Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense, VmWare ESXi and Virtual IPs

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    4
    4
    6.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mzuc
      last edited by

      Hi guys,
      I have a problem while setting up a firewall for my virtual infrastructure:

      I bought a dedicated server from my provider, who gave me 4 ips (the first is set on physical server's interface, then I have 3 more IPs to use with my virtual machines). I installed ESXi 4.0 on my server and then created a Virtual Machine using pfSense virtual appliance with 1 virtual network card. Then I set a custom MAC Address on this card as my ISP said (they gave me a tool to generate VmWare-style mac addresses and link each one of them to a single ip).

      The problem is that I want to assign all of these IPs to a single VmWare network card (that will be pfSense's WAN interface) in order to NAT them to other virtual machines following my needs. I tried to add them as additional ips (Virtual Ips) to my WAN interface but it doesn't work.

      The only ip that works is the one that I set as "PRIMARY" on my WAN interface (after linking it to that virtual mac address that ISP generated for me).

      Have you ever faced a problem like this?
      How can I solve?

      Thank you

      1 Reply Last reply Reply Quote 0
      • B
        bb-mitch
        last edited by

        You may be seeing something similar to a problem I had - there was a promiscuous setting on the vmware network segment that had to be enabled - otherwise the guest OS could not add or change it's addresses.
        I could look for the setting if you can't find it but hopefully that helps?

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          If you use promiscuous mode, it just turns the virtual switch into a hub….thereby distributing all traffic to all ip's connected on that physical interface.

          If you have 4 ip's, VLAN them instead....Then you seperate them at the virtual switch an can use them for other machines.

          @bb-mitch:

          You may be seeing something similar to a problem I had - there was a promiscuous setting on the vmware network segment that had to be enabled - otherwise the guest OS could not add or change it's addresses.
          I could look for the setting if you can't find it but hopefully that helps?

          1 Reply Last reply Reply Quote 0
          • O
            overand
            last edited by

            I'm not sure that what SuperMule is suggesting makes sense in this situation.

            This is where I'd suggest you start.

            In the VMWare VIC (virtual infrastructure client):

            On the HOST:

            Configuration - Networking

            Get 'properties' on the switch associated with these IP addresses.  Then, clicn on the vSwitch, and click "Edit"

            Under "Securty" - set all three (Promiscuous Mode, MAC Address Changes, Forged Transmits) to "Accept"

            PLEASE NOTE that this has security implications!  You may want to be more specific in how you configure this, etc.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post