From owner-freebsd-emulation Tue Aug 1 1: 4:31 2000 Delivered-To: freebsd-emulation@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-5-187.zoominternet.net [24.154.5.187]) by hub.freebsd.org (Postfix) with ESMTP id D0F0E37BB56 for ; Tue, 1 Aug 2000 01:04:24 -0700 (PDT) (envelope-from behanna@topperwein.dyndns.org) Received: (from root@localhost) by topperwein.dyndns.org (8.9.3/8.9.3) id EAA74576; Tue, 1 Aug 2000 04:03:46 -0400 (EDT) (envelope-from behanna) Received: from mail.zbzoom.net (localhost [127.0.0.1]) by topperwein.zbzoom.net (8.9.3/8.9.3) with ESMTP id CAA73912; Tue, 1 Aug 2000 02:34:38 -0400 (EDT) (envelope-from behanna@mail.zbzoom.net) Message-ID: <39866F7E.27F7198E@mail.zbzoom.net> Date: Tue, 01 Aug 2000 02:34:38 -0400 From: Chris BeHanna Reply-To: behanna@zbzoom.net Organization: Western Pennsylvania Pizza Disposal Unit X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Robert Withrow Cc: freebsd-emulation@freebsd.org, bwithrow@engeast.BayNetworks.COM Subject: Re: Host-only networking and NAT? References: <200007312152.RAA03118@pobox.engeast.BayNetworks.COM> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-emulation@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Withrow wrote: > Suppose you want to run VMWARE on your FreeBSD 4.0 system > and have it "share" your system's IP address. Or suppose you want to > have VMWARE use a static address on the same lan as your FBSD system, > but you can't use bridged networking (because FBSD4.0 doesn't support > it.) I have exactly this working, today (but no joy with Samba as of yet). See below. > Seems like you should be able to use NAT for this, right? But I've > followed the instructions: > > - Re-build the ipfw module with -DIPDIVERT > > - Turned on forwarding > > - Config IPFW with: > > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via xl0 > /sbin/ipfw add pass all from any to any > > - Start natd with the -n xl0 option. > > And *no* traffic moves, not even normal xl0 traffic destined to > adjacent nodes. If I delete the divert rule, traffic starts moving > again (but, of course, no nat happens). > > It seems like this should work somehow, but I'm obviously confused. > > Does anyone do this sort of thing with VMWare? I do (VMWare 2.02-621 on 4.1-RC #0, built Thu Jul 27 09:44:57 EDT 2000 after cvsupping the night before and building the world). Here's the relevant portion of my kernel config file: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPV6FIREWALL #firewall for IPv6 options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=100 #options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT #divert sockets options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPSTEALTH #support for stealth forwarding Here's the relevant portion of /etc/rc.conf.local: natd_enable="YES" natd_interface="xl0" natd_flags="-dynamic -same_ports" With that set, you should be able to (as root) execute sh /etc/rc.firewall open and have nat work. If you don't like things open, make sure you build up your custom config a little bit of a time from a copy of the open case, and keep testing to make sure the last change didn't break it. (Rest assured, *I'm* not running open!) Here's the relevant portion of /etc/dhcpd.conf (well, actually, the whole thing): # --- begin dhcpd.conf --- # # 1 day in seconds # default-lease-time 86400; # # 3 days in seconds # max-lease-time 259200; subnet 192.168.254.0 netmask 255.255.255.0 { range 192.168.254.128 192.168.254.254; option broadcast-address 192.168.254.255; # # These are my ISP's nameservers. Replace them with your own. # option domain-name-servers 208.236.36.3, 208.236.38.3; # # This is my ISP's domain name. Replace it with your own. # option domain-name "zbzoom.net"; # # The address bound to your vmnet1 interface # option routers 192.168.254.1; } # # Static IP addresses for named hosts # group { use-host-decl-names true; # # The hardware ethernet must match the "network address" you set # for your virtual ethernet adaptor in your guest Windows # instance. # host win2k { hardware ethernet 00:50:56:C2:0C:69 ; fixed-address 192.168.254.128 ; } } # # Replace this with the class C that usually gets bound to your # external network interface (e.g., xl0), otherwise, dhcpd will # bitch about it. # subnet 24.154.5.0 netmask 255.255.255.0 {} # --- end dhcpd.conf --- Note that I specify that interface vmnet1 will always have address 192.168.254.1 (the default address for VMWare). This specification goes into /etc/vmware/config. Here are the relevant lines of /etc/vmware/config: vmnet1.HostOnlyAddress = "192.168.254.1" vmnet1.HostOnlyNetMask = "255.255.255.0" I also added entries for vmware and win2k in my /etc/hosts: 192.168.254.1 vmware 192.168.254.128 win2k Once you've done all of that, start dhcpd as root: dhcpd -cf /etc/dhcpd.conf Launch VMWare as yourself. Go to "Settings" and pick host-only networking. Boot your Windows guest. Open the device settings for your network adaptor, and choose Properties on the adaptor itself. Set its network address to the same MAC address you specified in your dhcpd.conf. Click Ok. Now select TCP/IP in the listbox, and click the Properties button below it. Select "Obtain automatically" for everything, then click Ok. Now, pop up a command window and type ipconfig /renew And that should be it. The directions may be slightly different if you've cvsupped more recently than I and if you've picked up Vladimir's latest changes (which include the if_tap.ko module, which I'm not currently using). Regards, Chris BeHanna Software Engineer (at yourfit.com) behanna@zbzoom.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-emulation" in the body of the message