Routing issues with VM Ware Images

Dear all,

sorry for asking a simple network routing issue but I am no expert at all in these things so please forgive me if this is just peanuts.

I am running 2 independent Linux Servers in my Network. Both of them are running OpenSuse. One is on 11.2 (Server 1 IP Address 192.168.123.112) and the other on 11.3 (Server 2 IP Address 192.168.123.112). On Both Servers I am running also VMWare Workstation 7.x.
My goal is to use Server 2 (xxx.111) as the VMWare Server running e.g. images with different Databases such as Oracle, DB2 or other (mostly Linux or Windows Server based images). I can switch them on and off just as I need them. Server 1 (xxx.112) should contain the clients (mostly Windows based images) to access the Server Images from Server 2.
The Images are attached via NAT (vmnat8) to the network. I can access the internet and the host without any issue. I also tried to use the bridged connection but for what reason ever this is not working for both of the servers. I won’t even get an IP Address assigned.

So far I did not applied any specific routing informaiton (everything I tried has been revoked again since it did not work). There is a WLAN Router (IP Address 192.168.123.254) where the 2 servers are attached to it. No specific routing applied here.

And here is where my story begins. The bottom line is that I can’t access the Images from outside then the host they are running on. I tried to add several different routing entries with out any success.

What I can do is the following.

1.) Ping Server 1 to Server 2 (successful)
2.) Ping Server 2 to Server 1 (successful)
3.) Ping from an Image (Subnet 192.168.124.0) in Server 1 to Server 2 (successful)
4.) Ping from an Image (Subnet 192.168.125.0) in Server 2 to Server 1 (successful)

What does not work is the following:

5.) Ping from Server 1 to an Image (Subnet 192.168.125.0) in Server 2 (unsuccessful all packages are lost)
e.g.

ping 192.168.125.128

PING 192.168.125.128 (192.168.125.128) 56(84) bytes of data.
From xxx.xxx.xxx.xxx: icmp_seq=5 Packet filtered
From xxx.xxx.xxx.xxx icmp_seq=5 Packet filtered
— 192.168.125.128 ping statistics —
12 packets transmitted, 0 received, +2 errors, 100% packet loss, time 10999ms

6.) Ping from Server 2 to an Image (Subnet 192.168.124.0) in Server 1 (unsuccessful all packages are lost)
e.g.

ping 192.168.124.174

PING 192.168.124.174 (192.168.124.174) 56(84) bytes of data.
From xxx.xxx.xxx.xxx: icmp_seq=6 Packet filtered
From xxx.xxx.xxx.xxx icmp_seq=6 Packet filtered
— 192.168.124.174 ping statistics —
10 packets transmitted, 0 received, +2 errors, 100% packet loss, time 8999ms

7.) Ping from Image (Subnet 192.168.124.0) in Server 1 to an Image (Subnet 192.168.125.0) in Server 2 (unsuccessful all packages are lost)
e.g.
C:>ping 192.168.125.128

Pinging 192.168.125.128 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.125.128:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

8.) Ping from Image (Subnet 192.168.125.0) in Server 2 to an Image (Subnet 192.168.124.0) in Server 1 (unsuccessful all packages are lost)
e.g.

ping 192.168.124.174

PING 192.168.124.174 (192.168.124.174) 56(84) bytes of data.
From xxx.xxx.xxx.xxx: icmp_seq=4 Packet filtered
From xxx.xxx.xxx.xxx icmp_seq=4 Packet filtered
From xxx.xxx.xxx.xxx icmp_seq=14 Packet filtered
— 192.168.124.174 ping statistics —
14 packets transmitted, 0 received, +3 errors, 100% packet loss, time 13013ms

As mentioned, I haven’t done any routing entries on the Router (192.168.123.254) though.

My issue is how to solve this and what kind of routing entries do I have to do in order to get access from Server 1 to the images of Server 2 and vice versa. Do I need to apply also some entries on the WLAN router?

I already switched all (software)firewalls off without any success.

Any help is highly appreciated.

Thanks
Joerg

List 1 (Linux Server 1)

ifconfig (192.168.123.112)

eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.123.112 Bcast:192.168.123.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5114 errors:0 dropped:0 overruns:0 frame:0
TX packets:4196 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:569901 (543.0 Mb) TX bytes:253220 (241.6 Mb)
Interrupt:55 Base address:0x8000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:7022 errors:0 dropped:0 overruns:0 frame:0
TX packets:7022 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:265075 (252.5 Mb) TX bytes:265075 (252.5 Mb)

vmnet1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:172.16.3.1 Bcast:172.16.3.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:245 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vmnet8 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.124.1 Bcast:192.168.124.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4239 errors:0 dropped:0 overruns:0 frame:0
TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.3.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.123.254 0.0.0.0 UG 0 0 0 eth0

List 2 (Linux Server 2)

ifconfig (192.168.123.111)

br0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.123.111 Bcast:192.168.123.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:141634 errors:0 dropped:0 overruns:0 frame:0
TX packets:251666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29433827 (28.0 Mb) TX bytes:81345017 (77.5 Mb)

eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:141901 errors:0 dropped:0 overruns:0 frame:0
TX packets:251891 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31518749 (30.0 Mb) TX bytes:81355647 (77.5 Mb)
Interrupt:55 Base address:0xe000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1060 (1.0 Kb) TX bytes:1060 (1.0 Kb)

vmnet1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:172.16.203.1 Bcast:172.16.203.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vmnet8 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.125.1 Bcast:192.168.125.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.125.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.203.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.123.254 0.0.0.0 UG 0 0 0 br0

List 3 (from a Windows Image running on Linux Server 1)

ipconfig /all

Windows IP Configuration

    Host Name . . . . . . . . . . . . : windows-xp-vm
    Primary Dns Suffix  . . . . . . . :
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : localdomain

Ethernet adapter Local Area Connection 2:

    Connection-specific DNS Suffix  . : localdomain
    Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #2
    Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.124.174
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.124.2
    DHCP Server . . . . . . . . . . . : 192.168.124.254
    DNS Servers . . . . . . . . . . . : 192.168.124.2
    Lease Obtained. . . . . . . . . . : Wednesday, December 01, 2010 10:23:37 AM
    Lease Expires . . . . . . . . . . : Wednesday, December 01, 2010 10:53:37 AM

route print

===========================================================================
Interface List
0x1 … MS TCP Loopback interface
0x2 …xx xx xx xx xx xx … AMD PCNET Family PCI Ethernet Adapter #2 - Packet Scheduler Miniport

===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.124.2 192.168.124.174 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.124.0 255.255.255.0 192.168.124.174 192.168.124.174 10
192.168.124.174 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.124.255 255.255.255.255 192.168.124.174 192.168.124.174 10
224.0.0.0 240.0.0.0 192.168.124.174 192.168.124.174 10
255.255.255.255 255.255.255.255 192.168.124.174 192.168.124.174 1
Default Gateway: 192.168.124.2

Persistent Routes:
None

List 4 (from a SUSE Enterprise Server 10 on Linux Server 2)

ifconfig

eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.125.128 Bcast:192.168.125.255 Mask:255.255.255.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:59 errors:0 dropped:0 overruns:0 frame:0
TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9980 (9.7 Kb) TX bytes:26206 (25.5 Kb)
Base address:0x2000 Memory:e8920000-e8940000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: xxx::xxx:xxxx:xxxx:xxxx/xx Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:104 errors:0 dropped:0 overruns:0 frame:0
TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6953 (6.7 Kb) TX bytes:6953 (6.7 Kb)

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.125.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.125.2 0.0.0.0 UG 0 0 0 eth0

OK,
Would you like to be put on the path of more work or less work?

Seriously, unless you have a reason to partition your network, I’d advise you to configure all your virtual machines to run as bridged so that they can be discovered and be connected to like any other physical host on your network. You <might> consider partitioning your database servers for security, usually clients don’t need direct access and should be required to access data through a frontend application.

If you partition your network (separate physical links using a router, NAT, firewall or any other “gateway” type device), then anything that isn’t on the other side of a Default Gateway will not be easily discoverable… You’d then need to configure routing tables, name resolution (eg DNS, WINS, Hosts, LMhosts files) and more.

But, as I’ve stated… configure all your VMs for bridging and you can avoid all complexities associated with routing, things should then “just work.” If you had a problem getting that to work, then attack that problem instead of the alternative.

Post again if you do need to partition your network.

Tony

Thanks Tony.

As I stated before, bridged Network Adapter did not work for me thats why I was using NAT. However after I thought a bit I realized that I was applying a MAC filter on my HW Router. After I added the MAC ID of some of the images I could set them to bridged and everything worked fine. Each one of them will get now a proper IP Address from the primary net where the 2 Linux Servers lies within. No Routing is required anymore.

Will become a hell of a work to organize all of my images in order to maintain the IP and MAC Address list :).

Thanks for pushing me into the right direction.

joe

If it helps, ditch the MAC address filtering if it’s being done for security… It’s not a secure way to protect your network.
Encrypt only, using WPA2 or Kerberos as applicable.

After that, although you probably won’t need to inventory your MAC addresses anymore, you can still do so by simply dumping your DHCP leases.

There can be other reasons for MAC address filtering, eg restricting broadcasts, configuring VLANs and it’s just the way some switches work.

Tony