VMWare Networking Issue

[Sidoh]

I don't know what you're on, but it says -PR everywhere. I tested the command before I posted it here. :P

Haha, crap.  I probably read my own post or something.

Try doing a traceroute outside your network.. I don't expect it to be useful, but it's worth a try.

Here it is:
traceroute to www.google.com (64.233.167.99), 30 hops max, 40 byte packets
1  192.168.211.2 (192.168.211.2)  0.710 ms  0.052 ms *
2  * * *
3  * * *
4  * * *
5  * * *
6  * google-peer.chcgil01.transitrail.net (137.164.130.150)  104.595 ms  104.421 ms
7  * * *
8  * * *
9  * * *
10  * * *
11  * * py-in-f99.google.com (64.233.167.99)  137.561 ms

[nslay]

Doing anything from the guest OS is useless because vmware is likely not running with privileges.  Non-privileged software cannot use SOCK_RAW, that means no ICMP (tracert, ping, etc...).  The diagnosis will likely have to be done from the host OS.

[iago]

Doing anything from the guest OS is useless because vmware is likely not running with privileges.  Non-privileged software cannot use SOCK_RAW, that means no ICMP (tracert, ping, etc...).  The diagnosis will likely have to be done from the host OS.

VMWare hides all those kinds of details. When you run a traceroute from VMWare, it opens a virtual socket with SOCK_RAW, and the host is treated as the first hop.

[iago]

Here it is:
traceroute to www.google.com (64.233.167.99), 30 hops max, 40 byte packets
1  192.168.211.2 (192.168.211.2)  0.710 ms  0.052 ms *
2  * * *
3  * * *
4  * * *
5  * * *
6  * google-peer.chcgil01.transitrail.net (137.164.130.150)  104.595 ms  104.421 ms
7  * * *
8  * * *
9  * * *
10  * * *
11  * * py-in-f99.google.com (64.233.167.99)  137.561 ms

The first hop is 192.168.211.2.. does that make sense? In NAT mode, the first hop should be the host system, and I thought the host system was 192.168.211.1?

What's the default gateway on the guest set to? (/sbin/route will tell you)

[nslay]

Doing anything from the guest OS is useless because vmware is likely not running with privileges.  Non-privileged software cannot use SOCK_RAW, that means no ICMP (tracert, ping, etc...).  The diagnosis will likely have to be done from the host OS.

VMWare hides all those kinds of details. When you run a traceroute from VMWare, it opens a virtual socket with SOCK_RAW, and the host is treated as the first hop.

The VMware application still needs root privileges to use SOCK_RAW...there is no way around this (except on OS X which allows limited SOCK_RAW to non-privileged users).

EDIT:  Oh I see what you're saying...sure, in VMware's internal network that works.  But the privilege restriction applies to anything intended to be sent through the real network.

[iago]

The VMware application still needs root privileges to use SOCK_RAW...there is no way around this (except on OS X which allows limited SOCK_RAW to non-privileged users).

EDIT:  Oh I see what you're saying...sure, in VMware's internal network that works.  But the privilege restriction applies to anything intended to be sent through the real network.

VMWare's networking runs as a kernel module, so it has access to do whatever it wants.

[nslay]

The VMware application still needs root privileges to use SOCK_RAW...there is no way around this (except on OS X which allows limited SOCK_RAW to non-privileged users).

EDIT:  Oh I see what you're saying...sure, in VMware's internal network that works.  But the privilege restriction applies to anything intended to be sent through the real network.

VMWare's networking runs as a kernel module, so it has access to do whatever it wants.

Yes, assuming it uses tap.  You don't have to use tap...and when you don't, you can't send out ICMP packets.