A VM was set up on a Fedora Core 4 host with Windows 2003 Server as the guest OS on which IIS was installed and functional. The intention was for the VM to be publicly accessible. However bridged networking was not functional due to the host's networking configuration. The bridged interface on the guest was not assigned a gateway nor dns. So it was not possible to browse the net nor was it possible to interact with the FC4 host. It was not possible to assign it a public ip nor was it possible to ping the VM guest from the host server itself.

The same situation obtained with host only networking however NAT seemed to work. The VM guest was pingable from the host and was able to browse the Internet. Therefore something had to be done to make it publicly accessible using NAT which is essentially a private virtual network configuration. Port forwarding seemed to be the way accomplish this. These are the steps I took.

Since I was unable to directly configure the VM's network interface with a public ip I set about to bind the public ip on the host so that it could be channeled to the VM's private ip. To do this I created a file called “ifcfg-eth0:0” in the /etc/sysconfig/network-scripts folder. In that file I added the following:

DEVICE=eth0:0
BOOTPROTO=none
IPADDR=xxx.xxx.xxx.xxx
ONBOOT=yes
TYPE=Ethernet

Of course instead of xxx.xxx.xxx.xxx I put the new public ip. I then restarted the FC4 networking by typing:

/etc/init.d/network restart

I then edited the Apache server config file, /etc/httpd/conf/httpd.conf and specified the the listening ip and port “Listen” section this is done by changing the line that reads:

Listen :80

to

Listen xxx.xxx.xxx.xxx:80

Where xxx.xxx.xxx.xxx is the existing public ip and NOT the new public ip assigned in step 1 above. I really am not sure how essential this step is though.

Next I edit the VMware's NAT interface config file to make it public. To do this I edited the file, /etc/vmware/vmnet8/nat/nat.conf. In that file I looked for the line that read:

#8888 = xxx.xxx.xxx.xxx:80

where xxx.xxx.xxx.xxx was the ip of the VM guest. I removed the comment so that it read:

8888 = xxx.xxx.xxx.xxx:80

This change forwards port 8888 on the host to port 80 on the guest to make the guest OS accessible through port 8888 of the host. I then restarted VMware with:

/etc/init.d/vmware restart

I used iptables to direct Internet traffic to the private network address by issuing this command:

/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to xxx.xxx.xxx.xxx:8888

where xxx.xxx.xxx.xxx is the new public ip (from step 1) NOT the address of the VM itself.

I then tested it by opening a browser and navigating to xxx.xxx.xxx.xxx. Once the default IIS “under construction” page came up I knew it worked.

To save the iptables settings this command was issued:

/etc/init.d/iptables save

And that was it.

~~DISCUSSION~~