Little Snitch
in [UK Mac]
|
Prev: Can Pages in iWork '09 do tables of contents on Page Layout documents?
Next: Replies appearing as new threads. Was Re: So who's getting an iPad?
From: Daniel Cohen on 15 Feb 2010 02:45 David Empson <dempson(a)actrix.gen.nz> wrote: > Martin S Taylor <mst(a)hRyEpMnOoVtEiTsHm.cIo.uSk> wrote: > > > James: > > > > I took your advice and disabled UPnP. As you say, I'm capable of setting > > up port forwards on my own. (I think.) > > > > I'm still fascinated by the process vmnet-natd, though. According to > > Little Snitch It belongs to VMware Fusion, yet I haven't run this > > program in months, and I haven't run Skype since I last booted the > > computer. Yet vmnet-natd is still trying to call a wide range of IP > > addresses. > > > > Any thoughts? > > Well, not why it is doing that, but I can at least give you a little > background on what it does. > > VMware Fusion (and the other virtual machine solutions) have several ways > of interfacing the networking between the virtual and host machines. I > mainly use VMware (still on version 2) but I've had a brief look at > Parallels (4). > > VMware has three major modes of network operation for a virtual machine: > > - Share the Mac's network connection (NAT). Connect directly to the > - physical network (Bridged). Create a private network available only to > - the Mac (Host Only). > > The network functionality is implemented by a kernel extension installed > by VMware Fusion. It is running all the time. I expect vmware-natd is part > of this. > > I use Bridged mode. This results in the Virtual Machine appearing as if it > is a separate computer on the same local network as the Mac. This allows > the virtual machine to interact with a network of real Windows PCs, and > also effectively gives you two independent networked computers if you want > to test any networked software between the Mac and virtual PC. > > In NAT mode, I expect the Mac acts like a NAT router, so the virtual > machine is on an independent network and can only make outgoing > connections (I have no idea how you would set up inbound port mappings). > > VMware's kernel extension also sets up at least two additional network > interfaces seen by the Mac (these are called "vmnet1" and "vmnet8" on my > computer). They are invisible in System Preferences > Network but can be > seen via 'ifconfig' in Terminal. > > These networks have automatically created addresses in the 172.16 range > and appear to be active. > > These networks are used to communcate between the Mac and the virtual > machine. > Part of the issue, I think, is in the name vmnet-natD. AIUI, the d at the end suggests that the process is a daemon, and these usually run continuously, checking to see if they are needed. See <http://communities.vmware.com/thread/85143> for more info. -- <http://www.decohen.com> Send e-mail to the Reply-To address. Mail to the From address is never read.
From: Martin S Taylor on 18 Feb 2010 04:40 Daniel Cohen wrote > David Empson <dempson(a)actrix.gen.nz> wrote: > >> Martin S Taylor <mst(a)hRyEpMnOoVtEiTsHm.cIo.uSk> wrote: >> >>> James: >>> >>> I took your advice and disabled UPnP. As you say, I'm capable of setting >>> up port forwards on my own. (I think.) >>> >>> I'm still fascinated by the process vmnet-natd, though. According to >>> Little Snitch It belongs to VMware Fusion, yet I haven't run this >>> program in months, and I haven't run Skype since I last booted the >>> computer. Yet vmnet-natd is still trying to call a wide range of IP >>> addresses. >>> >>> Any thoughts? >> >> Well, not why it is doing that, but I can at least give you a little >> background on what it does. >> >> VMware Fusion (and the other virtual machine solutions) have several ways >> of interfacing the networking between the virtual and host machines. I >> mainly use VMware (still on version 2) but I've had a brief look at >> Parallels (4). >> >> VMware has three major modes of network operation for a virtual machine: >> >> - Share the Mac's network connection (NAT). Connect directly to the >> - physical network (Bridged). Create a private network available only to >> - the Mac (Host Only). >> >> The network functionality is implemented by a kernel extension installed >> by VMware Fusion. It is running all the time. I expect vmware-natd is part >> of this. >> >> I use Bridged mode. This results in the Virtual Machine appearing as if it >> is a separate computer on the same local network as the Mac. This allows >> the virtual machine to interact with a network of real Windows PCs, and >> also effectively gives you two independent networked computers if you want >> to test any networked software between the Mac and virtual PC. >> >> In NAT mode, I expect the Mac acts like a NAT router, so the virtual >> machine is on an independent network and can only make outgoing >> connections (I have no idea how you would set up inbound port mappings). >> >> VMware's kernel extension also sets up at least two additional network >> interfaces seen by the Mac (these are called "vmnet1" and "vmnet8" on my >> computer). They are invisible in System Preferences > Network but can be >> seen via 'ifconfig' in Terminal. >> >> These networks have automatically created addresses in the 172.16 range >> and appear to be active. >> >> These networks are used to communcate between the Mac and the virtual >> machine. >> > > Part of the issue, I think, is in the name vmnet-natD. AIUI, the d at > the end suggests that the process is a daemon, and these usually run > continuously, checking to see if they are needed. > > See <http://communities.vmware.com/thread/85143> for more info. > Okay, since it's doing stuff I don't really understand, but certainly don't need, can I turn it off (by force if necessary) without impairing VM's ability to emulate a PC? I emphatically don't need VM to do any networking. MST
From: Chris Ridd on 18 Feb 2010 05:13 On 2010-02-18 09:40:34 +0000, Martin S Taylor said: > Daniel Cohen wrote >> Part of the issue, I think, is in the name vmnet-natD. AIUI, the d at >> the end suggests that the process is a daemon, and these usually run >> continuously, checking to see if they are needed. >> >> See <http://communities.vmware.com/thread/85143> for more info. >> > > Okay, since it's doing stuff I don't really understand, but certainly don't > need, can I turn it off (by force if necessary) without impairing VM's > ability to emulate a PC? I emphatically don't need VM to do any networking. When you log in to your Mac, a VMware launchd job gets run called "/Library/Application Support/VMware Fusion/boot.sh". (With an argument of --start) Having a look at that script, it tries to start the vmnet daemons and if they fail to start, VMware itself will not run: ret=`"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet.pid` if [ "$ret" = "0" ]; then logger -s -t "VMware Fusion 215242" \ "Error: Unable to start the bridge daemons. Error: $?" exit 1 fi ret=`"$LIBDIR/vmnet-cli" --start` if [ "$ret" = "0" ]; then logger -s -t "VMware Fusion 215242" \ "Error: Unable to start the network daemons. Error: $?" exit 1 fi I think you're out of luck and the daemons *have* to run even if they end up not doing anything. (Which is slightly annoying; you could raise a bug with vmware and ask them to start them on-demand.) Why do you think they're harmful? -- Chris
From: David Empson on 18 Feb 2010 05:41
Martin S Taylor <mst(a)hRyEpMnOoVtEiTsHm.cIo.uSk> wrote: > Okay, since it's doing stuff I don't really understand, but certainly don't > need, can I turn it off (by force if necessary) without impairing VM's > ability to emulate a PC? I emphatically don't need VM to do any networking. I don't know if you can turn them off completely without causing problems for VMware Fusion, but you should be able to minimise what they are doing by changing the network configuration of your virtual machine(s). For VMware Fusion 2.x: 1. If your virtual machine(s) have saved state, open them and shut down the guest operating system. 2. In the VMware Fusion "Virtual Machine Library" window, repeat for each virtual machine: Click on Settings, then Network. Change the setting from "Share the Mac's network connection (NAT)" to "Create a private network available only to the Mac (Host Only)". This should stop VMware trying to do NAT, but will still allow communication between the guest operating system and the Mac. You could go one step further and experiment with unchecking the "Connected" option. I expect it will behave like the Ethernet cable is unplugged, but the guest OS will still see a network interface adapter so Windows won't throw a hissy fit about hardware changing. -- David Empson dempson(a)actrix.gen.nz |