VMWare/Firestarter - was 2d chance at Unity

Lucio M Nicolosi lmnicolosi at gmail.com
Wed Apr 20 21:15:11 UTC 2011 

On Wed, Apr 20, 2011 at 3:33 PM, NoOp <glgxg at sbcglobal.net> wrote:

> On 04/19/2011 09:52 PM, Lucio M Nicolosi wrote:

>> - I have VMWare installed on my Maverick 64 with Network Type
> configured as NAT.
>>
>> - I'm running Firestarter.
>>
>> - When WMWare is off (most of the time) and vmnet8 is up (as on
>> startup) I keep receiving these messages, that clog my log files.
>
> Configure Firestarter (or iptables) to allow or ignore the 172 traffic
> (172.16.x.0/24). Check your ifconfig for the
>
> http://www.fs-security.com/docs.php
> or for iptables:
> http://communities.vmware.com/thread/128134

Since the traffic appears to be outbound, the firewall configures the
outbound traffic as permissive by default and there's no security
concerns about this, I guess there's not much to do.

>> it seems that something in the Ubuntu host is trying to contact the
>> virtual net, in my case 172.16.88.1-255, but get no response since
>> although the virtual board, and router and DHCP are all configured and
>> running, VMWare is off.
>> - The src/des ports are (at least) 137/138  (samba), 631 (internet
>> printing, probably cups) and 17500 (dropbox), services installed in
>> the host.
>
> Dropbox polls
> http://forums.dropbox.com/topic.php?id=21238
> http://forums.dropbox.com/topic.php?id=16253
> http://ubuntuforums.org/archive/index.php/t-1403920.htm

True, all pertinenent services.

>> - If I turn off Firestarter, the flow of messages, every few seconds,
>> stops,
>
> I'm not very familiar with Firestarter - I typically don't have it
> installed & have only installed it a few times for testing. I'll install
> it today & see what the effect is.

If seems Firestarter just shows a failed request, nothing more.

>> - Thus, since I cannot shut off all these services, wouldn't my only
>> option be to shut of the vmnet8 offender as I usually do?

> VMware is off - no guest running:
>
> $ ps -e | grep vm
>  1890 ?        00:00:01 vmware-converte
> 28437 ?        00:00:00 vmware-usbarbit
> 28506 ?        00:00:00 vmnet-bridge
> 28514 ?        00:00:00 vmnet-dhcpd
> 28517 ?        00:00:00 vmnet-netifup
> 28520 ?        00:00:00 vmnet-dhcpd
> 28523 ?        00:00:00 vmnet-natd
> 28526 ?        00:00:00 vmnet-netifup

Mine is similar - VMware is off vmnet8 up:

~$ ps -e | grep vm
12642 ?        00:00:46 vmware-unity-he
22493 ?        00:00:00 vmware-usbarbit
22569 ?        00:00:00 vmnet-bridge
22577 ?        00:00:00 vmnet-dhcpd
22579 ?        00:00:00 vmnet-dhcpd
22582 ?        00:00:00 vmnet-natd
22585 ?        00:00:00 vmnet-netifup

> $ sudo service vmware status
> Module vmmon loaded
> Module vmnet loaded

Identical

> $ sudo vmware-networks --status
> Bridge networking on vmnet0 is running
> DHCP service on vmnet1 is running
> Hostonly virtual adapter on vmnet1 is enabled
> DHCP service on vmnet8 is running
> NAT service on vmnet8 is running
> Hostonly virtual adapter on vmnet8 is enabled
> Network detection service is not running
> All the services configured on all the networks are running

Not identical perhaps because mine is NAT, yours Bridge:

$ sudo vmware-networks --status
Bridge networking on vmnet0 is running
DHCP service on vmnet1 is running
DHCP service on vmnet8 is running
NAT service on vmnet8 is running
Hostonly virtual adapter on vmnet8 is enabled
Network detection service is not running
All the services configured on all the networks are running

> If you wish to conserve cycles:
> $ sudo service vmware stop
> You can verify by:
> $ ifconfig and  $ ps -e | grep vm
> you'll not longer have vmnet1 & vmnet8.
> Just remember to turn it back on before you bring up vmware:
> $ sudo service vmware start

Perfect

Says (trimmed) syslog:

kernel: [142664.978102] /dev/vmci[23041]: Module vmci: unloaded
kernel: [142664.998337] /dev/vmmon[23048]: Module vmmon: unloaded
kernel: [142665.093297] bridge-eth0: disabling the bridge
vmnetBridge: Stopped bridge eth0 to virtual network 0.
vmnetBridge: Daemon destroyed.
kernel: [142665.120036] bridge-eth0: down
kernel: [142665.120051] bridge-eth0: detached
vmnet-dhcpd: select: Interrupted system call
vmnet-dhcpd: exiting.
vmnet-dhcpd: select: Interrupted system call
vmnet-dhcpd: exiting.
avahi-daemon[1191]: Interface vmnet8.IPv6 no longer relevant for mDNS.
avahi-daemon[1191]: Leaving mDNS multicast group on interface
vmnet8.IPv6 with address fe80::250:56ff:fec0:8.
avahi-daemon[1191]: Withdrawing address record for
fe80::250:56ff:fec0:8 on vmnet8.
avahi-daemon[1191]: Withdrawing address record for 172.16.88.1 on vmnet8.
avahi-daemon[1191]: Withdrawing workstation service for vmnet8.
NetworkManager[1186]:    SCPlugin-Ifupdown: devices removed (path:
/sys/devices/virtual/net/vmnet8, iface: vmnet8)

Perfect, all services down as they should be when the software isn't required.

Wouldn't it be nice to call VMWare through a script that would:

sudo service vmware start
vmware
sudo service vmware stop

Cheers,

L.

-- 
Lucio M. Nicolosi, Eng.
Open Source Platform Implementation
System and Applications
GNU/Linux - Ubuntu

More information about the ubuntu-users mailing list