[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1553
  • Last Modified:

ESXi using pfSense across multiple subnets

Want to do following:

Already have ESXi and pfSense installed. Properly? Unsure thats why I am here.

Want to use a group of Exposed Internet IP's:  ie 192.168.100. x

Want to NAT or use a Rule to match said Exposed IP 192.168.100. x to another Internal subnet 10.8.2.x

The result being outside world hits IP 192.168.100.x and it then matches to my server at 10.8.2.x and a application and client session is active.

Seemed simple but documentation seems to be running me in circles, as I don't understand it clearly.
0
AC_Hawk
Asked:
AC_Hawk
  • 2
2 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The external network card which is attached to the pFsense needs to be connected to a vSwitch0, which has attached a physical network card on the host (vmnic0) to the 192.168.100.x network.

So requests will come into the VM via vmnic0, on the 192.168.100.x network.

You then require another NIC on the pFsense VM, which connects to another vSwitch1, which you can either connect back to another physical switch, or if all the VMs are internal, there is no requirement for an external (vmnic1) on that switch.

All VMs will connect to vSwitch1, via  Portgroup.
0
 
AC_HawkAuthor Commented:
hanccocka Thank you for your reply but the answer was in the pfSense configuration. There was no .real need for additional vSwitch or vLAN on the ESXi side. However for my sanity I created an additional vLAN on my original vSwitch to hold the 10.8.2.x  VM's

What we really needed to do was inside pfSense. Everything was left wide open to assure connectivity. The ports will be filtered as necessary later.

pfSense is set to WAN = 192.168.100.x network  (Exposed outside world)
pfSense is set to LAN = 10.8.2.x network              (Internal Network)

pfSense required that we create virtual IP's , Fire Wall Rules for WAN and LAN, and of course NAT 1:1 settings.....

See attached files. Hope this helps the person too ...
VM-Network-Cut-Out.bmp
Fire-Rules-WAN.bmp
Fire-Rules-Lan.bmp
NAT1-1-2.bmp
Fire-Virt-IPs.bmp
0
 
AC_HawkAuthor Commented:
pfSense needs to be configured further as this is a wide open no filtering solution, but it gets you statred...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now