ESXi using pfSense across multiple subnets

Want to do following:

Already have ESXi and pfSense installed. Properly? Unsure thats why I am here.

Want to use a group of Exposed Internet IP's:  ie 192.168.100. x

Want to NAT or use a Rule to match said Exposed IP 192.168.100. x to another Internal subnet 10.8.2.x

The result being outside world hits IP 192.168.100.x and it then matches to my server at 10.8.2.x and a application and client session is active.

Seemed simple but documentation seems to be running me in circles, as I don't understand it clearly.
AC_HawkAsked:
Who is Participating?
 
AC_HawkConnect With a Mentor Author Commented:
hanccocka Thank you for your reply but the answer was in the pfSense configuration. There was no .real need for additional vSwitch or vLAN on the ESXi side. However for my sanity I created an additional vLAN on my original vSwitch to hold the 10.8.2.x  VM's

What we really needed to do was inside pfSense. Everything was left wide open to assure connectivity. The ports will be filtered as necessary later.

pfSense is set to WAN = 192.168.100.x network  (Exposed outside world)
pfSense is set to LAN = 10.8.2.x network              (Internal Network)

pfSense required that we create virtual IP's , Fire Wall Rules for WAN and LAN, and of course NAT 1:1 settings.....

See attached files. Hope this helps the person too ...
VM-Network-Cut-Out.bmp
Fire-Rules-WAN.bmp
Fire-Rules-Lan.bmp
NAT1-1-2.bmp
Fire-Virt-IPs.bmp
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
The external network card which is attached to the pFsense needs to be connected to a vSwitch0, which has attached a physical network card on the host (vmnic0) to the 192.168.100.x network.

So requests will come into the VM via vmnic0, on the 192.168.100.x network.

You then require another NIC on the pFsense VM, which connects to another vSwitch1, which you can either connect back to another physical switch, or if all the VMs are internal, there is no requirement for an external (vmnic1) on that switch.

All VMs will connect to vSwitch1, via  Portgroup.
0
 
AC_HawkAuthor Commented:
pfSense needs to be configured further as this is a wide open no filtering solution, but it gets you statred...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.