This blog post covers configuring a vyatta router to allow host only networks within VMware workstation to be fully routable.


I’ve got most of my home lab windows vm’s running on vmware workstation and have the lab segregated from my residential network. Now running the lab within a NAT’d network within workstation wasn’t quite doing it for me as I wanted the lab network fully routable from the residential network, Bridge mode and NAT fill a purpose and do work but with the segregation I wanted the only the NAT or Host only would fit the bill. The issue I have with workstations NAT mode is that I could not reach vm’s from my residential LAN (rdp for instance) as even creating a static route on my internet router pointing to my workstation pc did not work.

So I fell back to a product I’ve used before with great effect. Vyatta is a software based router which can be installed as a vm and is available in an opensource edition as well as a paid for addition. You can download a copy from here Vyatta .

Once you have the router you will need to if you have not already change your vm networking to host only. Then on installing vyatta either as a live cd install or the virtualization iso make the following changes.

You will need to ensure that the vyatta vm has 2 vnics one attached to the host only network and the other to the bridged network. you will also need to in advance decide on 2 ip addresses that you can use one on each side to assign to the router and you will need to ensure that your internet router (in this example could be a netgear, buffalo,linksys whatever at is capable of adding a static route to its configuration.

NB these instructions presume the following networking configuration is present:

Residential Network:

IP address: 192.168.1.x




Host-Only Network:

IP address: 192.168.168.x



DNS: (provided by LAB Domain controller)

Vyatta default credentials:

Username: vyatta

Password: vyatta

Once you have the live cd booted within a vm you will need to install it by logging into the vyatta console through vmware workstation and typing “install image” then follow the default unix prompts to install the software. Once its installed you will need to reboot the vm without the ISO mounted.

Again once fully booted login to the console and firstly assign ip addresses to each interface by typing in the below (obviously substitute the example ip’s for your own):


set interfaces ethernet eth0 address

set interfaces ethernet eth1 address



The commit and save commands are very important commit makes the configuration “live” and save  saves it to disk if you do not type save on reboot any changes you’ve made will be lost. At this point you should be able to ping those x.x.x.254 address from their respective side of the network. If  pings fail confirm that you have assigned the ip’s to the correct arm of the router by typing in “ifconfig eth0″ note the mac address given and compare it with the virtual nics you’ve assigned to ensure the ip’s are assigned the correct way round.


Once you have performed a few ping tests its now time to get the routing going within the vyatta router you need to tell it where to direct traffic that is bound for a network not known to the vyatta. This the majority of the time will be your internet facing router ( in this example). So again from the vyatta command line type the following:



set protocols static route next-hop



Now you need to log onto your internet router and set up a static route to point to the 192.168.168.x range. You will need to consult your routers manual for the steps on how to do that but you will need to point it to the vyatta’s residential side IP address ( in this example).

At this point you should be able to do a ping test from the host only side to an IP address on the internet. Try pinging from your DC for example on the host only network with a bit of luck you should get a response and your work here is done. However if you do not get a response you will need to configure NAT masquarading by typing the following:



set service net rule 10 type masquerade

set service nat rule 10 source address

set service nat rule 10 outbound-interface eth1





NB you set the interface to masquerade the data from the host only network as it exits its opposite side of the router hence in this example eth1 has the ip address of

You should now after performing all these steps be able to happily route to the internet and back from the host only network and also rdp or what ever you need to do into the host only network from the residential side.


Author: Dale Scriven





Tagged with:

Leave a Reply

Set your Twitter account name in your settings to use the TwitterBar Section.
%d bloggers like this: