No internet access, but webgui works
-
@KOM:
I'm getting confused. Your XP PC was on LAN, I thought, since that is the one that can't resolve IP addresses. Maybe you could draw me a simple network diagram to show what is connected where?
Okay, im not great at these things, i'll attach photo too.
-
If I'm understanding this diagram, you have your WinXP box plugged directly into your ESXi hosts's network port? That won't work.
-
@KOM:
If I'm understanding this diagram, you have your WinXP box plugged directly into your ESXi hosts's network port? That won't work.
Well, but I can access esxi management and pfSense from it. That problem with dns, that we are having here
-
Unless the cable you're using is a crossover cable, it shouldn't work at all and I don't understand why it's working as much as it is. Do you have access to another switch or hub that you could put between ESXi and WinXP? Otherwise I'm out of ideas.
-
Ok I am completely confused here.. You have pfsense running as vm on esxi host, that is how I read your first post.
But in your drawing it sure looks like its outside your host. Please post up your vswitch configuration. I have been running pfsense on esxi for years and its really straight forward. And yes you can run your vmkern on any network you want.
How many nics does your esxi host have? What version is? Since current pfsense is not really supported until its at min 5.5u2
See example of my vswitches.
have to run, so this is cut short please post up a screenshot of your vswitch and how they are connected to the physical world.
-
He posted that here:
https://forum.pfsense.org/index.php?topic=107735.msg600202#msg600202
His diagram is meant to show pfSense as a VM inside ESXi.
Thanks for chiming in. I appreciate another set of eyes with this one as there may have been something I've missed. I'm helping a few other ppl and it's busy at work today so my head is spinning a bit.
-
Ok that makes sense, other than he has his win7 vm in both his wan and lan switch?
And the physical nic vmnic2 is not connected, and don't show any vms on the this opt network..
And in that same pic of showing the pfsense console em0 or his wan has no IP listed. How exactly is this XP box being connected?? And he shows in that drawing his router/switch is I take it is old wifi router being used as AP is connected to opt, but clearly that is not the case since in his vswitch pic nothing is connected to opt.
This is really pretty basic stuff.. Here I drew it up, don't see why the win7 box is connected to both wan and lan.. Makes NO Sense at all!!!
And don't understand how connecting this XP machine - really needs to be another switch involved if just using some wifi router as AP that most likely has no vlan support, etc.
Is this how your connected? Other than your win7 machine most likely causing you problems getting an IP from your ISP.. this is all straight forward.
Pfsense gets wan IP from your isp. You have 2 networks on lan and opt, 192.168.1.0/24 and 192.168.2.0/24 – all devices point to pfsense for gateway and dns via dhcp they get from pfsense. Your done.. So what is not working exactly?? I tried to follow the thread but it was all over the place!! So lets start from a clean slate.. Validate this is how your setup, what your pfsense wan IP is - and remove that win7 vm from your wan vswitch.
-
Ok that makes sense, other than he has his win7 vm in both his wan and lan switch?
And the physical nic vmnic2 is not connected, and don't show any vms on the this opt network..
And in that same pic of showing the pfsense console em0 or his wan has no IP listed. How exactly is this XP box being connected?? And he shows in that drawing his router/switch is I take it is old wifi router being used as AP is connected to opt, but clearly that is not the case since in his vswitch pic nothing is connected to opt.
This is really pretty basic stuff.. Here I drew it up, don't see why the win7 box is connected to both wan and lan.. Makes NO Sense at all!!!
And don't understand how connecting this XP machine - really needs to be another switch involved if just using some wifi router as AP that most likely has no vlan support, etc.
Is this how your connected? Other than your win7 machine most likely causing you problems getting an IP from your ISP.. this is all straight forward.
Pfsense gets wan IP from your isp. You have 2 networks on lan and opt, 192.168.1.0/24 and 192.168.2.0/24 – all devices point to pfsense for gateway and dns via dhcp they get from pfsense. Your done.. So what is not working exactly?? I tried to follow the thread but it was all over the place!! So lets start from a clean slate.. Validate this is how your setup, what your pfsense wan IP is - and remove that win7 vm from your wan vswitch.
That was bit older photos, here it is new one. Problem not with win7, just saying, that my OPT1 goes to old router as AP for wi-fi and few more ports. The problem is windows xp don't have internet access, it is connected trough pfSense, but management network is connected trough that port too. My xp machine has 100mb/s network so don't say it's not gigabit.
Screenshot 2, is my router AP. (Just to say so)
-
how are you connecting XP to the esxi nic that is your LAN?? Is there a switch between?
Do you get an IP via dhcp, can you ping pfsense? Your say opt is working just fine?
Does not freaking matter that your vmkern is port group on same vswitch.. So if opt is working fine, lets see the rules on your lan interface of pfsense and the ipconfig /all of your xp machine when connected.. And can he ping pfsense IP in the opt network?? 192.168.2.1 ???
What network is working your LAN or OPT, and which is 192.168.1.0/24 and which is 192.168.2.0/24?
Also to that 100 full vs gig… Is that interface actually gig and just negotiated to 100 because of your xp machine?? You do understand that unless atleast 1 side is gig, your not going to to do autocross, and your going to have issues without using a crossover cable or switch.
Also that wan router your using as AP -- you have that all F'd up -- your saying stuff is working there?? Your NATTING on it... it has a wan IP of 192.168.2 while its clients are 192.168.1.x -- Where is that wan interface connected to on pfsense?? All those clients are getting dhcp from your wifi router, and pointing to it for dns/gateway which your thinking is your pfsense because pfsense also has 192.168.1 address.
That is a messed up setup. If you want to use your wifi router as AP, then turn off its dhcp, give its lan IP an IP on your network your going to connect it too and connect it to your network via one of its LAN ports..
See attached how it would be your typical setup..
-
how are you connecting XP to the esxi nic that is your LAN?? Is there a switch between?
Do you get an IP via dhcp, can you ping pfsense? Your say opt is working just fine?
Does not freaking matter that your vmkern is port group on same vswitch.. So if opt is working fine, lets see the rules on your lan interface of pfsense and the ipconfig /all of your xp machine when connected.. And can he ping pfsense IP in the opt network?? 192.168.2.1 ???
What network is working your LAN or OPT, and which is 192.168.1.0/24 and which is 192.168.2.0/24?
Also to that 100 full vs gig… Is that interface actually gig and just negotiated to 100 because of your xp machine?? You do understand that unless atleast 1 side is gig, your not going to to do autocross, and your going to have issues without using a crossover cable or switch.
Also that wan router your using as AP -- you have that all F'd up -- your saying stuff is working there?? Your NATTING on it... it has a wan IP of 192.168.2 while its clients are 192.168.1.x -- Where is that wan interface connected to on pfsense?? All those clients are getting dhcp from your wifi router, and pointing to it for dns/gateway which your thinking is your pfsense because pfsense also has 192.168.1 address.
That is a messed up setup. If you want to use your wifi router as AP, then turn off its dhcp, give its lan IP an IP on your network your going to connect it too and connect it to your network via one of its LAN ports..
Okay, so much info, thanks.
First of all, all websites works if I type their IP not FQDN, yes pfSense works just fine. That interface is 10/100/1000 mbit, xp is just old and capable of running at 100mbit only. Okay, about my AP it works just fine, we will fix it later, now im focusing with my LAN which is windows xp machine, that don't have internet connection.
Problem is: I CAN'T access ESXi from my wan let's say 99.99.99.99 and enter root, etc. It don't work, so I have to use windows xp machine, which would be good to have internet connection on it too.
-
Why would you want to access esxi from WAN?? And did you create a port forward for your vmkern?? Are you trying it from outside your network?
Lets get it straight what is what and what is not working… Your wifi router is WRONG setup.. So clients connected to it would ask it for dns, which it would forward to pfsense.. Your saying that works.
But xp doesn't work?? What are the firewall rules?? Your saying it can ping pfsense..
Lets forget about websites and IP address. For all we know your browser is is setup to use a proxy?? You do not have pfsense setup to do any proxy or squidguard or blocker, etc.. Just plain jane pfsense install.
Please post up your rules for both lan and opt. Post up your xp machine ipconfig /all and it pinging pfsense and then a simple nslookup
see example attached
-
Why would you want to access esxi from WAN?? And did you create a port forward for your vmkern?? Are you trying it from outside your network?
Lets get it straight what is what and what is not working… Your wifi router is WRONG setup.. So clients connected to it would ask it for dns, which it would forward to pfsense.. Your saying that works.
But xp doesn't work?? What are the firewall rules?? Your saying it can ping pfsense..
Maybe you misunderstood, I just want to access ESXi from my desktop pc which is at my AP point, that's the problem, that i can't. Yes, it works…
-
"I CAN'T access ESXi from my wan let's say 99.99.99.99 and enter root"
Well that is what you said!!
Dude how is your client every going to look up anything if its pointing to itself for dns 127.0.0.1
As to accessing your vmkern from where? And why would you ever in a million years think you could get their from your wan?? Your vmkern is port group connect to your lan vswitch.. Which is what network 192.168.1.0/24
But that is the SAME network that is behind your wifi router… so no shit those people would never be able to connect to 192.168.1.100 vmkern since they think that network is local..
Where are you firewall rules? And why does that client point to loopback for dns???
-
"I CAN'T access ESXi from my wan let's say 99.99.99.99 and enter root"
Well that is what you said!!
Okay… I need to have connection on windows xp machine, and access ESXi remotely somehow...
-
dude you never setup dns in XP machine so it points to itself.. never in a million years going to work!! Ever..
You will be able to access esxi from either network, once you FIX your problems and allow it in pfsense.
You having both machines on 192.168.1.0/24 network one behind your nat router is just confusing the whole thing… Set it up like I described and posted a picture of and all your problems will be gone.. And you will be able to access esxi just fine from where ever you want to access it from, if you allow the rules in pfsense firewall, etc.. if coming from a different network than the vmkern is on..
-
dude you never setup dns in XP machine so it points to itself.. never in a million years going to work!! Ever..
You will be able to access esxi from either network, once you FIX your problems and allow it in pfsense.
You having both machines on 192.168.1.0/24 network one behind your nat router is just confusing the whole thing… Set it up like I described and posted a picture of and all your problems will be gone.. And you will be able to access esxi just fine from where ever you want to access it from, if you allow the rules in pfsense firewall, etc.. if coming from a different network than the vmkern is on..
Alright, rules in pfSense for esxi? There isn't any info much google. If this just could work …
-
dude it will work just fine if you set it up correctly.
you have 2 networks, should be 192.168.1.0/24 LAN, 192.168.2.0/24 OPT
vmkern sits on your lan with 192.168.1.100/24. So all devices on LAN would be able to talk to it directly. Devices on OPT 192.168.2.0/24 would have to route through pfsense to get to the vmkern address on your lan network. So the firewall rules in OPT would have to allow that.
Again this is how you should have it setup.
pfsense
wan: public IP
lan: 192.168.1.1/24
opt: 192.168.2.1/24
dhcp running on both them them, say scopes 192.168.1.100-200, 192.168.2.100-200… This will point all dhcp clients to its interface in each network as dns and gateway.
For starters lets start with simple rules allow any any in both lan and opt.Once everything is working then you can get more restrictive with rules.
Esxi vmkern 192.168.1.100 with gateway and dns pointing to pfsense 192.168.1.1
There you go all working! You have to make sure you setup your old wifi router as Access point only. Turn off its dhcp server, give its "lan" IP 192.168.2.2/24 with gateway of 192.168.2.1 and dns if you want to 192.168.2.1 Connect it to the pfsense opt network.
You can reverse the lan and opt networks if you want.. Doesn't really matter.. But we need to be clear what is in what network and how its connected. Clients in both lan and opt should get an IP from the dhcp server running on pfsense.
Then ask pfsense for dns, ie when looking for www.pfsense.org they will ask pfsense. Pfsense will then either forward this (dnsmasq "forwarder) to your isp dns, or whatever else you setup in pfsense general settings for dns, say 8.8.8.8 Or look them up directly via the (resolver "unbound"). Pfsense defaults to using the resolver.
You really should have another switch if you want to connect more than 1 device (other than vm) to your lan network 192.168.1.0/24
-
dude it will work just fine if you set it up correctly.
you have 2 networks, should be 192.168.1.0/24 LAN, 192.168.2.0/24 OPT
vmkern sits on your lan with 192.168.1.100/24. So all devices on LAN would be able to talk to it directly. Devices on OPT 192.168.2.0/24 would have to route through pfsense to get to the vmkern address on your lan network. So the firewall rules in OPT would have to allow that.
Again this is how you should have it setup.
pfsense
wan: public IP
lan: 192.168.1.1/24
opt: 192.168.2.1/24
dhcp running on both them them, say scopes 192.168.1.100-200, 192.168.2.100-200… This will point all dhcp clients to its interface in each network as dns and gateway.
For starters lets start with simple rules allow any any in both lan and opt.Once everything is working then you can get more restrictive with rules.
Esxi vmkern 192.168.1.100 with gateway and dns pointing to pfsense 192.168.1.1
There you go all working! You have to make sure you setup your old wifi router as Access point only. Turn off its dhcp server, give its "lan" IP 192.168.2.2/24 with gateway of 192.168.2.1 and dns if you want to 192.168.2.1 Connect it to the pfsense opt network.
You can reverse the lan and opt networks if you want.. Doesn't really matter.. But we need to be clear what is in what network and how its connected. Clients in both lan and opt should get an IP from the dhcp server running on pfsense.
Then ask pfsense for dns, ie when looking for www.pfsense.org they will ask pfsense. Pfsense will then either forward this (dnsmasq "forwarder) to your isp dns, or whatever else you setup in pfsense general settings for dns, say 8.8.8.8 Or look them up directly via the (resolver "unbound"). Pfsense defaults to using the resolver.
You really should have another switch if you want to connect more than 1 device (other than vm) to your lan network 192.168.1.0/24
Alright, this too much as for me to do, seriously, maybe something start with something easier? I'm just beginner with networking and pfSense…
There is no option to disable NAT on that router, so the only way access ESXi is from my public IP, and somehow connect to it. But for now pfSense is overriding ESXi.
-
2 much?? Your setting up 2 networks… This very very very BASIC setup...
Who said anything about disabling nat on the router?? Dude your just not going to use its nat function because your going to connect it to your network via one of the LAN PORTS!! Just turn off its dhcp server, and assign its IP to something on your network your going to connect it too. If that takes you more than 30 seconds you must of taken a coffee break during the time ;)
What is confusing you??
If 2 networks is confusing to you.. Then start with just 1.. Your LAN in pfsense.. Connect your wifi router to that esxi nic that is on your lan switch, that your vmkern port group is on. But again just connect it via one of the wifi router LAN ports.. Disable the dhcp server on the wifi router and make sure its IP is on your lan segment say 192.168.1.2/24
Now all your devices be they plugged into other lan ports on your wifi router or wireless will all be on the lan network.. Getting dhcp from pfsense.
Once you get that working, then you can move to having 2 networks behind pfsense.
Anything on this lan network will be able to access your esxi vmkern via its IP 192.168.1.100
Why do you keep trying to hit the vmkern of esxi on some public IP??? It should NOT have a public IP.. The port group of vmkern is on your lan vswitch per your posted image.. The only thing that should have a public IP is the wan vnic in pfsense. That esxi physical nic would be directly connected to your modem.
-
2 much?? Your setting up 2 networks… This very very very BASIC setup...
Who said anything about disabling nat on the router?? Dude your just not going to use its nat function because your going to connect it to your network via one of the LAN PORTS!! Just turn off its dhcp server, and assign its IP to something on your network your going to connect it too. If that takes you more than 30 seconds you must of taken a coffee break during the time ;)
What is confusing you??
If 2 networks is confusing to you.. Then start with just 1.. Your LAN in pfsense.. Connect your wifi router to that esxi nic that is on your lan switch, that your vmkern port group is on. But again just connect it via one of the wifi router LAN ports.. Disable the dhcp server on the wifi router and make sure its IP is on your lan segment say 192.168.1.2/24
Now all your devices be they plugged into other lan ports on your wifi router or wireless will all be on the lan network.. Getting dhcp from pfsense.
Once you get that working, then you can move to having 2 networks behind pfsense.
Anything on this lan network will be able to access your esxi vmkern via its IP 192.168.1.100
Alright, here are the results when i plug my AP to that LAN port, somehow I can access pfsense from 192.168.2.1, but 192.168.1.1 don't work. And sadly, I cannot access ESXi 192.168.1.100.