Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple ip addresses ESXi

    Scheduled Pinned Locked Moved Routing and Multi WAN
    29 Posts 4 Posters 15.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kejianshi
      last edited by

      I don't see why you couldn't do this.

      1 Reply Last reply Reply Quote 0
      • K Offline
        kathampy
        last edited by

        Why can't you just declare both public IP addresses on pfSense. You only need one WAN interface. Use one IP address on the WAN interface directly and add the other IP address as a virtual IP alias. Then you can 1:1 NAT the second one to Server X. In the WAN interface firewall rules you can check that destination IP address matches the virtual IP address (instead of interface address by default) to identify traffic destined for Server X.

        1 Reply Last reply Reply Quote 0
        • R Offline
          razer0r
          last edited by

          @KurianOfBorg:

          Why can't you just declare both public IP addresses on pfSense. You only need one WAN interface. Use one IP address on the WAN interface directly and add the other IP address as a virtual IP alias. Then you can 1:1 NAT the second one to Server X. In the WAN interface firewall rules you can check that destination IP address matches the virtual IP address (instead of interface address by default) to identify traffic destined for Server X.

          is the IP of "Server X" still the external IP?

          1 Reply Last reply Reply Quote 0
          • K Offline
            kathampy
            last edited by

            The firewall rules must check for the external IP only on the WAN interface.

            1 Reply Last reply Reply Quote 0
            • R Offline
              razer0r
              last edited by

              The server requires an external IP address due to licencing stuff.

              Should have put in that kind of information in the first post :)

              1 Reply Last reply Reply Quote 0
              • K Offline
                kathampy
                last edited by

                @razer0r:

                The server requires an external IP address due to licencing stuff.

                Should have put in that kind of information in the first post :)

                Then you'll have to use bridging and use pfSense as a transparent firewall for Server X. You should probably put Server X on a dedicated OPT interface on pfSense and bridge it to WAN (I'm assuming your WAN is just Ethernet and you can simply assign a public IP to any device plugged into that switch). Then in the firewall rules for OPT only allow traffic from Server X's public IP to *. This will prevent Server X from simply using any public IP it wants.

                This essentially makes the OPT network a DMZ.

                1 Reply Last reply Reply Quote 0
                • K Offline
                  kejianshi
                  last edited by

                  I'm currently working on a 5 WAN IP setup assigned by DHCP to a pfsense VM running in ESXi over 5 virtual interfaces.  The IPs arrive scattered here and there, not in a single block and they all seem to use a single gateway.

                  Its painful.  Seems it should work logically, but it doesn't.

                  You also can not bridge to the network and grab a /27 or /29 or /30 or anything like that…  That would be way too easy.

                  They are assigned by DHCP.  Period.  One single Gateway (that only seems to work with one IP).  Period.

                  Headache...  Pistol in mouth :P

                  To make things more fun I can add IPs one through 4 no problem.  On the 5th one, it locks up.

                  (Not asking any particular help...  Just venting)  I'm going to try 2.1 now...

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    razer0r
                    last edited by

                    exactly…

                    I'm requesting IP's one by one (whenever I need one, i'll order an additional one...)

                    Here is my vswitching config from the esxi host.
                    So: on the WAN Port group more machines might get added (with or without the same PFSense Firewall...)

                    (I already know one customer who will want his own firewall, probably iptables based script (APF or Arno IPTables script)...
                    But the Directadmin Machine needs it's own IP address so, bridged mode it shall be...
                    only, if I add a new server, do I need an additional network device on pfsense as well?

                    LAN_esxi.PNG
                    LAN_esxi.PNG_thumb

                    1 Reply Last reply Reply Quote 0
                    • K Offline
                      kathampy
                      last edited by

                      @razer0r:

                      But the Directadmin Machine needs it's own IP address so, bridged mode it shall be…
                      only, if I add a new server, do I need an additional network device on pfsense as well?

                      If the servers need to talk to each other and your public IP address are in the same subnet then they must be on the same vSwitch/vLAN. A single OPT interface can be bridged to it.

                      1 Reply Last reply Reply Quote 0
                      • K Offline
                        kejianshi
                        last edited by

                        Multi-WAN (many) with DHCP using a single Gateway is now working under ESXi.

                        I still had to tell pretty lies to my gateway monitors but everything works perfectly under 2.1RC (For the moment)  Tic tic tic…

                        It was beyond fixing on 2.03.

                        No more hair pulling for me today.

                        1 Reply Last reply Reply Quote 0
                        • R Offline
                          razer0r
                          last edited by

                          So what do I actualy need to do?

                          the WAN ip 's are all have a seperate MAC address as well..
                          (kinda losing it in too much information :p)
                          can someone just tell me how to set this up (more or less, don't realy need every little detail) ;)

                          1 Reply Last reply Reply Quote 0
                          • K Offline
                            kathampy
                            last edited by

                            First explain clearly what kind of Internet connection you have. How do you connect multiple physical computers directly to the Internet with public IP addresses?

                            1 Reply Last reply Reply Quote 0
                            • R Offline
                              razer0r
                              last edited by

                              Oke

                              This is what it is all about.
                              The internet connection is a connection in a DC.

                              They provide ip's based on MAC addresses: so

                              here goes complete configuration:

                              IP1 : PFsense (MAC 1)
                              IP2 : Directadmin server (needs an external ip) (MAC 2)
                              IP3 : Seperate server wich needs an externel ip as well (but needs it's own firewall ) (MAC 3)

                              IP 4,5,6 etc might be needed in the future, but aren't at the moment.

                              All I want is to be able to use the PFSense firewall for IP1 and IP2.

                              PFSense is used as gateway for some internal traffic arriving from a vSwitch connected to the LAN port of the PFSense.

                              That's basicly it…

                              1 Reply Last reply Reply Quote 0
                              • K Offline
                                kathampy
                                last edited by

                                That doesn't explain what kind of connection it is and what the connection procedure is. Forget about pfSense completely.

                                What kind of Internet cable is it? If you plug it staight into a laptop, how do you configure the laptop to browse the Internet? Is the Internet cable plugged into a switch? If you have multiple laptops plugged into the same switch, how do you get Internet on all of them?

                                1 Reply Last reply Reply Quote 0
                                • R Offline
                                  razer0r
                                  last edited by

                                  The internet connection is 1 physical connection, from a switch to a server.

                                  In the server (ESXi) configuration I use a vSwitch to connect several virtual interfaces to this vSwitch to obtain their IP.

                                  because the virtual switch you cannot hang any physical device on that switch, but virtual machines are connected to this vSwitch and can therefor obtain their IP from the Internet Provider

                                  1 Reply Last reply Reply Quote 0
                                  • K Offline
                                    kathampy
                                    last edited by

                                    You still haven't explained how you connect to the Internet. Plug the Internet cable directly into a laptop and explain every step on how to get Internet on the laptop.

                                    1 Reply Last reply Reply Quote 0
                                    • R Offline
                                      razer0r
                                      last edited by

                                      this is a direct RJ45 Ethernet Cable! probably connected to a routed network cisco switch…

                                      1 Reply Last reply Reply Quote 0
                                      • K Offline
                                        kathampy
                                        last edited by

                                        Why can you not answer a simple question? How do you set up an Internet connection on a laptop directly connected to this cable? Explain every step.

                                        1 Reply Last reply Reply Quote 0
                                        • R Offline
                                          razer0r
                                          last edited by

                                          plug in cable, tell ISP the MAC address, receive dhcp lease with correct info

                                          done

                                          1 Reply Last reply Reply Quote 0
                                          • D Offline
                                            doktornotor Banned
                                            last edited by

                                            @razer0r:

                                            probably

                                            You're serious? Going upstairs to have a look would be too much effort?  ::)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.