vmware networking

[Lockup]

i just installed vmware and setup win2k in it etc...
i wanted give it networking access, so i read the docs, which confused me more than manpages:P
but from what i understood, i should use bridged networking...
thing is i have no idea how to set it up(i think its setup correctly in linux) in windows, i looked around the network options etc it seemed to be able to connect(how do i verify?), but i didnt have net access on it...
could someone give me a little explanation of what to do?

the other thing that concerns me is...is that method secure? since it uses some kind of samba thing...just wondering

[waverider202]

The method you use for networking should depend on what your network setup is like. I have vmware running with bridged networking, but I'm on a university lan, so my vmware machine gets its very one internet ip number.
_________________

[Lockup]

k well what should i use?
im completely clueless regarding networking

i just have this pc plugged on cable and want my VM to be able to connect:P

[waverider202]

A bridged network won't work then, cause you don't have 2 ip numbers. You need to set up NAT. As for security with samba, just tell samba to be exclusive to the vmware network, and security is no longer an issue.
_________________

[Lockup]

ok uhm so...how would i go and setup a NAT then =p

[waverider202]

vmware-config.pl asks about nat configuring. I've never actually set up nat for vmware before, so I odn't know if it creates the firewall rulse for you. If it doesn't, you have to find a firewall script and install it. You'll find plenty on freshmeat.net. configure your default gateway on your vmware os to the ip of your gentoo box (the 192.168.x.x number). You may need to add your dnses from your gentoo box into your vmware os
_________________

[Lockup]

ok ill try erm understanding what to do:P
gonna mess around with it a bit tonight
any howtos etc i should check out? maybe some NAT-specific one...ive found a pretty nice iptables one so thats a start...

btw the vmware'd os is win2k pro

[waverider202]

I haven't found any good nat howtos, but it isn't that hard if you have a good script for it. I've never set up a win2k machine behind a firewall before, just various linuxes and win98's, so I can't give you much help there
_________________

[Lockup]

hmm could you gimme a quick explanation of NAT instead please then ?

[waverider202]

NAT (Network Address Translation) is a routing method. You have a computer with an eth0 and eth1. Eth0 is the internet, eth1 is your internal network (in vmware, its the virtual network between win2k and gentoo, its vmnet8 I believe). All the machines in the internal network set the firewall as there default gateway. When a comp on the network sends a packet to an ip on the net, the packet is sent to the firewall, and then sent to the net. The firewall keeps track of what packets go out, so that it knows when to send packets from the net to your machine on the internal network. This is all controlled by iptables. Thats where the firewall script comes in, it runs a list of iptables commands to set it up for NAT. You just have to tell the script what your net device is (eth0) and what your trusted network (vmnet8) is. From there, you should be able to ping ip's from win2k. Add the 2 dns ip's from your /etc/resolv.conf to win2k, and you should be able to ping by name. That should be it.
_________________

[Lockup]

thanks:) i'll check it out in a few secs:)

[Lockup]

ah good theyre both able to ping each other
i didnt need to get any firewall script or anything...
just re-ran vmware-config.pl, enabled NAT...then messed around the stuff in win2k

edit: err ok they can ping each other but i still dont have net access lol

now is there a way to know if its secure?

[waverider202]

can the win2k machine ping the world?

as for security between machines, no packets ever pass through eth0 (the internet), so there is no security problems. Put this in your smb.conf file:

interfaces = vmnet8

that will tell samba to bind only to the virtual network between win2k and gentoo. The internet has no way to find out vmware is running at all, and can't do anything through smb or to your win2k.
_________________

[Lockup]

nope win2k cant ping the world, only local

...i dont have samba hehe

[waverider202]

just get your nat script up and running, and you should be fine.
_________________

[Lockup]

lol sorry im just a bit tired ehehe

im not really sure how to do that nat forwarding by hand yet so ill try and find a decent script for that....you know any good ones? brain's fried here at the mo...would be nice to have a NAT-only script so i dont have to mess around with 23984729384723984 settings that ill never need

[waverider202]

I used one a while ago. I twas Arno's Firewall Script, something like that. It worked well, but it didn't do ftp tracking well. Its a start, though.
_________________

[Lockup]

sigh, no matter wtf i try, i can only ping internal addresses (from win2k to linux and the other way around)

[Furtim]

Looks like you have not set up Win2k. Add your IP & DNS addresses
If you don't know how ......Right click on My Network Places ....click Properties ....click on Local Area Connection ....click on Properties
High light Internet Protercol [TCP/IP] ....add settings there.

[Lockup]

did that part
though im not sure what to give it for gateway...
192.168.195.1 or .0?

[waverider202]

the default gateway should be the ip for your gentoo box, which should be 192.168.0.1
_________________

[Lockup]

well after noticing the lack of howtos i just grabbed a few things from scripts and made my own(been setting up basic firewall rules this afternoon, such as ports to block etc)

for nat now, from what i understand, i only need this rule right?:

$IPT -t nat -A POSTROUTING -o vmnet8 -j MASQUERADE

($IPT is /sbin/iptables...)

[Lockup]

ok heres a little update

for some unknown reason, i now can ping stuff on the internet from my vm'd win2k...
i cant resolve though(and the DNS servs are the same as in resolv.conf)
i also cannot do anything except pinging (i tried to telnet somewhere...and to open up www.google.ca (using it's ip), but nothing...hmmm

thats while using this rule:

$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE

strange, ideas?

[Furtim]

ok you have .... iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
now try to add
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
so you are forwarding the requests.
win2k ip should be 192.168.0.what you like

[Lockup]

still the same symptoms...
hell, i even tried changing the eth setup in vmware (the hostonly-nat thing)...
tried regenerating the configs with vmware-config.pl and networking etc, still nothing, can only ping...

another thing i noticed is i can only ping local network too, by that i mean: i cant, for example, ssh to my normal box...even though i can ping it

so that narrows the possiblities down a bit, im guessing something isnt getting forwarded or something