VMware trusted interface

designator · 07-11-2008, 11:51 AM

I'm trying to set the virtual interface vmnet1 as a trusted interface so that guest and host can communicate with each other without a firewall.

Both guest and host are running CentOS 5.2

system-config-securitylevel-tui doesn't show vmnet1 as one of the interfaces so I can't just tick a box there.

Does anyone know how to permanently set vmnet1 as a trusted interface on CentOS?

I've tried these, but neither worked:

Code:

iptables -A INPUT -i vmnet1 -j ACCEPT
and
iptables -A RH-Firewall-1-INPUT -i vmnet1 -j ACCEPT

Here's what iptables -L shows:

Code:

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ies-lm
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ideafarm-chat
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
ACCEPT     all  --  anywhere             anywhere

Any suggestions welcome.

saldon · 07-11-2008, 03:50 PM

Well, Linux can't "see" vmnet1 because that exists only in VMware. When you setup VMware you created a virtual network as well. You need to approach this as though you're connecting two different physical machines. Add the entries to your firewall config based on the IP address of the host and guest.

designator · 07-14-2008, 01:20 PM

Once you explained it, it made perfect sense :-) Thanks a lot.

For anyone else with a similar problem, the command I had to use was:

Code:

iptables -I RH-Firewall-1-INPUT 1 -s 192.168.16.0/24 -j ACCEPT

Where 192.168.16.0/24 is a host-only interface vmware server created and RH-Firewall-1-INPUT is the default chain CentOS 5.2 created.

After I ran that and made sure it works, I ran

Code:

iptables-save > /etc/sysconfig/iptables

to make the changes permanent.