[SOLVED] VMware ESXi - How to get ip from virtual machine pfsense for esxi host



  • Hello forum ! Im new to pfsense and esxi and i want your help , i dont know if it is possible to do what i want to do…. but i will ask :)

    I have 1 public ip (real) currently assigned at vmware esxi host and 1 public ip (real) for temporary reasons only to work for some hours.
    Every new virtual machine i create on esxi has no wan access so i will need pfsense in order to make them able to access wan.

    Lets assume my public ips (real) are 190.0.0.1 and 190.0.0.2 (temp)

    Here are my steps:

    1. Set esxi host to temporary public ip - 190.0.0.2
    2. Create pfsense virtual machine and make it work , wan interface 190.0.0.1 and lan interface 192.168.1.1/24

    At this point if i create another virtual machine with 192.168.1.2/24 and gateway 192.168.1.1 it can access wan so pfsense works !  ;D

    Now what i want to do is , give esxi host ip from pfsense , for example 192.168.1.3 and port forward vsphere client ports in order to access vsphere client from 190.0.0.1 again.

    Is this even possible ??

    Thanks !!



  • Sounds doable.  Put the VMkernel port on the same vSwitch as the other VM's and it's just another host on the network.  Simple default gateway to the pfSense LAN interface and you are talking to the Internet.  Port forward what you need.

    That's functionally.  Security is another thing.  I would recommend a VPN to establish connectivity to the local network (can be done right on the pfSense VM)  and not a pure port forward to the ESXi host.  That's too much risk for me.

    To demonstrate connectivity is possible from the ESXi host to the Internet via a pfSense VM:

    
    The ESXi Shell can be disabled by an administrative user. See the
    vSphere Security documentation for more information.
    ~ # 
    ~ # 
    ~ # traceroute google.com
    traceroute to google.com (173.194.72.113), 30 hops max, 40 byte packets
     1  pfsense (192.168.1.1)  0.254 ms  0.302 ms  0.135 ms              <<<<<----------
     2  69.255.176.1 (69.255.176.1)  22.850 ms  28.452 ms  29.471 ms
    .....
    
    


  • thanks for answering , i get the idea but i cant make it work.

    For now im working in a virtual environment in home , i have a vmware virtual machine running esxi , inside esxi i have 2 virtual machines , pfsense and ubuntu.

    My esxi ip is 192.168.1.26 (static ip from my router)
    My pfsense WAN ip is 192.168.1.32 (static ip from my router)
    My pfsense LAN ip is 192.168.5.1

    Now when i boot ubuntu , i give it , 192.168.5.2 with gateway 192.168.5.1 and it can access the web and pfsense webgui.

    The problem is how to even ping ubuntu from my pc 192.168.1.2 (connected to same router as esxi). Port forward and firewall rules seems useless.

    My esxi configuration below :




  • The VMkernel port is on the wrong vSwitch.

    EDIT: You only have one physical NIC?  That's not going to work.  You might be able to do it with VLAN's, but that's beyond my knowledge of ESXi.

    Here is mine:




  • thanks again for replying !

    Can you explain me the ip addresses that you use ?

    For example on WAN you have 192.168.5.0/24 and througth pfsense you have 192.168.1.0/24 ?

    So the management ip address is from pfsense ? And if so , which ports should i port forward in order to access vsphere client ?

    Whats the purpose of the othe physical NIC ?

    thanks !



  • @invader7:

    Can you explain me the ip addresses that you use ?

    For example on WAN you have 192.168.5.0/24 and througth pfsense you have 192.168.1.0/24 ?

    The pfSense WAN interface on vSwitch1 is dynamic from the ISP (Comcast).  If you have a static public IP, it would go here.

    The pfSense LAN interface is on vSwitch0.  This is the 192.168.1.0/24 network.

    • 192.168.1.1 pfSense LAN (inside)
    • 192.168.1.50 ESXi host Management (vmk0)
    • 192.168.1.x all other VM's and LAN devices

    So the management ip address is from pfsense ?

    Not "from" pfSense, it's a static address from the same network that pfSense LAN interface is on.

    And if so , which ports should i port forward in order to access vsphere client ?

    You would have to check the ESXi docs to find that.  However, I would never expose my ESXi host to the nasty bits from the Internet via port forwarding.  OpenVPN, IPSec, etc would put you right on the LAN and no port forwarding would be necessary.

    If i add another physical NIC connected directly to the router as the 1st physical NIC it will work ?

    A second NIC on the server ESXi is running on, add it to your vSwitch1.



  • @priller:

    @invader7:

    Can you explain me the ip addresses that you use ?

    For example on WAN you have 192.168.5.0/24 and through pfsense you have 192.168.1.0/24 ?

    The pfSense WAN interface on vSwitch1 is dynamic from the ISP (Comcast).  If you have a static public IP, it would go here.

    The pfSense LAN interface is on vSwitch0.  This is the 192.168.1.0/24 network.

    • 192.168.1.1 pfSense LAN (inside)
    • 192.168.1.50 ESXi host Management (vmk0)
    • 192.168.1.x all other VM's and LAN devices

    Correct ! i have it like this ! Wan interface from router 192.168.1.0/24 , Lan interface 192.168.5.0/24 <– gives to all VM and host management

    @priller:

    And if so , which ports should i port forward in order to access vsphere client ?

    You would have to check the ESXi docs to find that.  However, I would never expose my ESXi host to the nasty bits from the Internet via port forwarding.  OpenVPN, IPSec, etc would put you right on the LAN and no port forwarding would be necessary.

    its already exposed through a public ip , so thats not a problem , i understand the security risks but for now i want it just to work.

    @priller:

    If i add another physical NIC connected directly to the router as the 1st physical NIC it will work ?

    A second NIC on the server ESXi is running on, add it to your vSwitch1.

    This is the part i cant get , and sorry for asking again. Since now , i can port forward my webserver at 192.168.5.2 (lan) to 192.168.1.1 (wan pfsense) for example and it works , i can port forward whatever i want and i works only with 1 NIC.

    The second nic is necessary only for the management ? And if so , i will put it to my esxi host , attach it to vSwitch1 , and on the other end ? at the same physical switch/router that NIC 1 is plugged ?

    thanks



  • Hum, maybe I'm having a mental block and haven't been clear on what you are trying to do.  :o

    I'm not understanding how this can work without Physical Adapters on each vSwitch for the LAN/WAN (inside/outside) pfSense interfaces.

    Anybody?



  • @priller:

    Hum, maybe I'm having a mental block and haven't been clear on what you are trying to do.  :o

    I'm not understanding how this can work without Physical Adapters on each vSwitch for the LAN/WAN (inside/outside) pfSense interfaces.

    Anybody?

    I have 1 public ip and i want to "share" it under all my VM and for the ESXi host too !

    For the time my public ip is , lets say 192.168.1.1 , and i have 192.168.1.2 for temporary use.

    For this purpose , i added 192.168.1.1 to the pfsense wan interface , ESXi host has 192.168.1.2 and now i have a new lan 192.168.5.0/24 with 192.168.5.1 assigned to the pfsense lan.

    If i setup a webserver at 192.168.5.3 and make port forward correct it can access wan and i can access it from wan too.

    The only thing i dont get is , how to manage the ESXi host with vsphere client ?
    When i change the management ip from 192.168.1.2 to 192.168.5.2 (port forwarded 443,902) i lose connection and cant connect back , i have to change ip back to 192.168.1.2




Log in to reply