Passing block of public IP's to internal host on ESXi Appliance

KOM

Here is a screen from my host that handles pfSense. pfSense's WAN is connected to Internet (vSwitch3), and LAN connect to LAN (vSwitch1).

vmware-networking.png_thumb

aasimbeck

@KOM:

Here is a screen from my host that handles pfSense. pfSense's WAN is connected to Internet (vSwitch3), and LAN connect to LAN (vSwitch1).

Ok, the only difference that I have is PFSense is a hardware appliance. I do not have it virtualized.

WAN –> PFSENSE --> LAN
--> OPT1 (That I intend on passing those virtual IP's through to CentOS)

KOM

I find pfSense so much better to manage virtually than physically.

aasimbeck

Once these IP's are assigned under virtual IPs, would my NAT Mappings be 1:1? What will the gateway and netmask be on each IP once they're assigned in my CentOS box?

Thanks

KOM

would my NAT Mappings be 1:1?

Could be, but if you just want to open a port or two then a more specific port forward will do.

What will the gateway and netmask be on each IP once they're assigned in my CentOS box?

Gateway would be the IP address of the pfSense interface it's connected to, netmask is usually /24 (255.255.255.0) on a small LAN.

aasimbeck

Ok,
So my PFsense installation is not virtual. It is a physical deployment.

I have three NIC's. 1 is the WAN to the Fiber Carrier, the other is the LAN for my office network, and the last is unused right now.

I need to pass as many usable IP's from a statically routed /29 range to the NIC on my WebServer which is CENTos virtualized on ESXi

Thanks

KOM

This was your original requirement, correct? So what have you done and what result did you get? I believe I've already told you everything you need to know to get this working. Create your Virtual IPs and then either create a port-forward or 1:1 NAT to your CentOS box. Boom, done.

aasimbeck

@KOM:

This was your original requirement, correct? So what have you done and what result did you get? I believe I've already told you everything you need to know to get this working. Create your Virtual IPs and then either create a port-forward or 1:1 NAT to your CentOS box. Boom, done.

Yes, here is a screenshot of the configuration of the Virtual IP Assignment.

My confusion is at the 1:1 NAT. I do not want to assign a LAN IP to this. I simply want to pass the usable IP's that are statically routed to my through my ISP.

Thanks

![Screen Shot 2017-02-22 at 3.57.43 PM.png](/public/imported_attachments/1/Screen Shot 2017-02-22 at 3.57.43 PM.png)
![Screen Shot 2017-02-22 at 3.57.43 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-02-22 at 3.57.43 PM.png_thumb)

KOM

A port-forward / 1:1 NAT must be mapped to something. In your case you would map it to the local IP of the CentOS box. That's how it works. And as I mentioned earlier, if you're uncomfortable forwarding traffic to a host on your LAN, then create a DMZ via new interface or VLAN and move your CentOS box there.

aasimbeck

@KOM:

A port-forward / 1:1 NAT must be mapped to something. In your case you would map it to the local IP of the CentOS box. That's how it works. And as I mentioned earlier, if you're uncomfortable forwarding traffic to a host on your LAN, then create a DMZ via new interface or VLAN and move your CentOS box there.

Ok, so I will run a physical ethernet cable between my OPT1 interface and a physical interface on my ESXi Server. I'll assign that interface to CENTOS within the ESXI Controller.

What will my configuration look like in PFsense?