Port Forwarding from Home Router to a Sever behind VMWare NAT Interface

If you ever wanted to let someone access your VMWare servers from public internet, this post is for you. 

The server is behind the NAT interface (VMnet8) of your VMWare Workstation in your PC which is the most common method for IT guys for their testing etc.

The diagram on the right side explains what I did.

Here I used my home router ZTE F660 which is a fiber optic router provided by my ISP.

The server I used for this was a Windows Server with IIS service enabled.

VMWare is installed in my laptop and it is connected to the home router via WiFi.

So my goal was to give my public IP to a friend of mine to access my Windows IIS Server through his web browser.

Port Forwarding in Router

In my ZTE, I went to Application > Port Forwarding and added a rule like the following. 

This should be same like in your home router.

Notice my Laptop IP is 192.168.1.10 in my home LAN. So I am forwarding the traffic coming from any WAN IP to my public IP's port 80 to my laptop's port 80.

I just need to take care of the LAN side IP only for port forwarding.

Port Forwarding in VMWare Virtual Network Adaptor

Type Virtual Network Adaptor in Windows search and click on Change the Settings.

Select VMnet8 in the list (whatever the NAT interface you have) and click on NAT settings.

Just add a port forwarding rule like the following which says to forward the traffic coming to host (my laptop) port 80 to the server IP's (10.1.1.100) port 80

Now the routing part is done, additionally you may need to turn off your laptop firewall / server firewall while your friend is accessing or you may configure rules to allow the traffic.

If your public IP is also a dynamic one like mine, and need to give a permanent address to your servers for a while you may try DDNS to get a URL.

If you are interested to get some idea about it, you can go here. 

Notes on Wireshark Filtering Commands

Packet analysis is a crucial skill for application level troubleshooting. Primary tool is Wireshark and following are some commands which will often come in handy to filter the interested traffic.

Filtering Conditions

These are the filtering criteria to be matched and displayed. You just need to type the line in filter tool bar. 

Logical Operators

You can just type the name of the operator in English or you can use the logical symbols like you do in programming to make a logical filter which will display the logical truth result of 2 or more conditions.

Using above commands, conditions & operators you can write complex statements like the following to filter packets in a capture.

Ex:- !(ip.flags == 0x40) && ip.addr==10.227.54.142

Additional Notes:-

If you want to filter packets by a protocol name, you just need to type the protocol name

Ex:- 'dns' will display all the DNS packets

Ex:- 'http' will display all the http packets

If you want to find TCP packets with ACK flag set, you should use 'tcp.flags.ack == 1' 

If you want the TCP packets with acknoledgement number equal to 1 'tcp.ack == 1'

Use 'frames.len > 1514' will display the jumbo frames.