I'm trying to set up a secure DMZ environment on one of the physical network cards in my host (2 cards total) Lets call the first card my LAN card and the 2nd card my DMZ card. I have the LAN card mapped to VMnet0 and the DMZ card mapped to VMnet1. Only the vmware bridge protocol is bound to the DMZ card in the host.
A guest machine is setup, Local area connection 1 is mapped to vmnet9(for communication with another guest VM), local area connection 2 is mapped to vmnet1(DMZ). The guest OS is XP Pro x32.
With this setup, I shouldn't be able to communicate with machines on my LAN(VMnet0) from the guest machine. Unfortunately I can, which is a security problem as this guest machine should have no access to my LAN. As a second symptom, if I bind TCP/IP on the DMZ card, it will DHCP an IP address from my LAN DHCP server, and is accessible from my LAN. Unbinding the VMWare Bridge protocol makes it inaccessible from my LAN, as it should be.
This behavior is exhibited on all of the guest machines on this server. It seems somehow the host adapters are being bridged. The networks themselves aren't bridged, the only traffic to/from the host and its guest os's is bridged.
The server is 2k3 Server R2 x64 edition, 5.0GB Ram, 2x Broadcom BCM5708C NetXtreme II GigE adapters. I have no Host virtual adapters, DHCP and NAT are disabled on the VMware Server. I have attached screenshots of my Virtual Network Editor summary and network mapping screens.
Any ideas?
Thanks,
Daniel Keath
**Edit: Host is running VMWare Server 1.0.4. I checked the release notes for 1.0.5 and did not see anything pertaining to this behavior.
Message was edited by: oreeh
removed the smiley from the subject
Oliver Reeh
VMware Communities User Moderator