LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   VMware trusted interface (https://www.linuxquestions.org/questions/linux-networking-3/vmware-trusted-interface-655135/)

designator 07-11-2008 11:51 AM
VMware trusted interface
 
I'm trying to set the virtual interface vmnet1 as a trusted interface so that guest and host can communicate with each other without a firewall.

Both guest and host are running CentOS 5.2

system-config-securitylevel-tui doesn't show vmnet1 as one of the interfaces so I can't just tick a box there.

Does anyone know how to permanently set vmnet1 as a trusted interface on CentOS?

I've tried these, but neither worked:
Code:
iptables -A INPUT -i vmnet1 -j ACCEPT
and
iptables -A RH-Firewall-1-INPUT -i vmnet1 -j ACCEPT
Here's what iptables -L shows:
Code:
iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    esp  --  anywhere            anywhere
ACCEPT    ah  --  anywhere            anywhere
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ies-lm
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ideafarm-chat
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited
ACCEPT    all  --  anywhere            anywhere
Any suggestions welcome.

saldon 07-11-2008 03:50 PM
Well, Linux can't "see" vmnet1 because that exists only in VMware. When you setup VMware you created a virtual network as well. You need to approach this as though you're connecting two different physical machines. Add the entries to your firewall config based on the IP address of the host and guest.

designator 07-14-2008 01:20 PM
Once you explained it, it made perfect sense :-) Thanks a lot.

For anyone else with a similar problem, the command I had to use was:
Code:
iptables -I RH-Firewall-1-INPUT 1 -s 192.168.16.0/24 -j ACCEPT
Where 192.168.16.0/24 is a host-only interface vmware server created and RH-Firewall-1-INPUT is the default chain CentOS 5.2 created.

After I ran that and made sure it works, I ran
Code:
iptables-save > /etc/sysconfig/iptables
to make the changes permanent.


All times are GMT -5. The time now is 09:33 AM.