NAT Internet connectivity from VMWare virtual LAN with 2003/XP

Ok, so I have this VMWare workstation virtual test network. 2003 server and
two XP clients in a VMWare "team", with two virtual LAN segments with private
subnets connected to virtual NICs in the server. Routing set up on the W2003
server so the XP clients can talk to each other on the different segments.
Works fine.

Now I want to give both XP clients internet access.

So the idea was: add a 3rd virtual NIC to the 2003 server, configure it in
VMWare as "NAT, share host (my laptop) IP address" and let this be the
default gateway.

First question: I figure this scenario WOULD work IF my "physical"/laptop
NIC would be directly connected to the Internet? The VMWare network adaptor
would have my public IP address available as "external" IP address, and do
address translation of the private IP addresses of my virtual XP clients with
this address.

BUT, obviously, my laptop is NOT directly connected to the Internet, but
through a NAT router(192.168.1.1). So the NAT-configured VMWare NIC is ITSELF
behind the NAT of a DSL router(which is outside my influence). It gets a
private 192.168.1.66 address assigned.

In any case, my XP clients do not have Internet access in this
configuration(the 2003 server does). But what exactly is going wrong? Is this
a config that will never work? Do I need to "bridge" the VMWare NIC and
enable NAT on the virtual 2003 server instead? Is it in principle possible to
disable NAT on the DSL router for something like this?

I feel dumb because somehow I expected "serial NAT" to work at least for
connections initiated from the inside :|

"JHman" <> wrote in message
news:BDF177C0-DBA5-460C-8BEA-...
> Ok, so I have this VMWare workstation virtual test network. 2003 server
> and
> two XP clients in a VMWare "team", with two virtual LAN segments with
> private
> subnets connected to virtual NICs in the server. Routing set up on the
> W2003
> server so the XP clients can talk to each other on the different segments.
> Works fine.
>
> Now I want to give both XP clients internet access.
>
> So the idea was: add a 3rd virtual NIC to the 2003 server, configure it in
> VMWare as "NAT, share host (my laptop) IP address" and let this be the
> default gateway.
>
> First question: I figure this scenario WOULD work IF my "physical"/laptop
> NIC would be directly connected to the Internet? The VMWare network
> adaptor
> would have my public IP address available as "external" IP address, and do
> address translation of the private IP addresses of my virtual XP clients
> with
> this address.
>
> BUT, obviously, my laptop is NOT directly connected to the Internet, but
> through a NAT router(192.168.1.1). So the NAT-configured VMWare NIC is
> ITSELF
> behind the NAT of a DSL router(which is outside my influence). It gets a
> private 192.168.1.66 address assigned.
>
> In any case, my XP clients do not have Internet access in this
> configuration(the 2003 server does). But what exactly is going wrong? Is
> this
> a config that will never work? Do I need to "bridge" the VMWare NIC and
> enable NAT on the virtual 2003 server instead? Is it in principle possible
> to
> disable NAT on the DSL router for something like this?
>
> I feel dumb because somehow I expected "serial NAT" to work at least for
> connections initiated from the inside :|
>
You can certainly run a NAT router inside another NAT router. I do it all
the time.

I have never used VMWare but a setup like that works fine with VPC or
Hyper-V.

What IP addresses are you using on the virtual network(s)? Are you
running a domain on the server?

> You can certainly run a NAT router inside another NAT router. I do it all
> the time.
>
> I have never used VMWare but a setup like that works fine with VPC or
> Hyper-V.
>
> What IP addresses are you using on the virtual network(s)? Are you
> running a domain on the server?

Ok, so that's good news and bad news. Good news that my intuition that
it *should* work seems right, bad news that it might be VMWare related and
this could be the wrong place to ask...

More details about the setup (but I can't test it right here, unfortunately):


The 3 virtual systems(I have a couple more but those shouldn't be relevant
for this issue), all member of the same VMWare "team" :

1) W2003 R2 Standard SP2
3 NICs:
- static IP 172.22.0.10 (VMWare LAN1) MASK 255.255.254.0 gateway -
- static IP 172.22.2.10 (VMWare LAN2) MASK 255.255.254.0 gateway -
- NATted NIC "to the external world" (share ip address with VMware host)
correctly gets IP 192.168.1.66 from NAT router, like my laptop

configured as AD domain controller, DNS server, DHCP server for the XP
clients, RAS/VPN server (for routing)


2) XP SP2 on VMWare LAN1
1 NIC:
- DHCP IP 172.22.1.1 MASK 255.255.254.0 gateway 172.22.0.10

3) XP SP2 on VMWare LAN2
1 NIC:
- DHCP IP 172.22.3.1 MASK 255.255.254.0 gateway 172.22.2.10


Both XP clients can ping each other (routing works). Unfortunately can't
test any further today or tomorrow. Will try from home in the weekend.

"JHman" <> wrote in message
news:23B41823-133E-44D9-B595-...
>> You can certainly run a NAT router inside another NAT router. I do it
>> all
>> the time.
>>
>> I have never used VMWare but a setup like that works fine with VPC or
>> Hyper-V.
>>
>> What IP addresses are you using on the virtual network(s)? Are you
>> running a domain on the server?
>
> Ok, so that's good news and bad news. Good news that my intuition
> that
> it *should* work seems right, bad news that it might be VMWare related and
> this could be the wrong place to ask...
>
> More details about the setup (but I can't test it right here,
> unfortunately):
>
>
> The 3 virtual systems(I have a couple more but those shouldn't be relevant
> for this issue), all member of the same VMWare "team" :
>
> 1) W2003 R2 Standard SP2
> 3 NICs:
> - static IP 172.22.0.10 (VMWare LAN1) MASK 255.255.254.0 gateway -
> - static IP 172.22.2.10 (VMWare LAN2) MASK 255.255.254.0 gateway -
> - NATted NIC "to the external world" (share ip address with VMware host)
> correctly gets IP 192.168.1.66 from NAT router, like my laptop
>
> configured as AD domain controller, DNS server, DHCP server for the XP
> clients, RAS/VPN server (for routing)
>
>
> 2) XP SP2 on VMWare LAN1
> 1 NIC:
> - DHCP IP 172.22.1.1 MASK 255.255.254.0 gateway 172.22.0.10
>
> 3) XP SP2 on VMWare LAN2
> 1 NIC:
> - DHCP IP 172.22.3.1 MASK 255.255.254.0 gateway 172.22.2.10
>
>
> Both XP clients can ping each other (routing works). Unfortunately can't
> test any further today or tomorrow. Will try from home in the weekend.

You should never multihome a DC/DNS server. It will give you all sorts of
odd problems.

Is there a particular reason for this odd setup? I would put the DC in
one subnet or the other, not both ( and certainly not in three!). Use
another vm as your router.

> You should never multihome a DC/DNS server. It will give you all sorts of
> odd problems.
>
> Is there a particular reason for this odd setup? I would put the DC in
> one subnet or the other, not both ( and certainly not in three!). Use
> another vm as your router.

I'm sort of aware of the possible problems with having DCs multihomed. Only
reason is memory shortage in VMware if I would have too many systems running
at once, lol... So consolidating as much as possible.

I was under the impression that the possible problems would appear in more
complex environments/more complex scenarios only... I mean, I'm only trying
to webbrowse here, and I tried with ip addresses to bypass the whole DNS
story as well. I would think that would be more or less transparent to the
whole AD thing?

I might try with an additional 2003 member server as router, but somehow I
don't expect it to make a difference here...

Any other suggestions in the mean time? I mean, it *should* work the way I
describe it, not?

"JHman" <> wrote in message
news:671040B6-711E-42C2-B705-...
> I was under the impression that the possible problems would appear in more
> complex environments/more complex scenarios only... I mean, I'm only
> trying
> to webbrowse here,

Multi-homing cause identiy problems, DNS problems, WINS problems, and
general networking problems. It doesn't matter how much or how little you
are doing with it.

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Bill Grant" <not.available@online> wrote in message
news:%233lq6U$...

> one subnet or the other, not both ( and certainly not in three!). Use
> another vm as your router.

Ack! It's the "V" word again.

I haven't tried it yet, but I think with VMWare you can have a Virtual
Appliance on the Virtual Network,...such as a regular "hardware LAN router"
that is virtulized. So it has a smaller footprint and you don't need
another virtual computer.

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"JHman" <> wrote in message
news:671040B6-711E-42C2-B705-...
> reason is memory shortage in VMware if I would have too many systems
> running
> at once, lol... So consolidating as much as possible.

Then you need to do one of these or a combination of these:

1. Use VMWare ESXi on a separate piece of hardware instead of VMWare
Workstation on a PC. ESXi has a very small foot print so you gain back some
the wasted memory that can be used for VMs.

2. Consolidate on some other machine instead of the DC

3. Reduce the amount of RAM used by each of the VMs to below the recommended
amount,...they will run a bit slower,..but at least they will run.

4. Spend the $$$ and buy more Ram

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Oh, and,...

5. Replace the Server2003 with SBS2003. It is designed to run everything on
one box with multiple Nics.