VMware ESXi with one nic
-
Hello everybody,
how can I setup PFsense in ESXi 3.5 with a single nic? I have read that it's necessary to setup Vlan in PFsense. Ok, i setuped that in default ESXi installiation
Nr. 1 and 2. What else should I do? Do I need to add them to nics in PFsense management or tweak VMware networking? I do not have phisical managed switch by the way.Thanks.
-
If you don't have a switch that supports VLANs then you can't use VLANs.
-
Ok, I think I made it :) I installed PF 1.2.3 (Virtual appliance) in VMware ESXi 3.5 box with one physical nic and 2 virtual nics and it seems it's working!
I have done alias, NAT, Firewall.. Only one thing is noticeable - in System Logs i get:
kernel: arp: 192.168.1.100 is on le0 but got reply from 00:08:54:6a:ac:6c on le1
and similar structure message. Is it normal? Can I go into production (Web, FTP, Database servers)? -
if i read problem correctly pfsense is telling you that you're having loop. you really should use vlan capable switch if youre using only one physical switch.
-
1. If it is a loop is this impact performance very heavy or it just a few percent less comparing to normal performance?
2. Can VMware Tools resolve this isue? I didn't install them yet.
3. Can I configure two Vlans in ESXi 3.5 with one physical nic. I am not expert in this area, but VMware networking has a lot of configurations options. -
So you want to run router on a stick, one arm bandit sort of config?
That type of setup is not optimal to be sure. Can you not just put in another physical nic? Nics are pretty cheap.. Yes its possible to run multiple vlans on 1 interface, but sounds like you only have actual physical nic for both your wan and lan are the same physical nic?
Configs I have seen would be you would have a wan interface, and then run multiple lan vlans on the 1 physical lan interface.
I wish I could be of more help, I guess I could fire up a VM copy of pfsense to play with in this sort of config, but your best option would be to just buy another nic.. Im sure you can find even a 10/100/1000 interface for under $30 for sure.
Shoot I picked up some 10/100's awhile back to break out my virutal box vm's from using my normal gig nic, because just running the bridging driver hook on physical nic was causing a HIT on my gig performance even when virtual machines were not running. I got them for like $9 each. Now I can run my vm's without any performance hit on my normal gig interface traffic.
I can not believe you would be running esxi on a hardware that only allowed for 1 nic?
-
Best bet would be to dedicate a physical NIC as the WAN NIC, and vlan said NIC. This protects the physical machine from the cloud.
-
The alternative is to virtualize every host on the LAN. The physical NIC becomes the pfsense WAN and all the LAN hosts and pfsense's internal interfaces all live on vswitches.
Of course, if you want to manage this beast you will have to virtualize yourself (or access from the WAN).
-
Of course, if you want to manage this beast you will have to virtualize yourself (or access from the WAN).
you've watched too much Tron and/or Matrix movies ;)
