2

I have a dedicated server which came with ESXI 6.5 pre-installed. There is just one IP dedicated to this, the management IP: 62.121.90.xx/27 from where I can log to ESXI. This instance had just one NIC installed at this IP. No NAT. I asked from my hosting provider to issue me a second IP which is of 83.159.147.XXX/26. What I want to do is the following: pfSense with two network interfaces one WAN where I can connect the internet and the second one I would like to use internally for NAT with other VMs.

I have created the following as in the picture: vSwitch configuration

Problem is that when I assign the new IP (83.159.147.XXX) to the WAN interface of pfSense I am not able to reach internet.

Flimzy
  • 2,454
  • 18
  • 26
Andy
  • 59
  • 4
  • Did they Route the new IP range or is it a secondary layer 3 interface on the same vlan. I'm not sure why you need a new subnet, /27 has 16 addresses. – Jacob Evans Mar 31 '18 at 14:37
  • Hello Jacob. You can find some more network info here: https://image.ibb.co/engJaS/network.png – Andy Mar 31 '18 at 17:15
  • Irrelevant information – Jacob Evans Mar 31 '18 at 18:41
  • Let's forget about the second IP for a moment and assume the following:I received the ESXI 6.5 with the management IP: 62.121.90.xx By default this IP is assigned to vmnic1 which also hast vSwitch0 attached with the following ports: VMkernel Port - Management Network with vmk0: 62.121.90.xx I would like to create one VM within this ESXI and be able to reach the internet. What network adapter do I select? Do I have to create a new one? After that, since there is no DHCP and ESXI does not support NAT what IP do I assign to this new machine to be able to route properly and reach out? Thanks – Andy Mar 31 '18 at 19:58
  • Your vswitch configuration looks fine, just assign another IP in the same subnet as the vhost. – Jacob Evans Apr 01 '18 at 19:14

1 Answers1

0

You need a single vSwitch with two port groups, LAN and WAN.

The WAN port group you connect to the physical NIC, the pfSense WAN side and (if need be) the Management Network. The Management Network and the pfSense guest require one IP address each.

The LAN port group you connect to the pfSense LAN side and your VMs as internal interface - do not connect to the physical NIC without VLAN tagging.

If you need physical devices on the LAN port group you'll need VLAN tagging on the physical NIC and its switch port.

If you never ever need physical devices on the LAN side you can also use two distinct vSwitches but there's little point in that. Two vSwitches cannot share a single physical NIC, so two VLANs with tagging won't work.

On side note, 62.121.90.xx/27 and 83.159.147.XXX/26 sound more like subnets instead of single IP addresses. A single IP address for the host and the guests doesn't make too much sense.

Zac67
  • 10,320
  • 2
  • 12
  • 32