Date: Tue, 01 Aug 2000 02:34:38 -0400 From: Chris BeHanna <behanna@mail.zbzoom.net> To: Robert Withrow <bwithrow@nortelnetworks.com> Cc: freebsd-emulation@freebsd.org, bwithrow@engeast.BayNetworks.COM Subject: Re: Host-only networking and NAT? Message-ID: <39866F7E.27F7198E@mail.zbzoom.net> References: <200007312152.RAA03118@pobox.engeast.BayNetworks.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Withrow wrote:
> Suppose you want to run VMWARE on your FreeBSD 4.0 system
> and have it "share" your system's IP address. Or suppose you want to
> have VMWARE use a static address on the same lan as your FBSD system,
> but you can't use bridged networking (because FBSD4.0 doesn't support
> it.)
I have exactly this working, today (but no joy with Samba as of
yet). See below.
> Seems like you should be able to use NAT for this, right? But I've
> followed the instructions:
>
> - Re-build the ipfw module with -DIPDIVERT
>
> - Turned on forwarding
>
> - Config IPFW with:
>
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via xl0
> /sbin/ipfw add pass all from any to any
>
> - Start natd with the -n xl0 option.
>
> And *no* traffic moves, not even normal xl0 traffic destined to
> adjacent nodes. If I delete the divert rule, traffic starts moving
> again (but, of course, no nat happens).
>
> It seems like this should work somehow, but I'm obviously confused.
>
> Does anyone do this sort of thing with VMWare?
I do (VMWare 2.02-621 on 4.1-RC #0, built Thu Jul 27 09:44:57 EDT
2000 after cvsupping the night before and building the world). Here's
the relevant portion of my kernel config file:
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity
#options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPV6FIREWALL #firewall for IPv6
options IPV6FIREWALL_VERBOSE
options IPV6FIREWALL_VERBOSE_LIMIT=100
#options IPV6FIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT #divert sockets
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPSTEALTH #support for stealth forwarding
Here's the relevant portion of /etc/rc.conf.local:
natd_enable="YES"
natd_interface="xl0"
natd_flags="-dynamic -same_ports"
With that set, you should be able to (as root) execute
sh /etc/rc.firewall open
and have nat work. If you don't like things open, make sure you build
up your custom config a little bit of a time from a copy of the open
case, and keep testing to make sure the last change didn't break it.
(Rest assured, *I'm* not running open!)
Here's the relevant portion of /etc/dhcpd.conf (well, actually, the
whole thing):
# --- begin dhcpd.conf ---
#
# 1 day in seconds
#
default-lease-time 86400;
#
# 3 days in seconds
#
max-lease-time 259200;
subnet 192.168.254.0 netmask 255.255.255.0 {
range 192.168.254.128 192.168.254.254;
option broadcast-address 192.168.254.255;
#
# These are my ISP's nameservers. Replace them with your own.
#
option domain-name-servers 208.236.36.3, 208.236.38.3;
#
# This is my ISP's domain name. Replace it with your own.
#
option domain-name "zbzoom.net";
#
# The address bound to your vmnet1 interface
#
option routers 192.168.254.1;
}
#
# Static IP addresses for named hosts
#
group {
use-host-decl-names true;
#
# The hardware ethernet must match the "network address" you set
# for your virtual ethernet adaptor in your guest Windows
# instance.
#
host win2k {
hardware ethernet 00:50:56:C2:0C:69 ;
fixed-address 192.168.254.128 ;
}
}
#
# Replace this with the class C that usually gets bound to your #
external network interface (e.g., xl0), otherwise, dhcpd will # bitch
about it.
#
subnet 24.154.5.0 netmask 255.255.255.0 {}
# --- end dhcpd.conf ---
Note that I specify that interface vmnet1 will always have address
192.168.254.1 (the default address for VMWare). This specification goes
into /etc/vmware/config.
Here are the relevant lines of /etc/vmware/config:
vmnet1.HostOnlyAddress = "192.168.254.1"
vmnet1.HostOnlyNetMask = "255.255.255.0"
I also added entries for vmware and win2k in my /etc/hosts:
192.168.254.1 vmware
192.168.254.128 win2k
Once you've done all of that, start dhcpd as root:
dhcpd -cf /etc/dhcpd.conf
Launch VMWare as yourself. Go to "Settings" and pick host-only
networking. Boot your Windows guest. Open the device settings for your
network adaptor, and choose Properties on the adaptor itself. Set its
network address to the same MAC address you specified in your
dhcpd.conf. Click Ok.
Now select TCP/IP in the listbox, and click the Properties button below
it. Select "Obtain automatically" for everything, then click Ok.
Now, pop up a command window and type
ipconfig /renew
And that should be it.
The directions may be slightly different if you've cvsupped more
recently than I and if you've picked up Vladimir's latest changes (which
include the if_tap.ko module, which I'm not currently using).
Regards,
Chris BeHanna
Software Engineer (at yourfit.com)
behanna@zbzoom.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-emulation" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39866F7E.27F7198E>