?
Solved

Isolated network using VMWare but need to still be able to access the internet from the isolated VMs

Posted on 2007-07-26
8
Medium Priority
?
1,408 Views
Last Modified: 2012-06-27
Hi,

I've created a test lab environment in VMWare to test some network and deployement operations without conflicting with the current network.
I use VMWare Workstation 6 for that.

I currently have a DC, another member server, and a Windows XP client virtualized, all using the VMNet2 ethernet adapter, which makes them into an isolated network.
All the machines can see each other and I'm happy with that.

Now, I would like the machines to be able to access the internet, which probably means your router as a gateway, but which is in another subnet that the virtual machines can not see since I isolated them.

Is it possible, can you please tell me how I should do ?

Thanks.
0
Comment
Question by:Vorenus
  • 4
  • 2
  • 2
8 Comments
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 19575359
You can add an additional virtual network adapter to the virtual machine and use one of the other VMNET settings. One of them (VMnet1 or VMnet8) is for NAT connections. That will allow them to get out to the rest of your network using the host as a gateway, but will prevent other machines on the network from getting into the test machines.
0
 
LVL 4

Author Comment

by:Vorenus
ID: 19575786
Hi,

Thanks for your answer.

First, when you say " That will allow them to get out to the rest of your network using the host as a gateway, but will prevent other machines on the network from getting into the test machines."

Do you mean that the virtual computers will be able to see all the rest of the network to the main network or only to the gateway ?
I have a DHCP server running on my virtual DC and since DHCP is broadcasted, that may create conflicts if the virtual network can talk to my physical live network.

Anyway, that doesn't seem to work for some reason : I tried with VMnet1 and VMNet8.
Dynamic IP on the second adapter doesn't work, but it is probably because I have a DHCP Server on my virtual network anyway.

I tried configuring the second card using static IP, I tried several settings, but that doesn't seem to help either.
What settings should I use please ? Our internet router is 192.168.25.1 and my virtual network is 192.168.0.*

Thanks in advance.
0
 
LVL 4

Author Comment

by:Vorenus
ID: 19575871
By the way, I tried after having stopped my DHCP server on the virtual machine and it doesn't help.

The only thing that allow me to see the router is to set the second card as "Bridged", but the network isn't isolated at all in this case.

Any pointers ?

Thanks.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 8

Expert Comment

by:Jim_Coyne
ID: 19576300
Place the VMWare lab on a seperate VLAN (VLAN2), then Route from VLAN2 to the Internet router.

What kind of switches do you have?
0
 
LVL 4

Author Comment

by:Vorenus
ID: 19576345
Hi Jim,

Thanks for your answer.
It is just a SOHO home router : no switches here yet (small office).
Can you please help me with the route command ?
I guess it is using the route command-line command but I never used it yet.

Thanks a lot in advance.
0
 
LVL 13

Assisted Solution

by:dhoffman_98
dhoffman_98 earned 800 total points
ID: 19576417
OK here's part of the problem... understanding what VMWare is doing with each of the VMNets.

Different VMNet interfaces can be set up with their own DHCP information. I can't remember if it's VMNET1 or VMNET8, the one I am thinking of will say NAT on it. That one has it's own DHCP server built into VMWare, and the VMWare host will allow traffic on that subnet to traverse out to the rest of the network. Since the host machine should have the information about how to reach your gateway, traffic destined for any host not on your LAN will be directed to the gateway. Basically what this means is that the VMWare system is acting as a router for your virtual machines.

If you use the Bridged interface, you are basically putting your virtual machine on your LAN. You probably don't want to do that (Especially if you are running another DHCP server).

Your concern about broadcasting DHCP brings up a point. If your virtual DC is running DHCP and you make it a bridged connection, then other machines on the network looking for DHCP information might get an address from that virtual machine. That's why in a lab environment, I try not to use DHCP, and I'll stick to static addresses. This way, I can allow my virtual machines to continue to talk to each other, but can still maintain a NAT connection so that I can send them out to the Internet to get updates from Microsoft for example.
0
 
LVL 8

Accepted Solution

by:
Jim_Coyne earned 1200 total points
ID: 19576473
You really need something with VLAN capability to do this right. This is because you need to create two seperate broadcast domains (layer 2) and route (layer 3) traffic to the Internet. The other option is to add a second bridged network adapter to the virtual member server. (one network in VMNet2 talking to other VMWare computers and one network in VMnet1 talking to the corporate LAN) Then configure the server to act as a router by enabling RRAS, add a route to the Internet router and a route on the Internet router to the VMNet2 via the server.

http://www.microsoft.com/technet/network/rras/default.mspx


0
 
LVL 4

Author Comment

by:Vorenus
ID: 19578820
Hi Jim,

Thanks for the suggestion.
I never used RRAS before, but it looks like a new workaround since I don't want to buy VLAN aware switch for a lab environment.
I think I get the idea, not sure about the details, but I'll post a new question if needed.

I give some points to dhoffman too since his answers were helpful to me as well.

Thanks you both.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Today as you open your Outlook, you witness an error message: “Outlook is using an old copy of your Outlook Data File…”. Probably, Outlook is accessing an old OST file.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question