[opensuse] Re: [opensuse-security] Can vmware network interfaces be controlled through susefirewall?

On Saturday 23 June 2007, Carlos E. R. wrote:
(I'm new to vmware)

vmware server created two interfaces, vmnet1 and vmnet8 - the task of each
one I have not clear -. The thing is, the hosted system (virtual machine)
does have network access (I told it to use Nat), but I don't really know
how, and whether it is protected by the firewall.

Of course, if there is a nice, easy to read, howto, just tell me :-)

If you use nat it is protected by the firewall, protected in the sense
that unless you go in and specifically configure a routing, no inbound
connections will be forwarded to the virtual machine.

So its just like being behind a router. You can establish outbound
connection in the virtual machine using just about any package
(web browser, telnet, ssh, email, etc). Its just like having a machine
behind a little hardware router. Until or unless you open any inbound
ports you are pretty well protected.

If you wanted to run a ssh SERVER in a virtual machine, using nat
you would have to go to /etc/vmware/vmnet8/nat and edit
nat.conf to include a line something like this:
[incomingtcp]
# SSH
8889 = 192.168.90.128:22

This would accept inbound connections on port 8889 and
route them to the virtual machine on port 22.

You will then restart vmware, and as root in the host, you will see with
netstat -anp that vmmet-natd is listening on port 8889 for you.

If you do not need inbound connections, you don't have to do any of this.


Warning: Anytime you update vmware, it has a habit of stomping
all over your nat.conf so MAKE A BACKUP copy.



--
_____________________________________
John Andersen

Attachment: pgp35Anic6uek.pgp
Description: PGP signature

Relevant Pages

  • Re: [opensuse] Re: [opensuse-security] Can vmware network interfaces be controlled through susef
    ... vmware server created two interfaces, vmnet1 and vmnet8 - the task of each ... connections will be forwarded to the virtual machine. ... route them to the virtual machine on port 22. ... If you do not need inbound connections, you don't have to do any of this. ...
    (SuSE)
  • Re: School Project; please read
    ... I would highly recommend using the FREE VMware ... lose data or render the PC unbootable with Windows. ... I'd do a complete Ubuntu installation ... The virtual machine files can be unzipped and run ...
    (Ubuntu)
  • Minix 3 on VMWare, notes and questions
    ... VMWare, including use with the free VMWare player. ... sound card every time I started the virtual machine. ... handling of the time obtained from the CMOS clock at startup. ... this a while ago when I wrote up some notes about using Minix 2.0.4 on ...
    (comp.os.minix)
  • Re: Beginnning to think about VMware and SCO 5.0.5
    ... files via ethernet from server A to NFS in server B, and then restarting the virtual machine ... Well, it seem that not only the virtual machines on the expensive VMware ESX host can be scripted, but also the startup/shutdown of virtual machines in the free VMware Server host can be scripted: ... I was able to successfully stop second virtual machine but could not stop the first machine. ... It can all be done quite easily with scripts from Linux. ...
    (comp.unix.sco.misc)
  • Re: Trust Issues
    ... since it is hard to determine if the VMWare image, ... These two systems are the virtual machine in VMware. ... >> Microsoft Online Partner Support ... >>>able to sccuessfullly add win2k3 domain account to the win2k domain? ...
    (microsoft.public.windows.server.general)