getting esxi management behind web access i pfsense
-
i have a dedicated server in a datacenter environment, I installed esxi on it, and I configured pfsense virtual on this esxi.i have completed the pfsense configurations other virtual machines are communicating successfully from behind pfsense.But I want to get behind pfsense and give it a private local ip instead of the public ip of the management of the existing esxi on the web, it will be safer and I won't get an attack.
Is it possible how I can do this.
-
You should be able to setup an additional virtual NIC for the host to use as access and then setup the real NIC as passthough to the pfSense WAN. That way the ESXi management would not be available on the public IP. Is that what you mean?
It would be VERY easy to lock yourself out making that change though so make sire you have some OOB access to the server before attempting it.Steve
-
S stephenw10 moved this topic from General pfSense Questions on
-
@stephenw10 firstly, datacenter gives us an uplink port with a single cable,
yes, I created a vmkernel on esxi to connect the uplink port to the actual nic port, I also created another vmkernel and selected the pfsense lan leg as the portgroup and assigned the local ip. but after defining the local ip, when I delete the port facing the physical nic, all my connections are gone.So in this case, I just need to remove the management tick on the vmkernel that looks at this physical nic and has a public ip definition without deleting it.
yes, I have access to the server from the idrac port, by the way, in order to Dec able to intervene if there is an interruption. -
I can't really comment in detail here. I don't use ESXi myself.
Do you still have access to the pfSense WAN after making that change?
What connections are you actually losing?Obviously access to the management would then be via port forwards or VPN etc so connections there would have to be remade if that was not already in place.
Steve