ESXi, OVH, and 1:1 NAT problems

steven6282

Hello, I'm testing a dedicated server with OVH to replace a colocated server I have that has started having some hardware issues.

I've had this colocated server at two different hosts and never had problems like this.  I'm not sure exactly what OVH is doing differently than everyone else but it is quite annoying.

First off, it took me hours to figure out a way to get a PFSense VM to even have access to the WAN and able to receive connections from the WAN.  I eventually did it by setting up a Virtual MAC on OVH side, making my WAN Nic on the PFSense VM match that MAC, and then additionally had to manually add a route to the gateway on a different subnet that the main management IP is on.  OVH is doing some kind of weird routing here and I have to use that gateway on the differnet subnet.

Anyway, moving forward I can access the PFSense box, and it can access the internet.  Any other VMs I add, if I leave them set to DHCP, they can access the internet just fine.  And if I do a NAT for the PFSense IP to an internal IP for say SSH, then that works fine.  However this is not what I want to do.

I have 3 more IP addresses that I want to be able to assign to specific VMs like I've done int he past.  In the past all I've had to do is set up that IP in the 1:1 NAT mapping going to the internal IP and it worked.  That doesn't work here.  I've tried adding that 1:1 mapping, and adding virtual ip alias as well as proxy arp for the IP.  Further, another weird thing (at least weird to me since I have a very basic understanding of networking) as soon as I set a 1:1 mapping for an internal IP, the machine at that IP can no longer access the WAN.  It can resolve domain names (ex ping google.com will resolve the IP) but it can't actually ping.  I'm guessing that is because it's getting the DNS information from PFSense which is internal.

Anyone able to help any on what I need to do here?

steven6282

I was able to get this resolved.  In case anyone else has this issue and find this post in a search or something the solution is that all IP address at OVH must have an associated MAC address.  Otherwise their systems will not allow packets to transmit on that IP.  For what I'm doing with a 1:1 NAT, I simply had to associate the other IPs with the MAC of the PFSense box.

jcpro

Hey Steven6282,

I have multiple IP's from OVH too (a /28 subnet actually) and I want to assign those IP's to VM's that use NAT addresses.
What actually needs to be configured on the pfSense VM for that to work?

I have the MAC addresses for each IP set correctly within the OVH control panel.  But on the pfSense VM what still needs to be done?  I don't understand IP Aliases, Proxy ARP so I really don't know what I should be configuring there.

I understand perfectly well how to setup pfSense for a single WAN IP address but in this case I have multiple IP's.

I have posted a message to Experts Exchange on this too but I havn't seen any replies yet: http://www.experts-exchange.com/OS/Unix/Q_28523210.html

mpoi

Thank you! You made my day.
I was looking for this answer a couple of weeks!