Network test results and analysis for VMware Workstation in NAT architecture

Test the NAT router, with the virtual machine, the connection to the host, and discover the details of the network implementation in VMware.

Existing network structure:

Virtual machines in a NAT subnet

NAT-Out subnet segment is 192.168.222.0/24

Virtual machine A has a NAT connection to the network with an IP address of 192.168.222.146, the network is managed by a NAT router 192.168.222.2.

Virtual machine A can ping the NAT router, the result is as follows

An error occurs when using the traceroute command because the IP address translation of the ICMP packets and UDP packets that occur when the address of the header is NAT, resulting in the loss of the TTL.

Specific reference: http://www.cnblogs.com/aguai1992/p/4810039.html

The workaround is to test by ICMP. The results are as follows:

This method proves that the NAT router is accessible to the virtual machine, but the address is converted at the time of Nat.

Two-host connection to NAT virtual subnet

Where the host's virtual NIC adapter VMnet8 is connected to the virtual Switch Vmnet8, and the NIC is assigned the IP address of the NAT segment 192.168.222.1

The routing table structure under Windows at this time

Due to the existence of the virtual network card adapter VMNET8, the host can reach the various virtual machines managed by the NAT through the switch Vmnet8 in a two-tier network environment. such as SSH connection.

and the existence of the routing table proves once again that the 192.168.222.0/24 of the virtual machine within this network segment can be reached.

If you disable the network card in Control panel at this point, it will cause the host to fail to connect to the virtual machine.

The test at this point is as follows:

Ping

Tracert

This shows that for the host, through the virtual network card and bridge, each virtual machine is accessible, and through a virtual two-layer network.

Three test host arrives NAT router

Unable to connect

The experimental results show that the host cannot connect to the NAT server even though the VMNET8 is connected to the virtual switch and the NAT router is on the top.

Preliminary speculation is due to the fact that although the NAT router and the host's virtual network card belong to a network segment, the NAT router is only used for the address segment that is governed by NAT, so 192.168.222.1 does not fall within the jurisdiction of this Gateway.

So the host wants to pass 192.168.222.1 this network card to reach the NAT server is not feasible.

Conclusion:
From the routing table, the host principle packet can reach 192.168.222.2 this gateway, but this gateway does not give a reply, because the host's virtual network card is not the role of NAT and managed IP address.

Network test results and analysis for VMware Workstation in NAT architecture