1 Public IP 1 NIC ESXi to multipule VMs (with external access)
What you need to do is create 2 virtual switches. First one will be connected to a network interface with public IP and other one will be for internal use.
Connect pfSync to both, while all other VMs should be connected only to internal switch. Then set up NAT in pfSync.
But, problem is you only have 1 public IP at your disposal, and that IP should be transferred from VmWare to pfSync, while new MGMT ip should be set in the private network. Then you should set up port forwarding on pfSync so that you are still able to access VmWare.
But, if you try to do it without backdoor (eg. server ILO, DRAC or some similar remote access console software - or direct physical access - which you don't have for hosted server), you can easily end up without any access to either VmWare or pfSync. So, I wouldn't do it without backdoor.
On the other hand, I suggest you to use some other OS - which supports NAT and routing out of the box - as a native installation instead of VmWare ESXi.
In short: you are missing either physical/virt console access, or another IP to set this up properly and safely.
Related videos on Youtube
12 : 03
17 : 07
03 : 28
01 : 56
01 : 14
Comments
-
Lero almost 2 years
So I have purchased a Server from https://www.kimsufi.com/fr/index.xml, KS-5A to be exact.
Kimsufi only give you 1 Public IP address and 1 NIC to work with, and you cannot purchase more.
I have installed ESXi to the Server and I am attempting to setup about 5-6 Virtual machine that I wish to connect to the internet.
As far as I understand ESXi doesn't do routing, so I installed Pfsense to a VM to do the routing for me and giving me a LAN to work with.
My pfsense currently cannot communicate with the Management Network(Public IP), during setup I did. em0(WAN) then em1(LAN) and I didn't get any IP address assigned to the WAN interface but I did however get 192.168.1.1 to the LAN allowing me to access the router via web GUI on the Windows 7 Machine.
How can I setup the network so I can pass a connection through the ESXi Host to the Pfsense router to then manage the internal LAN for the Virtual machines to connect outside.
I am not bothered by firewalls and security. All that matters is the virtual machines being able to connect to the internet without interfering with each other.
Other methods where Pfsense is not needed and still allow the virtual machines to connect to the internet without having more than 1 Public IP address I am open to.
I have been trying to work this out for weeks, Thanks in advanced.
-
Tero Kilkanen over 9 yearsYour VMWare ESXi needs to support NAT from the management IP to the private VM network. From what I read after short googling, ESXi doesn't provide NAT, so this cannot be done with VMWare. This can be done with XEN / KVM / LXC.
-
Michael Hampton about 9 yearsYou could always use the IPv6 /64 block you're assigned with your server... if Britain's ISPs weren't about 10 years behind in getting IPv6 to their customers! Also, your image has gone missing. -
Lero about 9 yearsKimsufi doesn't give you an IPv6 IP range as far as I know. I have however moved onto a different host which allowed me to do this now with more IPv4 address that I could assign. And I had removed my image from my Imgur account by accident, can't get it back, I could "paint" another one.
-
-
Lero over 9 yearsi.imgur.com/wjRSuvY.png i.imgur.com/iolFjng.png i.imgur.com/XPrRbL4.png Are all the OS I have available. I had used Proxmox and managed to bridge the connect to have internet but it doesn't offer 3d Support. That's why I went with ESXi. Any of those that will do NAT and 3d support without having to pay for a license I will gladly change to.
-
Clément Perroud over 9 yearsInteresting that I got downvoted for this answer, could somebody explain to me what did I write wrong? I'm eager to learn if I'm mistaken.
-
Lero over 9 yearsI currently don't have enough rep to downvote. I agree with your answer just wondering if you have any say on my comment to your answer. Then I could accept it.
-
Clément Perroud over 9 yearsWhat is 3d support ? PS. from that list - citrix XenServer is as close to ESXi as possible, and since it's the linux under the hood, I guess some kind of NAT would be possible to hack into it. Offcourse you will need the knowledge of Linux routing (iptables, ip route, ip rule) to do it correctly.
-
Lero over 9 years3D Support is, giving the virtual machine support to "Long story short" play games, it gives you the capability to run software that requires 3D acceleration. ESXi has an option to enable 3d support which is why I used it. Proxmox does not. And Citrix XenServer, I had used briefly allows you to do GPU pass-though, which for me doesn't work because of lack of GPU in the Server I am renting.
