VMWare Workstation Router/Firewall
-
I have a single machine which is remotely hosted. It is allowed 1 IP address. The machine is Windows Server 2008 R2. On this machine I have WMWare Workstation 11 installed and several Virtual Machines running via NAT for an internal network. One is a domain controller the other are various flavors of Windows.
I was thinking about creating a pfSense VM that would get it's internet via the Host using NAT and connect my virtual machines to this. However I am curious if that would give me any benefits and also I am wondering how the host would then see the VM's?
-
What you are trying to do is common for people setting up a network lab. That said, I hope you still have some kind of firewall (preferably pfSense on a small PC or Type 1 hypervisor) between your Windows server and the Internet.
You will want to switch your virtualized pfSense WAN interface from NAT to Bridged. All of the VMs that will be on the pfSense LAN need to be changed from NAT to a custom network like VMnet2. All of your LAN-based VMs also need to be on VMnet2. Set your WAN to not ignore private address space by unchecking (Interfaces - WAN - Private networks - Block private networks.)
In this configuration, your host will see the pfSense WAN but nothing else unless you port forward it.
-
Doesn't Bridged mean the pfSense will try to get an IP from the same network the Host machine is on? I only have the ability to have 1 IP.
-
Bridged means the VM will act as a regular network client and not use the host for NAT. I think I misunderstood your request.
I generally do not think it's good practice to put a firewall on a Type 2 hypervisor. You basically have a Windows server connected directly to the Internet. This has gotten better with Server 2012 and Hyper-V form what I have read, but that's not what you're doing.
Perhaps if you explain what your end-goal is, we can better advise you.
-
Yeah let me explain. Maybe I don't even need the router.
I have a Windows 2008 R2 server running VMWare Workstation. I have a VM running through NAT which is a Domain Controller. I have several other VM's that are connected via NAT and are joined to the DC.
My Windows host cannot seem to find the domain to join. My hope was that if I could somehow setup a router VM I would be able to join my host machine to the domain virtual machine.
-
Just switch the DC's NIC from NAT mode to Bridged and you should be able to see it on the network.
-
I was able to get my networking working and the host can join the domain. I assume using the built in NAT from VMWare is enough and a firewall would not really benefit me any for this type of internal private network. Thanks for the help.
