Bridge on Vsphere 5

  • Hi all.

    i realy hope some one can help me with this problem…
    I want to install a Pfsense on Vsphere 5 and i need it in transparent mode for some servers that needs to run with public IP addresses.

    HP Proliant Dl360 G5 server with Vsphere 5 as OS.

    Running  VM´s with Public IP addresses.
                                        |                                |----server1(public ip)
                                        |                                |----server2(public ip)
                                        |                                |----server3(public ip)
                                                        |------ Switch where all my servers are connected (back end net, where i mang. my vmware and so on)
                                                        |------ Server/ Management(private IP)

    I haven´t got it to work, followed some guides and think that i need to make a clean slate and take it from the top, thus i have reinstalled the Vsphere and made the vswitches onse more, so a clean setup.

    How is this done?

    I have follow these guides (by them self and mixed) no luck... :-(

    Is there any thing that needs to be done beside the things in the guides?

    If you can use 3 interfaces for ease...   Otherwise start with a single (WAN) interface.
    From LAN-    Leave the LAN as is.  It makes a great maintenance port
    Go to interfaces- Assign- Bridges...  Create the Bridge. Add two interfaces to the bridge. WAN and OPT2. Rename the interfaces before now if your gonna. Helps keep track.
    Interfaces- Assign- Interface Assignments- create a new interface...  Choose the bridge.  Save.
    Go to Interfaces- Bridge set up your address here...   DHCP, Static ect...
    Got to Firewall- NAT- Outbound...   Choose manual outbound rules.   Make sure the only rules there are for LAN and  (should be there with 2.1 automatically...  may be also 2.0.1 but I dont remember.)
    Go to Interfaces- WAN- set for none.
    Go to Interfaces- Opt2 (or whatever you named it.) set for none.
    Set up your firewall rules as needed.

    1.Create a new virtual switch not connected to any physical interfaces.
    2.Edit properties for new virtual switch and change the vswitch configuration to "ACCEPT" promiscuous mode <--PFSense's bridge mode will not work without.
    3.Add and enable an interface on PFsense, do not assign this interface an IP address.
    4.In PFSense bridge this interface with the WAN interface.
    5.Within vmware add the new PFSense interface to the virtual switch.
    6.Add all systems you would like to have a public IP to the virtual switch and assign public IPs
    7.Create inbound rules for those systems on the WAN Rules tab.
    8.Create Outbound rules for DMZ systems on the DMZ tab <--assuming you named your new PFSense interface DMZ ;)

    Points to note:
    •All systems in the DMZ will need at least one rule to let traffic out.
    •Your vswitch MUST accept promiscuous mode
    •Your DMZ interface must be bridged with the WAN interface.

  • which vSwitch?

    VM network (default) or the newly created for the 2nd interface?

Log in to reply