How to run pfsense & esxi at a single-server colo hosting - please help
Hello, networking experts.
I have an esxi 4 server with VM instances (a virtual firewall (pfsense or vyatta etc.. being of one the instances) running at a remote colo)
I'd like to know how to configure the esxi server to run the virtual firewall instance to filter traffic of the other instances as if they are in the physical environment with a physical firewal, physical switch and the servers are in a private network.
I will have only 1 internet connection in/out for all traffic (vms, vm service console traffic). I can guess I order another dedicated connection for the service console.
This physical box has 4 NICs. My physical box will not have physical private network. So the internet connection will be plugged into one the physical NICs.
How can I do this?
Thank you in advance.
I think the best way to do this would be to create a second vSwitch, then assign one of the physical NICs (can figure out using the MAC address) to the new vSwitch. (You will plug the internet connection to this port)
Next create a VM Network under that new vSwitch and call it something like 'WAN' or 'untrusted'
Next create your VM for pfsense, give it two NICs the first one set the the VM Network from the original vSwitch (your LAN), the second the VM Network from the second vSwitch (your WAN)
Be sure to note the virtual MAC address so you can assign the correct interface within pfsense's install.
Now I would re-IP the service console to an internal range address (note: you will likely want to be onsite for all of this)
Give the pfsense firewall LAN address an IP and access the web gui. Input your WAN information (if it is a static IP). Plug in the WAN cable. Now set the gateway of your other VMs to use pfsense.
Hopefully that makes sense, I don't know what all your requirements are but I have a similiar setup running (1esx server running pfsense as a firewall for another VM and multiple physical machines.)