Port Forwarding on VMware Fusion

VMware Fusion hosts my test beds for PowerNSX. This runs on my work laptop which is a 2015 MacBook Pro that has an i7, 16GB, and a 1TB SSD. I access the environment via SSH from my desktop iMac. These workloads run on my laptop so when I travel my test beds are not dependent on home infrastructure.

I run the following workloads on the MacBook Pro:
– vCenter Server Appliance
– NSX Manager
– ESXi
– Log Insight

These VMs are connected to Custom Networks. The network in question is 192.168.103.0/24 and the checkbox Allow virtual machines on this network to connect to external networks (using NAT) is ticked. This results in the workloads being on a local network

I wanted to be able to access the Log Insight interface hosted on my laptop and as such I needed to port-forward to the Log Insight virtual machine. This requires editing on the Fusion network scope the workloads are attached to.

The network configuration files are stored their respective folders within the VMware Fusion preferences folder.

➜ ~ l /Library/Preferences/VMware\ Fusion/
total 48
drwxr-xr-x 16 root wheel 544B Jun 12 20:55 .
drwxr-xr-x 52 root wheel 1.7K Jun 14 15:58 ..
-rw-r--r-- 1 root wheel 1.2K May 23 10:33 .networking.XXXXXX
-rw-r--r-- 1 root wheel 25B May 18 15:01 config
-r--r--r-- 1 root wheel 31B Jun 12 20:55 lastLocationUsed
-rw-r--r-- 1 root wheel 553B Apr 2 16:43 license-fusion-80-e4-201505
-rw-r--r-- 1 root wheel 1.5K Jun 12 20:55 networking
-rw-r--r-- 1 root wheel 1.5K Jun 11 23:20 networking.bak.0
-rw-r--r-- 1 root wheel 0B Apr 7 08:26 promiscAuthorized
drwxr-xr-x@ 10 root wheel 340B Jun 12 20:55 thnuclnt
drwxr-xr-x 4 root wheel 136B May 3 21:53 vmnet1
drwxr-xr-x 7 root wheel 238B May 3 21:53 vmnet2
drwxr-xr-x 4 root wheel 136B May 3 21:53 vmnet3
drwxr-xr-x 7 root wheel 238B Jun 9 20:36 vmnet5
drwxr-xr-x 4 root wheel 136B May 28 20:11 vmnet6
drwxr-xr-x 7 root wheel 238B May 3 21:53 vmnet8

The network of interest in this case is vmnet5. Change into the vmnet5 directory.

There is a lot of interesting content within the nat.conf file. It includes which IP address will be used as the source IP for NAT, what inbound TCP connections can be made, and much more. The [incomingtcp] field is what is of interest.

 

➜ ~ cat /Library/Preferences/VMware\ Fusion/vmnet5/nat.conf
# VMware NAT configuration file

[host]

# NAT gateway address
ip = 192.168.104.2
netmask = 255.255.255.0

# VMnet device if not specified on command line
device = vmnet5

# Allow PORT/EPRT FTP commands (they need incoming TCP stream ...)
activeFTP = 1

# Allows the source to have any OUI. Turn this on if you change the OUI
# in the MAC address of your virtual machines.
allowAnyOUI = 1

# Controls if (TCP) connections should be reset when the adapter they are
# bound to goes down
resetConnectionOnLinkDown = 1

# Controls if (TCP) connection should be reset when guest packet's destination
# is NAT's IP address
resetConnectionOnDestLocalHost = 1

# Controls if enable nat ipv6
natIp6Enable = 0

# Controls if enable nat ipv6
natIp6Prefix = fd15:4ba5:5a2b:1005::/64

[tcp]

# Value of timeout in TCP TIME_WAIT state, in seconds
timeWaitTimeout = 30

[udp]

# Timeout in seconds. Dynamically-created UDP mappings will purged if
# idle for this duration of time 0 = no timeout, default = 60; real
# value might be up to 100% longer
timeout = 30

[netbios]
# Timeout for NBNS queries.
nbnsTimeout = 2

# Number of retries for each NBNS query.
nbnsRetries = 3

# Timeout for NBDS queries.
nbdsTimeout = 3

[incomingtcp]

# Use these with care - anyone can enter into your VM through these...
# The format and example are as follows:
# = <VM's IP address>:<VM's port number>
#8080 = 172.16.3.128:80

[incomingudp]

# UDP port forwarding example
#6000 = 172.16.3.0:6001

Adding 9443 = 192.168.104.131:443 within the [incomingtcp] section allows inbound access on TCP 9443 to the laptop to be forward to 192.168.104.131:443 which is the Log Insight instance. With this configured one must restart network services.

sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --stop
sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start

Now from another device, such as my iMac, I can access the Log Insight at https://dreamspike.local:9443.

VMware Fusion is a handy tool for home lab environments and especially environments on the run. Being a VMware employee I am privy to what is coming and I pretty much love this tool more and more with each release.

Wondering how I run VM’s with more memory than my actual device has? Check out these other Fusion blogs below!

Check this blog entry on how to run VCSA in Fusion
Check this blog entry on how to use memory swapping in Fusion.

Full Stack Journey podcast

A few weeks back I was asked by Scott Lowe if I wanted to be interviewed. At first, I was puzzled. Why would someone want to interview me? Scott was looking for people to talk about their personal career journey. Where did it start? Where was it going? How did you achieve it?

With an emphasis on technology, automation, and the soft-skills that support it we ended up talking for a good 45 minutes on this.

Thanks Scott for the invitiation. It was great fun – even if the timezones are crazy!

Below are the show notes for an idea of the content:

  • Went from desktop administrator to solution architecture/engineering in just 7 years
  • On the perception of the networking industry as “slow”:
    • A certain workflow is typically required in order to minimize risk to the network (validating changes, having changes go through peer review, waiting for a change window, and then finally logging into the boxes to make the changes)
    • This seems “slow” in comparison to what the virtualization/server admin teams can do
  • Automation and learning to code/script helps with being more efficient
  • This isn’t necessarily about cost—this is about being more personally efficient and more personally effective
  • Anthony’s journey started partially due to finding himself able to talk about it, but not necessarily do it (referring to networking automation)
  • It was PowerNSX that initially interested him, but he had to learn PowerShell and some very basic programming concepts first
  • Seeing tangible results, like being able to save hours on a task, helps energize you on your journey
  • Some of the big challenges Anthony faced as he started his journey:
    • Impostor syndrome was a big deal
    • Felt like he knew nothing (which was partially true)
    • He had to accept that this was true (he was starting from scratch), but that didn’t invalidate his other expertise or experience
  • The ability to look at online help and code samples was useful
  • Having a task—a goal—helped with the learning process
  • It’s natural for your code to evolve as your skills and your knowledge evolves (Anthony shares an example of a script he wrote going from 200 lines of code down to just 22 lines of code as he iterated over the script)
  • Having a good mentor helps during the learning process
  • Other learning resources:
  • Anthony also recommends looking at GitHub for projects written in the language you’re learning (this may also give you the opportunity to learn from their code and/or contribute to the project)
  • Giving back (blogging, teaching, mentoring, contributing to other projects, speaking, etc.) is a natural evolution of your journey
  • Closing thoughts:
    • Don’t be afraid.
    • Jump in.
    • Ask questions