Connecting to NATed Virtual Machines

Recently I've been setting up a lab here at the house for testing different network configurations and services. I setup VMware Workstation 8 on my server box running Windows Server 2003 RC2. The server runs headless so I typically RDP from my Ubuntu box into it for any configuration that needs to be done. Once I had VMware Workstation 8 installed and setup I created a new Virtual Network using the Virtual Network Editor that is packaged with VMware Workstation.

The problem I was having was connecting to my VM's over RDP (TCP 3389)  so I could manage them.

My virtual network configuration is as follows:

The Gateway IP in the second image is essentially the internal IP address for the virtual NIC VMnet8 interface, much like you would have on a typical NAT device such as a router. You can think like the 192.168.1.1 IP that most SOHO routers ship with by default. In this case the external IP would be my physical NIC in the server which is configured with 192.168.1.250. On your router that would be the external interfaces IP address assigned by your ISP.

Next, I created a new VM and installed Windows Server 2008 R2 on it.

My Virtual Machine is configured with the following settings:

As you can see the Default Gateway on the VM is set to the Gateway IP that is configured in the NAT settings in VMware.

I needed to be able to RDP into this VM so I could configure it without first having to RDP into the host machine, and then RDPing into the VM guest. I know I could have just installed VMware Workstation 8 on my Ubuntu box and shared the VM's but what fun is that? : )

To allow connections to your VM's you need to forward the appropriate ingress ports to your VM's. Below is how I have mine configured:

After saving your configuration you can make sure that the new ports are listening with the following command:

netstat -an | findstr "400 "

  TCP    0.0.0.0:4000           0.0.0.0:0              LISTENING

  TCP    0.0.0.0:4001           0.0.0.0:0              LISTENING

Great! It looks like both sockets are listening for connecitons. Let's try it.

Remember you have to connect to your host machines IP address, NAT will do the rest:

Since I use Ubuntu as my primary OS I will be connecting over RDP using the rdesktop command, but the Windows utility mstsc.exe will accomplish the same thing:

rdesktop -u administrator -r clipboard 192.168.1.250:4000

The -u switch specifies the username that I want to authenticate with, the -r clipboard switch redirects the remote clipboard to my local clipboard so I can copy and paste between the VM and my Ubuntu machine.

And voila!

You can use this same method to connect to any service running on your VM's.

Note: While I was testing this I had all firewalls disabled. If you are unable to connect after following the above procedure, try disabling the firewall on both your host machine and your Virtual Machine. On Windows machines you can use this command to disable it:

netsh firewall set opmode disable

In the next article I'll talk about securing this, and how to allow connections to your VM's from the Internet so you can manage your VM's from anywhere. Double-NAT anyone? : )

dcprom0