ESXi using pfSense across multiple subnets

Posted on 2012-08-22
Last Modified: 2012-08-28
Want to do following:

Already have ESXi and pfSense installed. Properly? Unsure thats why I am here.

Want to use a group of Exposed Internet IP's:  ie 192.168.100. x

Want to NAT or use a Rule to match said Exposed IP 192.168.100. x to another Internal subnet 10.8.2.x

The result being outside world hits IP 192.168.100.x and it then matches to my server at 10.8.2.x and a application and client session is active.

Seemed simple but documentation seems to be running me in circles, as I don't understand it clearly.
Question by:AC_Hawk
    LVL 116

    Assisted Solution

    by:Andrew Hancock (VMware vExpert / EE MVE)
    The external network card which is attached to the pFsense needs to be connected to a vSwitch0, which has attached a physical network card on the host (vmnic0) to the 192.168.100.x network.

    So requests will come into the VM via vmnic0, on the 192.168.100.x network.

    You then require another NIC on the pFsense VM, which connects to another vSwitch1, which you can either connect back to another physical switch, or if all the VMs are internal, there is no requirement for an external (vmnic1) on that switch.

    All VMs will connect to vSwitch1, via  Portgroup.

    Accepted Solution

    hanccocka Thank you for your reply but the answer was in the pfSense configuration. There was no .real need for additional vSwitch or vLAN on the ESXi side. However for my sanity I created an additional vLAN on my original vSwitch to hold the 10.8.2.x  VM's

    What we really needed to do was inside pfSense. Everything was left wide open to assure connectivity. The ports will be filtered as necessary later.

    pfSense is set to WAN = 192.168.100.x network  (Exposed outside world)
    pfSense is set to LAN = 10.8.2.x network              (Internal Network)

    pfSense required that we create virtual IP's , Fire Wall Rules for WAN and LAN, and of course NAT 1:1 settings.....

    See attached files. Hope this helps the person too ...

    Author Closing Comment

    pfSense needs to be configured further as this is a wide open no filtering solution, but it gets you statred...

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    In VMware vSphere 4 1 and 5.0, if you have two or more hosts, using shared storage, (SAN/NAS) you can create a VMware vSphere Cluster and enable High Availability mode (HA), if you have the correct VMware vSphere Licensing. VMware vSphere High Av…
    This Tutorial covers a very basic and common question asked on Experts Exchange, "How Do I Clone or Copy a virtual machine in VMware vSphere Hypervisor ESX/ESXi 4.x, ESXi 5.0?" Using the following method, no third party tools are required or need…
    Teach the user how to delpoy the vCenter Server Appliance and how to configure its network settings Deploy OVF: Open VM console and configure networking:
    Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now