Skip to content
June 10, 2011 / BrianOFlan

How to redirect network traffic to your virtual machines (run by VMware Player in Linux)

VMware gives out VMware Player for free.  It runs virtual machines (VMs) so you can have a spare computer or two within your computer — or test new software and configurations before applying them to your real computer.  Because it’s free, don’t expect it to be as powerful as the $190 VMware Workstation.  At first it was tightly restricted to only playing existing virtual machines.  But now you can use it to create your own virtual machines:  All you need is a system installation CD or DVD or an ISO image file.  What a valuable tool.

VMware offers amazing products for managing these virtual machines.  Deploy hundreds of VMs across dozens of small blade servers or thin 1U servers.  Take snapshot images of VMs, copy and duplicate VMs, migrate a running VM from one server to another.  Features like these are worth their price.

One of the most worthwhile features:  Virtual network configuration tools.  Without a graphical user interface, you have to figure out on your own how to direct network traffic from the host server to its guest VMs.  Unless you are skilled at computer networking, you may give up in the face of command lines and firewall rules.  Just buy VMware Workstation already.  (This is not an affiliated endorsement or anything ulterior.)

Usually, a quick Google search on a few keywords will reveal the answer to any technical challenge.  In this case, the problem isn’t a lack of documentation but rather how all the documentation assumes an advanced prior knowledge of networking.  The problem is deep within a specific technical realm.  It depends on uncommon language and concepts.

Here is one quick example to give some access to the obscure context of networking-meets-virtualization:

  • Host server hardware:  16 CPU cores, 48 GB RAM (room for a few VMs), 64-bit
  • Host server operating system:  Ubuntu 10.04 LTS
  • Virtualization application:  VMware Player for 64-bit Linux, installed from the VMware website (you have to register for a VMware.com account to access the free download)
  • Guest server (virtual machine): 64-bit, 1 CPU, 1 GB RAM, Ubuntu 10.04 LTS.  (Make sure to enable Intel’s Virtualization Technology/VT in the host server’s BIOS for 64-bit guests to work.)
  • Guest server IP:  192.168.87.136
    • Find this by running the ifconfig command.  That lists each interface’s details.  Interface eth0 is the default interface and its useful IP address comes from “inet addr:“.  On the same line is information about that IP address’s subnet mask (“Mask:”).  A mask of 255.255.255.0 is default (“/24” in CIDR form).  That implies that the virtual router is 192.168.87.1.  (The first three octets, 192.168.87, are fixed according to the 255.255.255 in the mask.  The mask’s final 0 indicates that the range of addresses varies from 192.168.87.1 to 192.168.87.255.  The first address is usually the router or gateway.  Please feel free to correct me.)
  • Virtual network gateway:  192.168.87.1 (see above)
  • Guest set up:
    • Web server installed (sudo apt-get install apache2), running on port 80 by default
    • Visit http://192.168.87.136 in a browser on the host server to see the default Apache index.html.  When we’re done, http://192.168.87.1:65524 and http://localhost:65524 will show the same thing to the host server.  Visit those now to see them broken.
    • Turn on IP forwarding support (sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward')
  • Host set up:
    • Configure virtual NAT to forward port 65524 to your guest’s port 80
    • sudo vi /etc/vmware/vmnet8/nat/nat.conf
      • Under “[incomingtcp]”, add a line: 65524 = 192.168.87.136:80
      • That sends traffic from 192.168.87.1 (the gateway) on port 65524 to 192.168.87.136 (the guest) on port 80.
      • (Ignore the lines under “[host]” that say “#NAT gateway address” and “ip = 192.168.87.2“. I don’t know why it says “.2” but that doesn’t work in the following steps.  “.1” does work.)
    • Create a script to enable IP forwarding and configure the iptables firewall rules: forward_from_host_to_VM.sh
      • #Enable forwarding (same step as on the guest VM).
        echo '1' > /proc/sys/net/ipv4/ip_forward ;
        #Flush the iptables NAT table (remove all prior rules)
        iptables --table nat --flush ;
        #Apply the masquerade extension to all outbound packets
        iptables --table nat --append POSTROUTING --jump MASQUERADE ;
        #Tell the default virtual interfaces to accept forwarded packets
        iptables --append FORWARD --in-interface vmnet1 --jump ACCEPT ;
        iptables --append FORWARD --in-interface vmnet8 --jump ACCEPT ;
        #Translate (by DNAT extension) incoming TCP packets from port
        #   65524 to the virtual gateway (192.168.87.1) port 65524
        iptables --table nat --append PREROUTING \
        --protocol tcp --destination-port 65524 \
        --jump DNAT --to-destination 192.168.87.1:65524 ;
    • sudo forward_from_host_to_VM.sh
    • Visit http://localhost:65524 to see it working.  From any other computer on the same network as your host server, you should be able to see the same thing at http://<host IP>:65524 and http://<host’s name>:65524.  Visit http://192.168.87.1:65524 from the host server to see the page on the virtual network gateway.
  • Restart the virtual network[1]: I was worried I would have to shut all my VMs down and possibly even restart my host server. Instead /usr/bin/vmware-networks --start worked for me. No graceful option, nor reload nor restart for this vmware-networks program; it’s not Apache HTTPD. If you do not notice your natd.conf changes take effect, try /usr/bin/vmware-networks --stop; /usr/bin/vmware-networks --start ; or else find the vmware-natd process (ps -C vmnet-natd -o pid=,cmd=) and sudo kill -15 ... it then start it again with vmware-networks.
    • (Altogether:
      sudo kill -15 `ps -C vmnet-natd -o pid=` ;
      sudo /usr/bin/vmware-networks --start ;
      )

But don’t take my word for it, just because it worked for me.  Run it on your own:  Everything except the 16p 48GB 64b server is free.  Everything will be different if your host server is running Windows.  Very little will change if your guest VM is running Windows. Everything in this description is true except the IP addresses that were modified slightly to minimize the security risk of broadcasting actual IP addresses (albeit internal and virtual) to the wide web.

For more information on iptables, see Wikipedia, man pages, Ubuntu’s HowTo or the official site.

Errata and corrections welcome.  I’m no network expert but I do fake one at work.

Advertisements

2 Comments

Leave a Comment
  1. BrianOFlan / Oct 25 2011 05:52

    Updated to include instructions for restarting the virtual network.

Trackbacks

  1. Correction: How to redirect network traffic to your virtual machines « Brianoflan's Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: