Forgive me in advance, I need advice/direction complete noob

  • Hi everyone. I am not even sure if I have a specific question yet so much as I need general direction.
    Let me describe my environment.. I am working in a small lab, multiple vlans, anytime something needs to reach "outside" I basically have to assign the second nic with a public IP. I decided that we have much to many physical servers and spun up a ESXi host. It has 4 physical nics. I have it configured to where the vmnic0 is the trunk and can support any of the vlans tags I have. I have a second physical nic assigned to an iSCSI device for storage. That leaves me two physical NICs left. I have NO firewall experience. My last company all that was figured out for me, I would build servers as needed with DHCP and not have to worry about it. Obviously this isn't the case any longer!  How do I set up pfsense to use one of the physical NICS to connect my ESXi VMs with a range of public IPs? I am so overwhelmed with terms like bridges, DMZ, etc. that I am just further confusing myself with reading it. I would be happy to share screenshots as necessary. Just to test, I did hook up a VM to a public IP  by using another physical nic but obviously that isn't secure or scalable.

    Please help! I would love to have this up and running to support more VMs that need internet access. Thanks so much for reading!

  • LAYER 8 Global Moderator

    "I basically have to assign the second nic with a public IP."

    Your kidding right??  And there is no firewall between this second nic and the internet other than some host firewall your running on each machine?

    Why would you not just route internet access from your vlans.  Do you put these public IPs on the devices because they need INBOUND traffic from the internet, or to access the internet.  Are these servers your running providing services to the public net?

    What do you have currently connected for internet? How many public IPs do you own?  How is the internet connected into your network - you just have some router that connects your public ip netblock?

    A simple diagram showing your current setup of these test machines and how they interconnect and then what gets you to the internet.  And we can design a better setup.

    And sure pfsense running on a vm would more than likely work just fine.  But a current layout of your network and devices that connect them and the internet would be helpful.  What router do you have that connects you do the internet?  I am amazed there is no firewall between your devices and the public net??

Log in to reply