[PLUG] Vmware 2 with Ubuntu 9.10

Daniel Herrington dherrington at robertmarktech.com
Thu Mar 25 04:40:50 UTC 2010 


Vincent L. Damewood wrote:
> On Sun, Mar 21, 2010 at 6:54 PM, Daniel Herrington
> <dherrington at robertmarktech.com> wrote:
>   
>> Is anyone running ubuntu 9.1 as a vmware host? I'm noticing in my test
>> environment that I can't ping or ssh to any of my NAT machines. I have
>> routes to the correct vmnet interface, but for some reason all the
>> packets get lost.
>>     
>
> Have you tried running a packet sniffer to be sure? Sniff on vmnet3 on
> your host machine, and on eth0 on your guest.
>   
No, but I'll try attacking in that direction when I get cycles to try again.
>   
>> my guest can ping 192.168.0.2 without problems, but can't ping
>> 192.168.0.1. Both ip addresses are the host machine.
>> The host machine can ping 192.168.0.1, but not 192.168.0.2.
>>     
>
> 192.168.0.2 is *not* your host machine. See the comment below about
> how VMware's NAT networks work for an explanation.
> It would help if there was a complete listing of what systems can ping
> what other systems. Being able to ping 192.168.0.1 from your host
> machine indicates that the interface is working properly as an
> interface. The fact that you can't ping 192.168.0.2 is suspicious, but
> not useful on its own to diagnose the problem. Can your host ping your
> guest? I'd make sure that firewalls on both systems are allowing ICMP
> ECHO traffic through. Often times, when one system can ping another
> but not vice versa, it's a firewall on the system that doesn't
> respond.
>
>   
No, the host can't ping the guest. There are no firewalls between the 
two. No firewalls anywhere, never set one up as NAT protects the network 
from interfering with the outside world. The guest is a default CentOS5 
that works fine on Ubuntu 8.10. I disable firewall during the install 
when it asks.
>> I can ssh from the guest into the host, although I can't go in the
>> reverse direction.
>>     
>
> This too sounds like a firewall issue. Check the guest's firewall to
> see if it's blocking port 22.
>
>   
I agree, but unless Ubuntu 9.10 is doing something funny with a firewall 
somewhere, I don't see why that would be it. The other suspicious thing 
is I can put the guest on bridged and ssh works fine. So there can't be 
a firewall on the guest, though it does not eliminate a firewall on the 
host. (Though I can ssh into that box from other machines, but the 
firewall could be network specific).
>> I'm guessing there's something missing in the routing table, but I
>> compared the route outputs on my Ubuntu 8.1 Vmware server 2 hosts and
>> they appear the same. Does anyone have any idea where I can begin
>> looking to find the cause?
>>     
>
> Your routing tables are fine. If it was a routing issue, your wouldn't
> be able to SSH in either direction as the host wouldn't know where to
> send replies.
>
> On Tue, Mar 23, 2010 at 9:58 AM, Daniel Herrington
> <dherrington at robertmarktech.com> wrote:
>   
>> The House network is running on a completely separate subnet. I have a
>> clone of the guest running in the same NAT network on an Ubuntu 8.10
>> host without problems. I installed Ubuntu 9.10 on test machine,
>> installed VMware 2.0, then copied the guest over. I made sure to create
>> the same NAT network on the Ubuntu 9.10, 192.168.0.0, and booted the
>> cloned guest (CentOS 5). On Ubuntu 8.10 I can ssh from the host to the
>> guest no problems.
>>     
>
> So I understand you have two separate physical hosts each with
> essentially the same exact guest OS. One host is Ubuntu 8.10, the
> other is Ubuntu 9.10. The Ubuntu 8.10 functions to your expectations,
> and the odd behavior is occurring on the Ubuntu 9.10 machine. Is this
> correct?
>
>   
>> So, either the vanilla config in Ubuntu 9.10 broke the ability to ssh to
>> a VMWare guest, or VMware 2.0 networking is broken on Ubuntu 9.10. I'm
>> leaning towards VMware having done something, as you already have to
>> patch the install to get it to work. What I'm not sure of is how VMware
>> runs the NAT between the hosts IP and the guests IP. There is no bridge
>> created, and the routing table looks exactly the same as Ubuntu 8.10
>> except for a link-local entry in Ubuntu 9.10. I suspect the problem lies
>> in the vmnet-natd, that it's not picking up any traffic into the NAT
>> network.
>>     
>
> Essentially, VMware creates a virtual network. Any system with a
> virtual network adapter on that network will interact with other such
> systems as if they were attached to the same Ethernet network, except
> that rather than handle everything over cables, it's happening in
> memory on the host system. Your host system is connected to the
> network using your vmnet3 adapter as 192.168.0.1. The NAT gateway is
> 192.168.0.2. In addition, If a system is set to use this as its
> default gateway, the packets will be NATed like any other NAT gateway
> and sent our your system's physical port (or antenna). Under default
> settings, whey your guest systems turn on they use DHCP to request IP
> information. VMware sends the information to the systems including
> using 192.168.0.2 as the default gateway.
>
>   
OK, so this tells me VMware could have broken something from the host 
going from its own adapter (192.168.2.25) to the Virtual Gateway 
(192.168.0.1). I'll have to do the packet sniffing to be sure, but I 
suspect they're not routing properly in memory there.
>> I'm not enough of a network guy to make sure it's not something in
>> Ubuntu's 9.10 network config. That's what I'd like to verify if possible.
>>     
>
> A lot of what you've described sounds like it could be a firewall
> issue, though some things, like not being able to ping 192.168.0.2
> from your host, are suspicious of a problem with the virtual network.
> To figure out what the problem is, start by disabling any firewalls
> you have on both systems. Also, disable SELinux on both systems. Then
> try to ping from host to guest, then from guest to host. If you can
> ping in both directions, things should work. Try to SSH. If it works,
> then it's a problem with a firewall or SE Linux. If you can only ping
> in one direction (host to guest or guest to host) but not the other,
> you probably still have a firewall or instance of SELinux enabled. If
> nothing works, it's probably a problem with VMware. Nothing working is
> unlikely as disabling firewalls and SELinux wouldn't cause SSH to
> suddenly stop working from guest to host.
>   
No SELinux, no firewalls, no tcp wrappers. It's a very simple setup, and 
I've always stayed away from those because they over complicate my life. 
At the end of the day this is a test domain with AD+DNS, Oracle, Web 
App, and AutoSys Scheduler virtual machines. Since it's running AD and 
DNS, I don't want it outside it's sandbox. That's why everything get's 
NAT'd, it's all I need.

I posted this (http://communities.vmware.com/thread/252883?tstart=0) on 
VMware's forums and someone else responded they were seeing the same 
thing. It gives me more confidence the problem doesn't like between the 
chair and keyboard.
> Hope this helps,
> Vincent Damewood
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>   

-- 
Daniel B. Herrington
Director of Field Services
Robert Mark Technologies
dherrington at robertmarktechnologies.com
o: 651-769-2574
m: 503-358-8575

More information about the PLUG mailing list