How to use a /32 WAN address on VMware?



  • I help run a small gaming community on a headless datacenter server, and I am trying to move us from a linux-only Ubuntu OS to VMware's free ESXi so we can also have a Windows server to also run Windows-only game servers.

    (Yes, I am aware of KVM for linux, but the technical complexity of getting that working on a headless box looks ridiculous.)

    We have two addresses from the datacenter, but I do not know how to set up the second address.

    Primary address (being used by VMWare management console):
    address: 72.20.9.126
    Mask/CIDR:  255.255.255.252  /30
    gateway: 72.20.9.125

    Secondary address:
    address: 72.20.54.117
    Mask/CIDR: 255.255.255.255  /32

    The secondary address needs to be the WAN port for pfSense.

    ,

    I have installed pfSense as a VM, and I have created an isolated "LAN" virtual switch on ESXi that doesn't connect to anything in the outside world.

    The other VM's will use the "LAN" virtual switch to connect to pfSense and then pfSense talks to the outside world. The "LAN" virtual switch is already working, no problems. It's the WAN side that I don't understand.

    ,

    I originally expected that I would be able to share the first address (72.20.9.126 / 30) with VMWare's management console, but that doesn't work.

    If I assign the WAN interface on pfSense to the first address used by the management console, suddenly they both disappear and I can't talk to anything until the datacenter IT staff reboot the hardware.

    pfSense is not set to auto-boot with the hypervisor so I regain access to VMWare management again, disconnect the WAN adapter with the bad address for the pfSense VM, and then boot it and try to figure this out.

    ,

    So apparently pfSense needs to use the second /32 address as its WAN address. I have no idea how to do this.

    The text-mode setup for pfsense is really unhappy about the /32 WAN address. It will only allow me to enter a netmask up to /31 (which is itself apparently invalid if I look up the documentation for CIDRs). so fine I enter /31, and then text-mode setup complains the gateway is not in the same subnet as the address and won't let me proceed.

    Apparently I need access to WebConfigurator to proceed, and you can't access that except from the LAN side, so I had to install a Windows VM, and connect it to the LAN vSwitch and now I can manage pfSense via the Windows via the VMWare remote VM console.. bizarre.

    Webconfigurator then lets me type in whatever I want for the WAN interface, but it still doesn't work.

    ,

    I have no clue what to do from here. Do I need to do something in VMware's virtual networking to set up the second /32 address, or can I make this work only through pfSense?

    It's not clear to me if the second /32 address is a "real" separate address, or if it is really just an alias for the first address with the same ports in use, and is not really usable as a separate public address.



  • Have you tried to set pfSense WAN in DHCP mode?