Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PF Sense with ESXI 6 (NIC needed)

    Scheduled Pinned Locked Moved Virtualization
    11 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      misho2007
      last edited by

      Hello all,

      hope you are fine.

      i have a DediBox from online.net

      8 GB RAM
      8 Cores CPU (Intel Atom)
      1 IPV4

      the thing is i will use 2 VMs only, i installed ESXI 6 now i have 1 Public IP, can i NAT (map) it to the VMs ?

      i found PF sense should do this, but do i need to purchase another public IP or i can do that with my current IP ?

      what about Proxmox i hear that it already has a NAT option while creating a machine does any one know if it needs an additional IP or not ?

      Thx

      1 Reply Last reply Reply Quote 0
      • M
        misho2007
        last edited by

        Any replies ??

        1 Reply Last reply Reply Quote 0
        • N
          Nicklas
          last edited by

          Depends on what those 2 VMs are doing, please explain in more details, I believe your 1 ip is taken by the ESXi server…

          1 Reply Last reply Reply Quote 0
          • M
            misho2007
            last edited by

            yes this Public IP is taken by the Esxi, but i though PF sense can map this ip to the VMs, like Proxmox (Hypervisor like ESXI)  it does this option

            while creating new machine it asks for the network config (NAT, Bridge, DHCP, etc) if i choose NAT the VMs take local IP but it can browse the internet normally with the Public IP (ESXI IP)

            so can PF Sense do that as i don't want to use Proxmox.

            1 Reply Last reply Reply Quote 0
            • N
              Nicklas
              last edited by

              Create 2 virtual networks in your ESXi, no adapaters, rename your 3 nics to WAN [ESXi], LAN, DMZ.

              Reset your config in pfsense, then you configure the Wan and lan, check when done if a VM in LAN has access to internet.

              Then create your VMs in DMZ and use for exampe 1:1 NAT.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                From what I recall, ESXi doesn't have to take a public IP.  One of your NIC ports has to plug into your public router, but it doesn't assume any IP address.  The virtual machines inside the host do that.  I have 3 ESXi boxes plugged into my public switch, but they don't use any of my public IP addresses.

                1 Reply Last reply Reply Quote 0
                • M
                  misho2007
                  last edited by

                  @Nicklas:

                  Create 2 virtual networks in your ESXi, no adapaters, rename your 3 nics to WAN [ESXi], LAN, DMZ.

                  Reset your config in pfsense, then you configure the Wan and lan, check when done if a VM in LAN has access to internet.

                  Then create your VMs in DMZ and use for exampe 1:1 NAT.

                  here is my ESXI switches

                  here is PF Sense settigns before adding DMZ

                  tell me if ESXI switches is correct or i need to change it

                  1 Reply Last reply Reply Quote 0
                  • M
                    misho2007
                    last edited by

                    @KOM:

                    From what I recall, ESXi doesn't have to take a public IP.  One of your NIC ports has to plug into your public router, but it doesn't assume any IP address.  The virtual machines inside the host do that.  I have 3 ESXi boxes plugged into my public switch, but they don't use any of my public IP addresses.

                    my Esxi has Public IP coz its Dedicated host and i connect it remotly

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nicklas
                      last edited by

                      Yeah, I thought so, as you mentioned the hosting company and one IP, if you have no kvm or other access your need to give your ip to the dashboard as that's your only means of getting access. i saw your pic, but you mentioned you have only one nic, one ip, so you better create 2 virtual switches.

                      Not sure why you have 2 nics connected to the virtual switches

                      See one of my esxi servers scheme below, then virtual ips, 1:1 nat and make rules to allow access.

                      The Debian is on my Lan to have internal also access to the dashboard.

                      Let me know if u got it working.

                      ![VMware-with 1-1 NAT.png_thumb](/public/imported_attachments/1/VMware-with 1-1 NAT.png_thumb)
                      ![VMware-with 1-1 NAT.png](/public/imported_attachments/1/VMware-with 1-1 NAT.png)

                      1 Reply Last reply Reply Quote 0
                      • M
                        misho2007
                        last edited by

                        @Nicklas:

                        Yeah, I thought so, as you mentioned the hosting company and one IP, if you have no kvm or other access your need to give your ip to the dashboard as that's your only means of getting access. i saw your pic, but you mentioned you have only one nic, one ip, so you better create 2 virtual switches.

                        Not sure why you have 2 nics connected to the virtual switches

                        See one of my esxi servers scheme below, then virtual ips, 1:1 nat and make rules to allow access.

                        The Debian is on my Lan to have internal also access to the dashboard.

                        Let me know if u got it working.

                        do you mean like this photo

                        ??

                        1 Reply Last reply Reply Quote 0
                        • N
                          Nicklas
                          last edited by

                          yip, just like my example, use Greenshot tool to make screen-shot and obfuscate your IP, this is a forum after all ;-)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.