Topic: Forwarding port to VMware running on a Linux machine on local LAN

[michelandre]

Hi all!

I have a small problem forwarding port.

I have a SME-7.2, updated to the latest patches.
Dedicated gateway and server mode.
Internal IP: 192.168.1.1

On the internal LAN
SuSE10-SP1, no firewall, 192.168.1.2
VMware sever 1.0.4-56528.i386, the latest. Using port 904.

XP-SP2
192.168.1.129
From it, I can connect directly to the VMware running on the SuSE server with no problem.
192.168.1.2:904/user/password

I forward port:
TCP/904/192.168.1.2/904

I tried also UDP. Still no connection.

I tried from the XP machine: Public-IP:904/user/password
Error: some kind of time-out error saying the connected party did not response in the allowed time.

What am I missing here? Another port also to open?

Any help appreciated.

Michel-André

[CharlieBrady]

What am I missing here?

In my experience, the most common reason for port forwarding 'not working' is that the default gateway is incorrectly set on the machine being forwarded to.

[michelandre]

Hi all!

I did all kind of searches and tried all kinds of experimentations and found nothing.

Using a virtual SME, I will not ruin my real SME7.2 server if I do something wrong..

On the SuSE10-SP1, without firewall, (192.168.1.2/255.255.255.0),
I installed a SME-7.3 in this machine's VMware specifying 2Nic/192.168.1.227 internal and 192.168.1.228 external/mask 255.255.255.0.
SSH (port 2222 then changed it to 22) is working, WEB is working, able to ping both Nic.

I installed another VMware server (this one is using port 902) on a real machine:
OpenSuSE10.3 (192.168.1.102/255.255.255.0).
I created a simple machine: XP-Pro/SP2.
I forwarded port 902 from 192.168.1.228 (the virtual SME-7.3) to 192.168.1.102 (the OpenSuSE-10.3)
**********************
# nmap 192.168.1.228

Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2008-03-10 15:33 EDT
Interesting ports on (192.168.1.228):
(The 1659 ports scanned but not shown below are in state: closed)
PORT    STATE    SERVICE
25/tcp  open     smtp
80/tcp  open     http
110/tcp open     pop3
139/tcp open     netbios-ssn
143/tcp open     imap
389/tcp open     ldap
443/tcp open     https
465/tcp open     smtps
515/tcp open     printer
548/tcp open     afpovertcp
902/tcp filtered iss-realsecure-sensor
993/tcp open     imaps
995/tcp open     pop3s
MAC Address: 00:0C:29:01:54:B1 (VMware)
**********************
tchana:~ # nmap 192.168.1.102

Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2008-03-10 15:33 EDT
Interesting ports on  (192.168.1.102):
(The 1660 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
902/tcp  open  iss-realsecure-sensor
5801/tcp open  vnc-http-1
5802/tcp open  vnc-http-2
5803/tcp open  vnc-http-3
5901/tcp open  vnc-1
5902/tcp open  vnc-2
5903/tcp open  vnc-3
MAC Address: 00:02:A5:FE:EE:0E (Compaq Computer)
**********************

All machines are able to get directly to the VMware running XP-Pro/SP2 on the OpenSuSE.
If I tried going throught the Virtual SME, always the same problem: time-out...

If the machine running VMware XP-Pro/SP2 is not configured properly then why is an W2K, OpenSuSE10.3 and XP/SP2 on the same segment is able to connect directly to the VMware server without problem?

I am loosing hope...

Michel-André

[CharlieBrady]

I installed a SME-7.3 in this machine's VMware specifying 2Nic/192.168.1.227 internal and 192.168.1.228 external/mask 255.255.255.0.

That's an invalid network configuration. Internal and external NICs must be configured with non-overlapping networks.

[michelandre]

Hi all!

Well Charlie you were right "with non-overlapping networks".

I modified the SME-VMware local to 192.168.2.1
Modified OpenSuSE running VMware to 192.168.2.102
SME-VMware external to 192.168.1.3
All is working...

The only port in need of forwarding is 902.

Now the question is: Assuming my real SME-7.2 is working properly, am I able to test the forwarding using an internal station to log to VMware and using: SME-external-ip:902/user/password?
I don't think so.
That is the original problem meaning there was never a problem.

I am waiting for my external contact to try it from his location.
I will keep you informed.

Thank you very much.

Michel-André

[CharlieBrady]

Assuming my real SME-7.2 is working properly, am I able to test the forwarding using an internal station to log to VMware and using: SME-external-ip:902/user/password?
I don't think so.

The second most common reason for port forwarding not "working" is people attempting to test it from the LAN side.