I have Verizon FIOS for internet service and I have a roommate. I like to play with my network and don’t necessarilly mind a temporary outage when something goes wrong. My roommate just wants the internet to work. For those reasons I’ve decided that my vmware guests will be on their own subnet and behind a router / firewall so I can freely break things without hearing anyone else complain. This sounded easy enough. Setup a guest in the VM with one leg in the physical network and one in the virtual network to act as a router. Setup a static route on the Actiontec router that comes with FIOS. Be happy. It sounded simple but getting things right with the Actiontec took a little more work and the googles, they did nothing.
The physical network here will be 192.168.1/24 while my VM guests will be on 192.168.2/24. After setting up a VM guest as a router with a guest behind it I logged into the Actiontec and went to Advanced -> Routing and selected New Route where I entered in the routing information for the 192.168.2/24 network.
New Routes screen
After doing this I found an odd problem. I could ping a host on the VM network from the physical network but couldn’t ping a host on the physical network from the VM network. After setting up a few sniffers I saw the packet leave the VM guest, in the VM router and then out, in the physical host and back out to the Actiontec router, but nothing was received by the VM router. I looked through the firewall logs under Firewall Settings -> Security Log but it was a flood of entries. After going into the Security Log Settings I disabled logging of accepted incoming and outgoing connections and had it log all denied connections.
Firewall Log Settings page
Now the logs gave me something useful. (Not sure why the Security Log logged all accepted connections and no denied connections by default but whatever.) The Actiontec’s default policy is blocking the return traffic from the physical network back to the VM network.
Security Log
I’m not sure where that policy is defined to see exactly what is blocked but under Firewall Settings -> Advanced Filtering I added some additional inbound and outbound rules to just allow all traffic between the two subnets to fix this problem and hopefully prevent any other network issues in the future between the two.
Firewall Advanced Filtering
First I added an inbound rule from the physical subnet to the VM subnet. Under the inbound Network (Home/Office) Rules I selected Add to take me to the “Add Advanced Filter” screen.
Add Advanced Filter
On this screen for “Source Address” I changed the drop down to “Specify Address” and selected Add again to take me to the Edit Network Objects screen.
Edit Network Object
There I hit Add again which brought me to the “Edit Item” screen. There I changed the “Network Object Type” to “IP Subnet” and entered in the physical subnet’s information.
Edit Item
After that I hit Apply until I got back to the “Add Advanced Filter” page where I did the same for “Destination Address” and entered in the VM subnet information. Once I was back at the “Add Advanced Filter” page again I left the “Protocol” as “Any” and under “Operation” selected “Accept Packet” and finally hit Apply.
Inbound Rules
Next repeat the process for the VM subnet to the physical subnet and then create the same two rules under the outbound Network (Home/Office) Rules.
Outbound Rules
After that all traffic appears to be just fine between the two networks.
(In retrospect, if you want to do any even slightly complicated network setup with FIOS you’re probably better off switching the Actiontec into bridge mode and putting your own router that your comfortable with in its place. For a few reasons this option isn’t easilly available to me which is why I had to jump through these hoops. :-/)
P.S. Added some screenshots now.