VMWare Private Virtual Network w/ Internet Connectivity

1000px-Vmware.svgI run a VMWare lab on my computer. Virtualization is a great technology and it’s a subject I could probably write a hundred articles on. However, this article is about virtual networking within VMWare. My scenario may different a bit from yours but this is how I overcame the blockade and if you have found a better solution, I’d love to hear what you’ve done.

My scenario is that I need an isolated lab network, but the computers in the lab need internet access This is because I often test things on Active Directory domains including DNS and I want to keep all of this isolated from my production environment. By default, VMWare gives you the following network adapter choices:

  • Bridge Networking – this is like your virtual machine being directly plugged into a switch. It receives it’s own IP via your network’s DHCP server that is separate from the host’s.
  • NAT Networking – this is where the virtual machine and the host share the same IP address on the network. Your virtual machine will be routed packets via NAT.
  • Host-Only Networking – this is a completely separate and isolated network within your host. There is no internet access or access to the LAN your host resides on from the virtual machine.

To provide connectivity to the isolated network, I setup a pfSense firewall virtual machine. You can download the latest version of pfSense here. They once offered a preinstalled VMWare image of an installation, however the link is dead so you will need to setup a VMWare image of pfSense. The nice thing is, you can use pfSense as a LiveCD or actually install it. I created a virtual machine with 384 MB of RAM (it really could run on 256 MB) and installed it to a 20 GB virtual hard disk. To make pfSense work as a router between your virtual network and your LAN, you need to add another virtual NIC.

The main pfSense console from the terminalIn this screen shot, you can see I have two adapters. em0 and em1. In your virtual machine settings, you will need to set one of the adapters to Host-Only (this will be your LAN adapter) and the other to Bridge (this will be your WAN adapter). Your em0 adapter will be the first Network Adapter in the Virtual Machines settings window.

VMWare includes a DHCP server, you can disable it as pfSense has it’s own DHCP server and this is what we will use in the lab environment.

Next, you will need to modify your WAN port settings. To do this via the web interface, you will need a virtual machine on this isolated network or you can do it from the pfSense console.

Your settings will be very basic – the WAN will be DHCP (or assign it a static IP if you wish). I leave it as DHCP so I can move my lab from my work network to my home network without having to reconfigure anything other than starting the pfSense virtual machine. The important part to note are the settings regarding private IP addresses. As you are aware, routers are configured to not route packets for private networks. Since this pfSense installation has it’s WAN port connected to a private network, you need to allow pfSense to route private packets. To allow this, just uncheck the two boxes under Private Networks. Save and apply settings to the WAN port.

In the following example, you can see the virtual machine while on a Host-Only connection can access the internet via our pfSense firewall: