the private NAT network.
It should be possible though. Use the NAT configuration file on the HOST to configure the NAT device. Download the manual (http://www.vmware.com/support/desktop/index.html) and read page 295 and 330 on how to change the C:\WINNT\system32\vmnetnat.conf (section on [incomingudp] probably) and vmnetdhcp.conf . I'm guessing here, since I'm using NAT on my notebook, but within a network I've used Bridged Networking only.
Goodluck and post your endresult please. If you feel like it, volunteer to write documentation (There is a need for volunteers on this subject; https://openacs.org/projects/openacs/doc-project/4-6-x-plans/)
Better support for vmware questions can be found at their newsgroups (http://www.vmware.com/support/using/newsgroups.html; vmware.guest.linux ).
Collapse
3: Re: VMWare (response to 1)
Posted by Mark Aufflick on 07/21/03 04:21 PM
I do exactly what you want to do (except running a linux vm on  a linux vmware host - don't ask...).

Do you have a router, or is your pc hooked directly to the cable?

If you have a router, you just configure the vm for bridged-mode networking, and configure linux in the vm to use an ip address in your private network range.

If you don't have a router ... get a router or be hacked ;) Seriously, hooking a w2k machine straight to cable is not a smart thing to do - or any machine for that matter. My friend Russell did a test by hooking up a linux machine with intrusion detection to the net, and it took from memory less than 48 hours to rack up the first 3 hack attempts.

Collapse
4: Re: VMWare (response to 1)
Posted by Jerry Asher on 07/22/03 02:05 AM
I would second Mark's comments and add that the *real* reason to get a router in your situation is that it will pay for itself over and over again in simplifying your networking within W2K and VMware and beyond should you ever branch out.

Bridged VMware is a breeze.

NAT'd VMware works and probably works well, but it does require some setup if you want the external net to get access into your NAT'd VM.  (Don't get me wrong, NAT works trivially for connections from VM to net.)

Collapse
5: Re: VMWare (response to 4)
Posted by John Sequeira on 07/22/03 06:09 PM
I also do port mapping to let clients view my VMs... I always use bridged connections as mentioned above.

For the router,  you might want to take a look at CoyoteLinux or Mitel's (a.k.a. e-smith) firewall distribution.  Stick a coyotelinux floppy into an old PC with two NICs and you have a router.  Mitel is a RedHat derivate tuned for security and ease of maintenance.  Both have been good to me.

Collapse
6: Cheap routers (response to 1)
Posted by Mark Aufflick on 07/23/03 02:22 AM
FWIW, my personal faourite cheap-as hardware router is from an asian company called compex - they look dodgy (and probably are) but i have had good luck with their routers (a bit basic though):

http://www.compex.com.sg/

they have routers that do wireless as well.

Collapse
7: Re: VMWare (response to 1)
Posted by Tom Mizukami on 07/28/03 10:39 AM
Thanks for the help. I got port forwarding to work but was having some issues with the software firewall (free version of zonealarm), couldn't open specific ports, etc.

Finally decided 10 bucks wouldn't break the budget and got a SMC router/firewall http://www.compusa.com/products/product_info.asp?product%5Fcode=294660

Anyone know of an appliance like this router that will also monitor outbound connections like ZoneAlarm.