0

I am trying to setup the routing for a VM that is my firewall/dhcp server.

I have 3 VMs:

router/firewall (centOS) -> VM1

unRAID(unraid) -> VM2

download-server(ubuntu server) -> VM3

2 NICs

vmnic0 -> NIC1 (internetz)

vmnic1 -> NIC2 (internal LAN)

What I want:

VM1 to handle all traffic for NIC1 and NIC2. VM2/3 to use VM1 as DHCP server. I don't want VM2/3 Broadcasting anything over NIC1. I plan to have a physical switch plugged into NIC2 to add other computers to my LAN.

VSphere Networking Diagram

enter image description here

What do I need to change? I've spent time researching how I could do this, but I think there are some networking fundamentals that are currently beyond me.

user650271
  • 115
  • 1
  • 1
  • 6

1 Answers1

1

If you want vmnic0 to connect to the Internet and vmnic1 on your LAN then they should not be on the same vswitch.

Have vmnic0 connected to one vswitch containing an 'external' port group. Connect vmnic1 to another vswitch with an 'internal' port group.

The router VM should have an interface in both port groups as it will be routing traffic from the internal switch to the external. Create two interfaces in the VM settings and assign one to each port group.

The internal VMs (2 and 3) should only have an interface on the internal group, meaning that they need to go through the router VM to get out to the Internet.

At the moment you've connected the Internet and LAN into the same switch.

Edit: In addition you need to make sure the vmKernel port is on the vSwitch that is connected to you LAN so it may be easiest to create vSwitch1, move vmnic0 to that and add the 'external' port group to that switch and keep vSwitch0 just for your vmKernel management port and VM private network.

USD Matt
  • 5,381
  • 15
  • 23
  • Thanks for the reply! That makes complete sense. I now have it setup so that vmnic1 is on vswitch1 with port group id 18. vmnic1 is for the external connection. vmnic0 is on vswitch0 with port group id 17. vmnic0 is for the internal connection. VM2 and VM3 have interfaces connected to port group 17. VM1 has two interaces, 1 with port group 18 and one with port group 17. – user650271 Apr 08 '13 at 07:57
  • So one issue I am now seeing is that whenever I set the port group for an interace I lose connectivity to the external network. Once I reset to no port group id, things work. – user650271 Apr 08 '13 at 19:57
  • I'm not sure what you mean. Each port group has a name, and in your case I would suggest calling one "LAN" and one "Internet". That way when creating an interface it's clear which port group to add it to based on the name - either the LAN or the Internet. The only 'port group ID' I'm aware of is the VLAN ID, and you should not be using this - your VLAN ID fields should be blank. – USD Matt Apr 08 '13 at 20:57
  • Sorry for not being specific enough. I was talking about VLAN IDs. I originally set them. Once I cleared them, everything just worked. – user650271 Apr 15 '13 at 19:23