Specifications

ManualsBrandsVMware ManualsComputer equipmentGSX Server 3 Administration

271

272

273

274

275

276

277

278

279

280

www.vmware.com

276

VMware GSX Server Virtual Machine Guide

particular port on the server (the destination port). For security reasons, some servers

accept connections only from source ports below 1024.

If a virtual machine using NAT attempts to connect to a server that requires the client

to use a source port below 1024, it is important that the NAT device forward the

request from a port below 1024. You can specify this behavior in the

vmnetnat.conf file.

This behavior is controlled by entries in sections headed [privilegedUDP] and

[privilegedTCP]. You may need to add settings to or modify settings in either or

both of these sections, depending on the kind of connection you need to make.

You can set two parameters, each of which appears on a separate line.

autodetect = <n>

The autodetect setting determines whether the VMware NAT device automatically

attempts to map virtual machine source ports below 1024 to NAT source ports below

1024. A setting of 1 means true. A setting of 0 means false. On a Windows host, the

default is 1 (true). On a Linux host, the default is 0 (false).

port = <n>

The port setting specifies a destination port (<n> is the port on the server that

accepts the connection from the client). Whenever a virtual machine connects to the

specified port on any server, the NAT device attempts to make the connection from a

source port below 1024. You may include one or more port settings in the

[privilegedUDP] or [privilegedTCP] section or in both sections, as

required for the connections you need to make. Each port setting must be entered on

a separate line.

Considerations for Using NAT

Because NAT requires that every packet sent and received from virtual machines be in

the NAT network, there is an unavoidable performance penalty. Our experiments

show that the penalty is minor for dial-up and DSL connections and performance is

adequate for most GSX Server uses.

NAT is not perfectly transparent. It does not normally allow connections to be initiated

from outside the network, although you can set up server connections by manually

configuring the NAT device. The practical result is that some TCP and UDP protocols

that require a connection be initiated from the server machine — some peer to peer

applications, for example — do not work automatically, and some may not work at all.

A standard NAT configuration provides basic-level firewall protection because the NAT

device can initiate connections from the private NAT network, but devices on the

external network cannot normally initiate connections to the private NAT network.