{"id":4351,"date":"2014-09-17T10:54:02","date_gmt":"2014-09-17T14:54:02","guid":{"rendered":"http:\/\/chriscolotti.us\/?p=4351"},"modified":"2014-09-17T11:02:58","modified_gmt":"2014-09-17T15:02:58","slug":"how-to-give-a-vcloud-air-virtual-machine-internet-access","status":"publish","type":"post","link":"https:\/\/chriscolotti.us\/vmware\/vcloud\/how-to-give-a-vcloud-air-virtual-machine-internet-access\/","title":{"rendered":"How To Give A vCloud Air Virtual Machine Internet Access"},"content":{"rendered":"
<\/a><\/p>\n The most common initial task that I get asked for help on is connecting a newly deployed virtual machine in vCloud Air from the catalog to the internet so you can install other packages or update the operating system. \u00a0This post is probably long overdue considering the number of times I have explained the fairly simple process to people so finally I have taken a moment to explain it here. \u00a0This process will apply to both subscription and OnDemand provided in OnDemand you have purchased a public IP, where subscription accounts include them already.<\/p>\n <\/p>\n There is a few basic assumptions here. \u00a0First is that you have access to a subscription to vCloud Air, and that you know how to configure basic NAT and Firewall rules. \u00a0By design vCloud Air comes with a default routed network for every new customer and we will assume that is the one you are using for your connectivity. \u00a0This is easy because all default routed networks are deployed for s new customer with the same NAT P address range so it works for screen shots well. \u00a0Also by design there is NO firewall or NAT rules in the Edge Gateway and everything is allowed as you determine. \u00a0This is also a good thing, since there is no assumptions on what you as a consumer want to do. \u00a0We will also assume you have deployed your virtual machine and it’s been assigned an IP address it simply cannot get out to the internet yet.<\/p>\n In order to get a virtual machine to “see” the internet it’s composed of a minimum of three things<\/p>\n NOTE: All default routed networks use 192.168.109.0<\/strong><\/p>\n The difference is simple really. \u00a0The Source NAT rule just applies the outgoing NAT information to the packets exiting the firewall. \u00a0However, having the SNAT rule does not allow the traffic to be allowed out of the network, that’s the firewall rule. \u00a0So in effect if you do one and not the other, you still will not have internet access from your machine. \u00a0You have two ways to create these rules either in the vCloud Air interface or the vCloud Director Interface.<\/p>\n Although all default routed networks are deployed with a static IP pool range and machines will get an IP there is no DNS configured on the Organization network Properties. \u00a0You will need to check\/edit this using the manage advanced gateway settings to get you to the vCloud Director Interface. \u00a0Simply highlight and rick click the Default Routed network, and select Edit Properties<\/p>\n <\/a><\/p>\n <\/p>\n Here you can either check the option to use the gateway DNS, or better yet assign your own DNS servers. \u00a0Bear in mind if you have already deployed an AD server on the same network, you can use that here as well. \u00a0Another note is if machines are already deployed they will need to be shutdown and restarted to pick up this change since the setting is not DHCP it is part of the static IP setting. \u00a0This option is also used for DHCP on this network if you configure that in the Edge Gateway.<\/p>\n This is pretty simple. \u00a0All you need to do is click “Add On” and select Source Nat Rule<\/p>\n <\/a><\/p>\n You will need to enter the NAT source manually, and in this case I have entered the ENTIRE subnet range for 192.168.109.0\/24\/ \u00a0You will also see a\u00a0 drop down where you can see any Public IP addresses you have available to NAT externally on. \u00a0It really does not matter which one you use, you can use the same one for all your Source NAT rules if you like<\/p>\n <\/a><\/p>\n Once updated you can see here the Source Nat rule is in place. \u00a0It is okay that it is an ANY:ANY rule because you are still going to control any access into or out of the environment from the firewall rules. \u00a0If you did have more public IP addresses, you could do specific SNAT and DNAT rules to support 1:1 mappings but for this purpose I want to focus on just getting your new virtual machine on the internet.<\/p>\n\n
Ensuring DNS Configuration<\/h2>\n
Creating The NAT Rule<\/h2>\n