How to Simulate WAN in VMware

advertisement
How to Simulate WAN in VMware?
June 2, 2010 by vvirtual
1) Download the generic-pc iso (not serial, no use for it) of monowall.
2) Upload the iso to a datastore, unless you want to use Client Device feature of vsphere client.
3) create a new VM. Select 32bit Freebsd for the OS. remove unesscary hardware like the floppy and add
as many NICs as you need (atleast 2, 1 for WAN, 1 for LAN, add extra NICS if you need separate LANs). I
suggest 256MB for ram, don't think you should use less than 128MB ...50-100MB harddrive but you can
make it 1 gig if you have the room to spare (Mine is set to 128MB for harddrive in my lab)
4) Hope you have a managed switch or multiple NICs in your ESXi. Don't use the vlan settings inside
m0n0wall.
After a very long time of endless researches on the internet with “0″ examples and
explanations of WAN simulation in VMware we decided to write this “Bible” on how to
implement WAN solution in your VMware environment. Hoping it will help you and save you a
lot of testing time. Enjoy!
WAN Configuration
1. WAN Prerequisite in vCenter
On one of our ESX servers we created two additional virtual switches.

Vswitch2
1. With one Virtual port group by the name : LAN 4 WAN
2. This virtual switch does not connect to any physical network adapter.
3. Promiscuous mode is enabled on both virtual switch and virtual port group.

Vswitch3
1. With one Virtual port group by the name : WAN
2. This virtual switch connects to a physical network adapter: vmnicX
3. Promiscuous mode is enabled on both virtual switch and virtual port group.
1
2. Creating Monowall Virtual Machine
1. We created a virtual machine by the name: m0n0wall.
2. The SPEC that we used for the monowall server is as follow: 256MB RAM, two
network adapters: LAN 4 WAN and WAN, Hard disk: 8GB
3. M0n0wall Installation
1. Make sure that the m0n0wall in on the proper ESX server and that the DRS Rules
don’t apply to it.
2. Make sure that the m0n0wall server has two network adapters, the first must be
connected to “LAN 4 WAN” virtual port group and the second must be connected to
“WAN” virtual port group. As shown below:
3. Force the m0n0wall virtual machine to start from BIOS
4. Power on the virtual machine, go to startup and change the order of the startup
(cdrom first, Removable devices second.)
5. Save the changes and exit.
6. Power off the virtual machine.
7. Connect the iso file into the machine’s virtual cdrom.
8. Power on the virtual machine.
9. During the first startup the following message will appear:
10. After the machine had powered on, connect the floppy file into your computer, and
afterwards connect the virtual machine’s floppy to it.
11. Reboot the system (option 5)
12. After the server has started, define the intrefaces as LAN >> lnc0, WAN >> lnc1, and
reboot the server and set the LAN IP to : 192.168.1.2
13. After the server has started, if you will see the following, it means that the operation
has ended successfully. In addition, make sure that the message from paragraph 9
doesn’t appear during startup.
2
14. Choose to install the OS from hard drive.
15. After it successfully finished, disconnect the floppy drive from the virtual machine.
4. Configuring LAN Clients
1. Make sure that the LAN client is on the proper ESX server and that the DRS Rules
don’t apply to it.
2. Make sure that the LAN Client has one network adapter, connected to “LAN 4 WAN”
virtual port group.
3. Make sure that the IP of the LAN Client is within the range of: 192.168.1.X192.168.1.X (that you defined)
4. Make sure that you can ping to the m0nowall server (192.168.1.2)
5. Make sure that you can ping to your network subnets.
6. Repeat paragraph 1-5 for every LAN client in your system.
5. M0n0wall First Configuration
M0n0wall First Configuration:
1. Connect to one of your LAN clients.
2. Open internet explorer and go to : http://192.168.1.2
3. Login with the following credentials : admin (mono)
4. Make sure that the m0n0wall interfaces are as follow:
– LAN
3
- WAN
5. Go to m0n0wall firewall > Traffic Shaper pipe and create a new pipe.
6. Make sure that the m0n0wall firewall > Traffic Shaper rules are as follow:
6. Configuring WAN Clients
1. Make sure that the WAN client is on the proper ESX server and that the DRS Rules
don’t apply to it.
2. Make sure that the WAN client has one network adapter, connected to “WAN” virtual
port group.
3. Give the WAN client a static IP address.
4. Set the WAN client’s default gateway as the IP of the WAN interface in the m0n0wall
server
5. Make sure that you can ping to the m0nowall server (192.168.1.2)
6. Make sure that you can ping to your network subnets.
7. Repeat paragraph 1-6 for every WAN client in your system.
4
7. VMware WAN Simulation – Diagram
http://vvirtual.wordpress.com/2010/06/02/how-to-simulate-wan-in-vmware-2/
5
Outras Dicas
6
vmware-server and a monowall appliance
So I've been playing around with monowall and decided to try it out in vmware, except I'm
having some network issues.
My host server has two nics:
eth0 on a private LAN 10.0.0.5 no gateway specified
eth1 is hooked up to a cable modem and has a public ip 216.X.X.116 with a gateway of
216.X.X.254
I've got eth0 bridged to vmnet0, and eth1 bridged to vmnet2. I can ping outside hosts on the
host OS and everything works as normal, however no matter what I've tried I can't get
monowall to ping anything but the local LAN.
Monowall is setup with a static IP for the WAN side 216.X.X.118(i've got multiple public IP's),
and it has an IP of 10.0.0.254 on the LAN side. From monowall I can ping IP's in 10.0.0.0/24 no
problem, but anything else doesn't work. For awhile I was getting a "No route to host." which I
found odd since I had setup the default gateway in monowall to be 216.X.X.254, but after
rebooting it I no longer get "No route to host", I just get timeouts.
Does this have anything to do with ip_forwarding? I shouldn't need any iptable rules to let the
vmware monowall out to the internet since it's WAN interface is bridged to the NIC that
connects to the outside world just fine... unless I am misunderstanding something.
edit: here are the routes and ip settings from the monowall box, sorry about the whitespace...
fusecrap is bad :(
$ netstat –nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 216.X.X.254 UGSc 2 0 vxn1
10/24 link#1 UC 2 0 vxn0
127.0.0.1 127.0.0.1 UH 0 0 lo0
216.X.X link#2 UC 1 0 vxn1
216.X.X.254 00:01:X:X:53:42 UHLW 3 0 vxn1 1193
vxn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.254 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:0c:29:6e:32:0e
vxn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 216.X.X.118 netmask 0xffffff00 broadcast 216.X.X.255
ether 00:0c:X::32:18
7
vxn2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 00:0c:29:6e:32:22
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
edit2:
After some more debugging I can see the packets on my host OS through tcpdump and the
ethernet frame is destined for the right location(the gateway @ 216.X.X.254) but there are no
responses whatsoever. I'm really confused now :(
8
m0n0wall Virtual Appliance
About m0n0wall
The m0n0wall project has been around for more than three years, and in this time has
become one of the most popular open source firewall distributions due to its reliability,
speed, flexibility, minimal hardware requirements, and ease of management.
This passage from the m0n0wall web site provides an excellent overview of the project
and its primary focus:
"m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when
used together with an embedded PC, provides all the important features of commercial firewall boxes
(including ease of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other
utilities. The entire system configuration is stored in one single XML text file to keep things transparent."
Purpose of the Appliance
This appliance is intended for use in testing or development environments, or in
protecting production Virtual Infrastructure. It is capable of using NAT, routing, or
transparent bridging in any virtual environment, and works on VMware Workstation,
GSX, Server, and ESX.
Personal Involvement
I have been a committer with this project for nearly two years now. I work primarily in
the areas of documentation and assisting users on the mailing list and in IRC, and have
dedicated a very significant amount of volunteer time to this project. As of May 25,
2006, I have more than 2,000 posts to the m0n0wall mailing lists (99.9% of which were
helping others), surpassing the total of any other contributor several times over. While,
like most open source projects, the documentation is still lacking in some areas, the
vast majority of it has been written by me. It has gone from almost nothing to being up
to par with comparable projects due to my contributions over the last two years.
Virtual Appliance History
I have used VMware Workstation since right after 4.0 was released. While testing and
documenting m0n0wall, I have always used Workstation extensively to simulate
complete network environments. Questions routinely surfaced on the m0n0wall mailing
list about using m0n0wall with VMware. The most common issue was people having
trouble configuring it to work properly, for a wide variety of reasons. After seeing this
numerous times, and helping different people through the same issues over and over, I
set out to write up a document on installing m0n0wall in VMware.
As I started writing this document, I came to the realization that it would be a lot easier if
I just made up a template virtual machine and distributed it. It became a big hit within
9
the m0n0wall community immediately upon its release on February 20, 2005.
http://m0n0.ch/wall/list/showmsg.php?id=137/92
I believe this makes my m0n0wall images the first widely distributed community virtual
appliance, several months before VMware announced their community virtual appliance
program.
As of May 25, 2006, the various versions of my virtual appliance have been downloaded
nearly 32,000 times, and are in use in numerous installations around the world for a
variety of purposes, from testing to development and protecting production Virtual
Infrastructure.
Licensing
m0n0wall itself is released under the BSD license, as are most of the software
components it is comprised of. Some of the included software is under the GPL, and
similar open source licenses. The only proprietary application in the virtual appliance is
VMware Tools, distribution of which is permitted by VMware in appliances. All the
licenses of the included software allow for unlimited distribution of the virtual appliance.
License for m0n0wall and all included software (excluding VMware Tools) http://m0n0.ch/wall/license.php
Overview of Build Process
m0n0wall is a stripped down version of FreeBSD 4.11, using some minor kernel
patches for bug fixes specific to the m0n0wall environment, and some patches to the
included applications. There is a detailed image building guide available for those
interested in specific details.
http://doc.m0n0.ch/dev/image-guide.html
Since m0n0wall extracts its file system into RAM at boot time and runs from RAM, any
changes made to the file system of a running m0n0wall installation are lost at reboot.
To make changes that will persist across reboots, the image has to be mounted and
modified, then repacked. There are a couple of scripts that automate this process on
full FreeBSD installations. I use a script created by Jeb Campbell called workon.sh,
which can be downloaded from my website.
http://chrisbuechler.com/m0n0wall/downloads/workon.sh
Because m0n0wall does not include many of the dependencies required to install
VMware Tools, like Perl for example, I had to improvise to get VMware Tools running in
this appliance. I took a full FreeBSD 4.11 virtual machine and installed VMware Tools
the usual way. I then pulled the appropriate kernel modules, binaries, and libraries off
of this installation, and put them into a modified m0n0wall image. I then modified the
10
system appropriately so vmxnet support is loaded and the appropriate VMware Tools
binaries are started at boot time.
Virtual Machine Configuration
This virtual appliance comes configured with 64 MB RAM, a 16 MB hard drive and four
network interfaces.
Many installations should be able to run with less RAM, though I would not suggest
anything lower than 48 MB. Because of m0n0wall's primary focus on embedded
hardware running from Compact Flash storage, which can only sustain a limited number
of writes in its lifetime, the file system is extracted to RAM upon boot and the system
runs entirely from RAM. The only time the disk is accessed after boot is when making
configuration changes. This means unless you are making configuration changes, there
are no partitions mounted read/write, so it is safe to power off this virtual appliance at
any time.
Using the Appliance
Instructions on getting started with the m0n0wall virtual appliance and documentation
on commonly used configurations can be found on my website.
http://chrisbuechler.com/m0n0wall/vmware/
The m0n0wall Handbook is also a good reference for general m0n0wall configuration
information.
http://doc.m0n0.ch/handbook/
Support
General m0n0wall questions are best suited for the m0n0wall general mailing list, with a
community of more than 1500 helpful subscribers. I personally answer most posts
there, and in addition to my input, you'll likely receive feedback from others in the
community who have worked through similar issues in the past.
http://m0n0.ch/wall/mailinglist.php
You are also welcome to email me personally about anything regarding this virtual
appliance at cbuechler@gmail.com.
11
Download