VMware GSX Server 2.5.2Features | Documentation | Knowledge Base | Discussion Forums By design, each host-only network should be confined to the host machine on which it is set up. That is, no packets sent by virtual machines on this network should leak out to a physical network attached to the host. Packet leakage can occur only if a machine actively forwards packets. It is possible for the host machine or any virtual machine running on the host-only network to be configured in a way that permits packet leakage. Windows Server 2003, Windows 2000 Server, Windows 2000 Advanced Server and Windows NT systems are capable of forwarding IP packets that are not addressed to them. By default, however, these systems come with IP packet forwarding disabled. If you find packets leaking out of a host-only network on a Windows NT or Windows 2000 host computer, check to see if forwarding has been enabled on the host machine. If it is enabled, disable it. On a Windows Server 2003 or Windows 2000 host, choose Start > Programs > Administrative Tools > Routing and Remote Access. An icon on the left is labeled with the host name. If a green dot appears over the icon, IP forwarding is turned on. To turn it off, right-click the icon and choose disable Routing and Remote Access. A red dot appears, indicating that IP forwarding is disabled. On a Windows NT host, choose Start > Settings > Control Panel > Networking. Choose TCP/IP, click Properties, then click the Routing tab. Clear the check box to disable IP forwarding. If you find packets leaking out of a host-only network on a Linux host computer, check to see if forwarding has mistakenly been enabled on the host machine. If it is enabled, disable it.
For many Linux systems, disable forwarding by writing a 0 (zero) to the special file echo 0 > /proc/sys/net/ipv4/ip_forward Other Linux systems have a system configuration option that you can set. The method depends on your Linux distribution. You may use a control panel, specify a setting at the time you compile your kernel or possibly enter a specification when you boot your system. Consult your operating system documentation for details on the method to use with your particular distribution. If the host computer has multiple network adapters, it may be intentionally configured to do IP forwarding. If that is the case, you do not want to disable forwarding. In that case, to avoid packet leakage you must enable a packet filtering facility and specify that packets from the host-only network should not be sent outside the host computer. Consult your operating system documentation for details on how to configure packet filtering. Virtual machines may leak packets, as well. For example, if you use Dial-Up Networking support in a virtual machine and packet forwarding is enabled, host-only network traffic may leak out through the dial-up connection. To prevent the leakage, be sure packet forwarding is disabled in your guest operating system. |
