Parallels® Network Sharing
Guest to Host and Host to Guest
Using Bridged Connections
The problem:

Parallels is great but it lacks a good guest to host and vice versa file sharing mechanism.  Furthermore, there are a number of issues getting the guest to see the host and the rest of the world at the same time when your computer is mobile like a traveling consultant's laptop might be.  Try as we might, we found that none of the myriad of solutions worked for us and solved these fundamental requirements:

  1. A Windows XP (or 2000) guest OS must be able to map to a fixed drive letter in the host.
  2. The guest should be able to access the local network resources and the internet.
  3. The guest should be able to form a VPN connection (Cisco in particular) without disrupting the host connectivity.
  4. The guest OS should be secure (e.g., run a firewall, anti-virus, etc.).
  5. The guest OS must be able to serve up various services (e.g., MySQL database, Oracle database, etc.).
  6. The host should be able to access the available services from the host but not the entire world.
  7. The host OS should protect itself and the guest OS from outside file or service access.
  8. The solution should work on any network at any location where the guest OS can register it's DNS name.
  9. The solution should work on any network at any location even if the host OS cannot register it's DNS name.
  10. The solution must be able to work using DHCP assigned IP addresses without reconfiguration.
  11. The solution should not require a degree in Unix administration, in fact, it should be all GUI.
  12. The solution should not require any hacking of the host OS or host configuration files.
 
General Concept:

There are several key objectives we are attempting to complete.  Many others have accomplished these same tasks using other methods but this combination works for the problem statement and intended goals above.

Note: In this whitepaper, the host operating system, Mac OS X, will be simply be called OSX, and the guest OS, Microsoft Windows XP, will be simply be called XP.

Here's a quick rundown of what we need to setup:

  • We need to configure the OSX firewall to allow SMB sharing to the guest but without the world seeing it.
  • We need to configure Apple's Bonjour so we can address the guest and host by name rather than IP (which can change).
  • We need to let XP reach through the firewall using Bonjour so it can find OSX.
  • We need to configure XP to map our OSX files to a particular drive.
 
Getting Started

What additional software you will need*:
Apple's Bonjour for Windows 1.3+ (this will solve the name resolution)
Flying Buttress (formerly Brickhouse) 1.4+(this will allow for advanced firewall configurations)
SharePoints 3.5.4+(this will help with the Mac sharing setup)

What should already be setup*:
Parallels 2.1 GA release
Windows XP SP2+
Mac OS X 10.4.7

First, obtain all of the above software, perform a basic install of each following their included instructions, and reboot the Mac. Then continue on below.

* These versions have been verified to work however, other versions may also work.
 
The Solution

With everything installed let's begin. Our order of tasks will be, configure the OSX firewall, startup and configure the sharing services in OSX, configure the XP firewall, and map a drive in XP.  For this example, the host OS' host name will be 'macbook-pro-17' and the guest OS' host name will be 'macbook-pro-xp'.

Step 1
OSX Firewall Configuration

Start by running Flying Buttress.  If you connect to the network via Ethernet and Airport (or alternate between them) we will need to create multiple rule sets.  In addition, if you had already configured your firewall using the built in firewall controls, you may need to add those entries here.  Refer to the Flying Buttress docs and support sites for more information on the latter.  For this example, we are simply trying to share SMB in a relatively secure manner.  With that aside, start by adding two firewall rules:

Click Add Filter and enter the following:

fwsetup1


Add another filter, but this time choose Custom Service and type in the name 'Bonjour (UDP)'.

fwsetup2

You should now have these two rules in your setup:

If you use the wired Ethernet adapter, repeat these steps on that tab as well.

At this point, your firewall is configured.

Step 2
Turn on SMB sharing

Nothing fancy here, just use the Sharing preference and toggle on the Windows Sharing option as shown.

sharing1

Step 3
Configure the XP firewall

If the entry for Bonjour is not already in the firewall, it will need to be added.

1) Begin by opening up the firewall configuration in XP.  This can be found either through Start -> Control Panel -> Network and Internet Connections -> Windows Firewall (in category view) or simply Start -> Control Panel -> Windows Firewall (in classic view).

control1

2) Click the Exceptions tab and see if Bonjour is in the list.  If not, click 'Add Program' and browse to and select 'C:\Program Files\Bonjour\mDNSResponder.exe' (assuming the default install path).  While you are there, click the 'Change Scope' button and select the 'My Network (subnet) only' radio button.  This will then only allow the bonjour traffic to the local network you happen to be on which is more than enough for our purpose.

bonjour1

bonjour2

You should now see something like the following (ignore the other ones in the displayed list - you may or may not have some of them):

fwexception1

If you want to share from XP to OSX, then enable the File and Printer Sharing also but again, change the scope to the local network to minimize the exposure.

Step 4
Map the OSX drive in XP

At this point it is possible to map to our home folder (the default share in OSX) but for this example let's map to a separate share in OSX.

1) To begin, create a new 'test' share using SharePoints (System Preferences -> SharePoint).  You should end up with something similar to the following:

sharepoint1

In this example, a Temporary directory was created inside the user's home directory - feel free to use any other directory but keep the share name as 'test' so the rest of these instructions make sense.

2) Back in XP, open any folder and choose 'Tools -> Map Network Drive...' then pick a drive letter (O in the example) and enter the bonjour name for the resource: '\\' followed by the bonjour host name, 'macbook-pro-17.local', followed by the share name '\test'.  Or browse for the local name and select the test share found there.

drivemap1

drivemap2

Click okay and you are now connected.

 
 
Conclusion:

At this point you are done, the XP side can see the OSX side, and only the XP host is allowed to use SMB for that purpose. Furthermore, XP can offer services and the OSX side can use them and, unlike host-only networking, the XP side still has complete and independent network access.

This is not bulletproof however.  For one thing, we still need a DNS or the OSX side will not be able to resolve the XP host name used in the firewall mapping in OSX.  In addition, the OSX side is reliant upon that host name for the Firewall rule and if the host name is spoofed, the firewall will allow the traffic.  Only the Windows authentication would stand in the way then which is no different than no firewall at all.

As pointed out by others, if Parallels would only allow for multiple adapters, we could solve the problem by using the host only option for host to host file transfers and the bridged ethernet option for all other needs. Parallels Shared Folders (PSF) is meant for this purpose, obviously, but still has numerous issues at the time of this writing.

While this may not solve all needs, it is another way to provide guest to host services and file integration whilst overcoming the issues named at the beginning of the white paper.  Feel free to expand on this and offer suggestions for improvements on the Parallels forum.

 

8-10-2006 Created.


Portions Copyright©2005-2006, Microsoft Corporation, Parallels Inc.