1,798
edits
Changes
no edit summary
Network Address Translation (NAT) is a mechanism whereby a number of different computers, typically on a private internal network, are represented by a single external IP address. When one of the clients on the private network communicates with a remote system it does so through a NAT device which modifies the data to make it appear that it has been sent from the shared NAT IP address. When the remote system responds, the NAT device directs the response to the original client that initiated the connection.
In physical network environments, NAT serves two primary purposes. Firstly, it helps to conserve the limited number of class A and B IPv4 IP addresses. An Using NAT, an entire enterprise with many thousands of computer systems can operate on the internet using up only one unique public IP address by assigning proviate Ip private IP addresses to the internal clients and using NAT to have them all represented by a single external IP address. On Secondly, in the general belief that the less a potential intruder knows about an internal network the better, NAT also provides an additional level of security by hiding the internal IP addresses of computer systems behind the external IP address.
In the context of VMware Server, a NAT based virtual network allows an entire private network to be created within the VMware Server environment, all participants of which are represented by a single IP address, i.e that of the host computer.
== How VMware Server based NAT Works ==
Both the NAT device and any virtual machines connected to the default NAT virtual network use the ''vmnet8'' virtual network switch. Also attached to this virtual switch is the VMware Server internal DHCP server which can be used to assign dynamic IP addresses, gateway and DNS information to the virtual machines on the NAT based network.
When a virtual machine sends a packet, the NAT device changes the source address (that of the virtual machine) to the address of the host computer before transmitting it to its intended destination. When the recipient responds, the NAT device modifies the packet so that it is addressed to the IP address of the virtual machine which initiated the connection, and subsequently forwards it to that system on the virtual network.
The main NAT page is divided into sections. The top section, titled ''NAT'', displays the IP address and netmask of the NAT device. To add NAT to other virtual networks, select the network from the ''VMnet host'' menu. If the selected virtual network is currently bridged a warning dialog will appear seeking confirmation of the change. The option of adding a DHCP server to a virtual network is also provided so that virtual machines on the network can obtain dynamic IP addresses and other information such as the the gateway and DNS details. If NAT is to be disabled entirely, change this menu to the ''Disabled'' option.
The ''NAT service'' panel displays the current status of the NAT device and provides the ability to stop, start or restart the device. Additional NAT settings are configured on a per virtual network basis, and are accessed by selecting the desired virtual network and clicking the ''Edit...'' button:
* '''Active FTP''' - Governs whether the NAT device allows Passive or Active FTP sessions.
* '''Port Forwarding''' - The ''Port Forwarding'' button allows network traffic arriving on a particular TCP or UDP port on the host system to be forward forwarded to a specific port on a specific virtual machine within the NAT based virtual network. Since an external client cannot ordinarily initiate a connection with a virtual machine in NAT based virtual network, port forwarding is useful in situtions situations where, for example, a virtual machine is required to act as web or FTP server. As illustrated in the following figure, the ''Port Forwarding'' dialog is divided into two sections, one for UDP and the other for TCP. In each case, buttons are provided to Add, Remove and View port forwarding rules:
To configure a port forwarding rule, click on one of the two ''Add...'' buttons (depending on whether the forwarding is to apply to UDP or TCP traffic) and enter the ''Host port'' on which arriving traffic is to be forwarded, together with the IP address and port of the destination virtual machine. In addition, an optional description of the port forwarding rule may be entered into the ''Description'' field. Once confighuredconfigured, any traffic arriving on the specific specified port of the host system will forwarded to the specified specific port of the designated virtual machine.
* '''DNS''' - When clicked, the '''DNS...''' button allows DNS servers to be configured for use with the NAT device as illustrated in the following figure:
In addition to specifying the IP address of one or more DNS servers, the ''Policy'' for handling multiple DNS servers may also be altered. Options include ''Burst'' where a request is sent simultaneously to three servers and the first response is accepted, ''Order'' where requests are sent one by one to each server and ''Rotate'' where requests are rotated through the available servers. When ''Autodetect'' is selected, VMware Server automatically identifies available name servers without the need for the servers to be specifically configured. In addition, the number of retries and length of time the NAT device should attempt to connect to a DNS server may be configured via the ''Timeout'' and ''Retries'' values.
* '''Allow any OUI''' - The MAC address of a network device is comprised of 6-bytes of information. The first three bytes are referred to as the Organizationally Unique Identifier (OUI) and uniquely identify the issuer of the MAC address of the device. The last three bytes uniquely identify the device within the context of the OUI. Manually changing the OUI portion of a virtual machine's MAC address can prevent connection to the NAT device. In the event of such a problem, ensure that the ''Allow any OUI'' option is selected.
== Configuring NAT on Linux Hosts ==
Unfortunately, VMware Server on Linux currently lacks a user friendly equivalent of the Windows Manage Virtual Networks tool, instead requiring the manual editing of the ''/etc/vmware/vmnet8/nat/nat.conf'' file (keeping mind that the vmnet8 name will need to be changed if the settings are to be configured for a custom created virtual network).
The ''nat.conf'' file contains a number of different sections, each allowing a different aspect of the NAT device to be configured:
=== [incomingudp] ===
The ''[incomingudp]'' section of the nat.conf file is used to configure UDP port forwarding. Similar to the ''[incomingtcp]]'' section, this essentially involves mapping an incoming UDP port on the host to the IP address and UDP port of a virtual machine. For example, to map data coming into UDP port 8081 on the host to port 8082 on a virtual machine with an IP address of 172.16.86.128, the following directive would need to be entered into the [incomingtcpincomingudp] section of the configuration file:
<pre>