Port Forwarding from Home Router to a Sever behind VMWare NAT Interface

If you ever wanted to let someone access your VMWare servers from public internet, this post is for you. 

The server is behind the NAT interface (VMnet8) of your VMWare Workstation in your PC which is the most common method for IT guys for their testing etc.

The diagram on the right side explains what I did.

Here I used my home router ZTE F660 which is a fiber optic router provided by my ISP.

The server I used for this was a Windows Server with IIS service enabled.

VMWare is installed in my laptop and it is connected to the home router via WiFi.

So my goal was to give my public IP to a friend of mine to access my Windows IIS Server through his web browser.

Port Forwarding in Router

In my ZTE, I went to Application > Port Forwarding and added a rule like the following. 

This should be same like in your home router.

Notice my Laptop IP is 192.168.1.10 in my home LAN. So I am forwarding the traffic coming from any WAN IP to my public IP's port 80 to my laptop's port 80.

I just need to take care of the LAN side IP only for port forwarding.

Port Forwarding in VMWare Virtual Network Adaptor

Type Virtual Network Adaptor in Windows search and click on Change the Settings.

Select VMnet8 in the list (whatever the NAT interface you have) and click on NAT settings.

Just add a port forwarding rule like the following which says to forward the traffic coming to host (my laptop) port 80 to the server IP's (10.1.1.100) port 80

Now the routing part is done, additionally you may need to turn off your laptop firewall / server firewall while your friend is accessing or you may configure rules to allow the traffic.

If your public IP is also a dynamic one like mine, and need to give a permanent address to your servers for a while you may try DDNS to get a URL.

If you are interested to get some idea about it, you can go here. 

Deploying CSR1000v (Cisco IOS XE) on VMware ESXi

If you haven't installed VMware ESXi yet, go through Installing VMware ESXi & VSphere Client on VMware Workstation post and come here after it is completed.

Basically what I'm going to do here is going install several Cisco CSR 1000v (IOS-XE) routers in VMware ESXi and network them together with a Virtual Switch. Final output topology will be like the following.

With 802.1q trunking, you will be able to connect routers with logical point to point links  to simulate routing without a simulator..

You will need a CSR 1000v ova template from Cisco.com
What I downloaded was csr1000v-universalk9.03.11.04.S.154-1.S4-std-C1-M2560-N3-DS8.ova

For a one CSR1000v router, you will need a 2 GB minimum of RAM..


Open VMware workstation and power up the ESXi server and login using vSphere client..

Go to File > Deploy New OVF Template, Browse for the OVF, select hit Next..

Hit Next again and name your Router (Ex:- CSR-01) and hit Next..

Give Thin Provision if your installing it on your desktop.. Thin Provision means that it will not take dedicated hard disk space from your hard drive, it will allocate hard drive space when it needs only..

Hit Next & Next agin for Network Mapping for it's defaults, we will change these things as we need later..

My final settings were like this before Finishing and deploying..

Hit Finish..

Add another router just like the previous one with a different name (Ex:- CSR-02)
Finally the Virtual Switch default setup will be like following.. (go to Configuration > Networking)

Now power up the routers and and right click > Open Console

After it is booted up, configure them for SSHv2.. If you are not familiar with allowing SSH on Cisco devices please read Enabling SSH on Cisco Routers / Switches for Local Users

Note:- 

According to this topology, you can assign an IP address to any Gig port of the router because we didn't care the network mapping part.
Because we let it be the default, all 3 gig ports of each router now connects to the vSwitch. But in a design you will have to consider which port is actually connected to the vSwitch and assign a matching IP address to the port.
For this basic setup, give the routers the IP addresses of the same subnet which the ESXi is in..
Ex:- my ESXi IP : 192.168.47.200
CSR-01 Gig 1 IP : 192.168.47.31
CSR-02 Gig 1 IP : 192.168.47.32


Now the routers will ping each other and you will able to access the routers through your native PC's SSH clients like SecureCRT..

Installing VMware ESXi & VSphere Client on VMware Workstation

VMware ESXi is a good environment to run & network Virtual Machines inside a single entity. ESxi with virtual operationg systems like IOSv, IOS-XRv, IOS-XEv, ASAv etc can be used to create networking labs without simulators. ESxi is just like another server Operating System which you can install in a server or inside your VMware Workstation in your PC.

Here I am going to install ESXi 5.1 inside my VMware Workstation on my PC..

Installing VMware ESXi

Go to File > New Virtual Machine select Typical & hit Next. Browse for the Installer Disk Image file location and select the ESXi ISO image and hit Next. Now you will be asked to give a name for the virtual machine and the location to install. After entering those details, you will be asked to specify the disk capacity. On my machine, it showed 40 GB for maximum by default and I left it as it was and selected Split virtual disk in to multiple files and hit Next..

Additionally I added 3 more network cards to the virtual machine and gave the maximum recommended memory  which is about 6GBs. Now all the settings were like in the left side capture before I hit Finish. 

As soon as you hit Finish, It will start to boot and popup the following dialog box.

Boot from standard installer..












After few yellow screens it will stop at the following dialog box.

Hit Enter and Hit F11 for the Next dialog box to accept license agreements..







Now it will stop at the following dialog box.

Hit Enter to continue and you will be asked to select key board layout and a root password.

Give the credentials and hit Enter..

It will again ask for a confirmation to install ESXi, hit F11 to continue..
Now it will go fine with the installation..


After the installation is finished, a dialog box will popup, Hit Enter to reboot the VM..

Assign a Static IP Address to the VM

Bydefault ESXi will take a DHCP address but in most cases you will need it to have a static IP address in your labs.

After the reboot completed, Hit F2 to Customize System.. You will be asked to login as root; therefore give the credentials entered during the installation..

In System Configuration, go to Configure Management Network > IP Configuration

Select Set static IP address and network configuration & give an IP address inside your subnet.

Hit Enter and hit Escape to go to the 1st menu (Customize System), you will be asked to restart the management system because you have changed it's configuration..
Hit Y for yes..

Installing VSphere Client

Now go to your web browser and enter the IP address you gave to the ESXi VM..
You will be informed with a security warning from the browser because the webpage is not a HTTPS site. That's fine, go through it..

You can download VSphere Client from there..

After download, install and run the VSphere Client..

Give the IP address of the ESXi, username and passwords and hit Login.

You will be warned by a untrusted SSL connection, that's fine and Ignore the message.















Now ESXi is fully functioning, you can install new Virtual Machines inside ESXi and network the with the Virtual Switches from now on.. (click on the images to view in fullsize)