Simple and simple VMware's networking mode _vmware

We all know VMware's three networking models, respectively, for Bridge,nat,host-only. VMware believes that by using these three networking patterns, you can build any network topology, which is actually the case. If you are proficient in the network, it should be easy to understand the VMware Network configuration mode, but even so, VMware because it is just a virtual machine, no image of the topology displayed. This article gives a simple illustration of the visualization of three networking patterns, and in addition, VMware's help documentation contains a fairly detailed chapter on vmnet.
A. Bridge mode, as the name suggests, bridges mode is bridging mode, the virtual machine inside the network card directly bridge the host in a physical network network segment. The schematic diagram is as follows:

This is a lot of time for lazy people like me, but in the case of non-DHCP, it is very easy to cause IP address conflicts, so if you do not have to configure the virtual machine in a network segment, do not use bridge mode. The networking topology for bridge mode is as follows:

Two. Nat mode is the so-called NAT mode is the virtual Machine network card hidden in a NAT device, in the outside world, can only see the host physical network card, and even the NAT device can not see, NAT devices silently convert the virtual machine out of the connection of the source address, as shown in the following figure:

However, there is a detail, that is how the diamond in the figure above is implemented, how VMware can simulate a consistent NAT device under different host operating systems. To achieve consistency and simplicity, VMware uses a user-state connection agent to implement a NAT device, so the NAT device is actually a user-state process that performs address translation, as shown in the following illustration:

The so-called address translation is not really an IP network in the sense of address translation, but a proxy. The connection initiated inside the virtual machine is intercepted completely in the host's NAT process, and then the NAT process cynical a connection to the destination in lieu of the connection inside the virtual machine, then communicates with the destination and forwards the data to the virtual machine. We can use a simple experiment to illustrate this point:
1. Only allow local TCP SYN packets to be sent out, prohibit any back pack iptables-a output-p tcp--tcp-flags syn syn-j ACCEPT
Iptables-a output-j DROP
Iptables-a input-j DROP
2. Establish a TCP connection to Baidu in the virtual machine telnet 74.125.128.94 80
3. View the file descriptor for the user-state NAT process on the host lsof-p 271-n
...
Vmnet-nat 271 root 7u IPv4 0xffffff8017b62160 0t0 TCP 192.168.1.101:49256->74.125.128.94:http (ESTABLISH ED)
...
4. Conclusion the virtual machine can only send a SYN packet, but the host to the 74.125.128.94 connection has been established, indicating that the NAT process is a user-state connection agent. The same conclusion can be seen through TCP capture, how to observe it. Very simple, check the serial number, the serial number and confirmation number of the data packets crawled inside the virtual machine are not consistent with the serial number and confirmation number of the "Same connection" (actually not a connection, but the proxy) crawled on the host, and we know that the regular NAT modifies only five elements and does not modify the serial number.
Visible, because NAT is a proxy, Nat mode may cause the destination host TCP connection statistics inaccurate, such as the above experiment, the virtual machine obviously did not connect a successful destination, but the host NAT process has established a TCP connection. Using NAT mode, you need to know all the side effects it brings. The last NAT mode's networking topology is as follows:

Three. Host-only mode this mode is in fact the most pure, virtual machine and host of a network card (virtual network card) directly connected, this is only, as shown in the following figure:

But how does the host-only mode of the virtual machine connect to the extranet. The virtual machine can treat the host as a router, so the remaining problem is how to configure the router. The following steps are required:
1. In the virtual machine the default gateway to the host's virtual network card Vmnet1, if you are not too troublesome can also configure host Route 2. To open the routing feature of the host Linux:sysctl-w net.ipv4.ip_forward=1
Mac os:sysctl-w net.inet.ip.forwarding=1
Windows: Open the Tcpip ipenablerouter registry key
3. Choose one of the following methods 3.1. Configure Snat. Linux uses iptables to configure export NIC Snat;mac os using NATD and IPFW configuration; Windows uses the network card's "sharing" to configure 3.2. Configure pure routing, mainly to solve the problem of return routing, but many extranet server routing we can not configure, So this network topology, which applies only to the experimental environment host-only mode, looks like this:

Four. The meaning of vnnetx VMware in the host virtual a few network cards, these network cards are actually some with a number of port two-tier or three-tier network equipment. This article does not talk about DHCP, in fact, each of the network mode can have a DHCP server inserted into the virtual device port, the virtual machine to allocate the network card IP address.
By default, VMware provides a VMNET0/1/8 three virtual NIC, vmnet0 outside, it is actually a pure link layer bridge, the bridge device does not have any three levels of functionality, one of the bridge port is a host of a physical network card. Vmnet1 dedicated to Host-only to use, Vmnet8 dedicated to Nat, the two virtual network cards have three layers of functionality, can configure IP address, is really a host on the visible network card Ah, in addition, the two network cards are also bridge equipment, Only the Brdige does not bridge any physical network adapters on any host.