Multiple WAN IPs and XenServer
-
Hi guy,
We are having problem to get our pfSense working with our XenServer VMs with public IPs.
Basically, we have a 6 Ports PC based firewall box loaded with pfSense and 5M/5M ethernet connection from our ISP to our office. The connection was terminated by NTU in our office. Our Internet connection has one Main IP (for the connection) and the other five IPs are routed to the main IP. We connected our pfSense firewall to the NTU ethernet port. The Internet is running perfectly fine. All our internal LAN PCs, servers can be connected to the Internet through NAT with the main IP. We wish to have Public IPs assign to our two XenServer VMs. We could not get them to work. How can We assign the other 5 usable IPs to our XenServer VMs? Please advise!
Any input would be much appreciated!
Kind regards,
Henry -
There's three ways to do this:
1. Create a 1:1 NAT which maps External IP 1 to Internal VM IP 1, and so on. Your VM's would have LAN addresses assigned to them and would sit behind the firewall.
2. Create a bridge connection between ISP and your XS farm. You will need an additional interface, VLAN or physical, and would have to place the internal bridge interface on your XS host/vlan. This isn't an optimal configuration so I wouldn't recommend it.
3. Ask the ISP to route traffic for your IP block to you via a transit link (preferably a private address subnet /29 or /30) and use your pfsense box to route traffic for your networks. You can create an internal LAN net, and a DMZ network as physical or VLAN interfaces (although I would recommend separate interfaces).