PF Sense with ESXI 6 (NIC needed)



  • Hello all,

    hope you are fine.

    i have a DediBox from online.net

    8 GB RAM
    8 Cores CPU (Intel Atom)
    1 IPV4

    the thing is i will use 2 VMs only, i installed ESXI 6 now i have 1 Public IP, can i NAT (map) it to the VMs ?

    i found PF sense should do this, but do i need to purchase another public IP or i can do that with my current IP ?

    what about Proxmox i hear that it already has a NAT option while creating a machine does any one know if it needs an additional IP or not ?

    Thx



  • Any replies ??



  • Depends on what those 2 VMs are doing, please explain in more details, I believe your 1 ip is taken by the ESXi server…



  • yes this Public IP is taken by the Esxi, but i though PF sense can map this ip to the VMs, like Proxmox (Hypervisor like ESXI)  it does this option

    while creating new machine it asks for the network config (NAT, Bridge, DHCP, etc) if i choose NAT the VMs take local IP but it can browse the internet normally with the Public IP (ESXI IP)

    so can PF Sense do that as i don't want to use Proxmox.



  • Create 2 virtual networks in your ESXi, no adapaters, rename your 3 nics to WAN [ESXi], LAN, DMZ.

    Reset your config in pfsense, then you configure the Wan and lan, check when done if a VM in LAN has access to internet.

    Then create your VMs in DMZ and use for exampe 1:1 NAT.



  • From what I recall, ESXi doesn't have to take a public IP.  One of your NIC ports has to plug into your public router, but it doesn't assume any IP address.  The virtual machines inside the host do that.  I have 3 ESXi boxes plugged into my public switch, but they don't use any of my public IP addresses.



  • @Nicklas:

    Create 2 virtual networks in your ESXi, no adapaters, rename your 3 nics to WAN [ESXi], LAN, DMZ.

    Reset your config in pfsense, then you configure the Wan and lan, check when done if a VM in LAN has access to internet.

    Then create your VMs in DMZ and use for exampe 1:1 NAT.

    here is my ESXI switches

    here is PF Sense settigns before adding DMZ

    tell me if ESXI switches is correct or i need to change it



  • @KOM:

    From what I recall, ESXi doesn't have to take a public IP.  One of your NIC ports has to plug into your public router, but it doesn't assume any IP address.  The virtual machines inside the host do that.  I have 3 ESXi boxes plugged into my public switch, but they don't use any of my public IP addresses.

    my Esxi has Public IP coz its Dedicated host and i connect it remotly



  • Yeah, I thought so, as you mentioned the hosting company and one IP, if you have no kvm or other access your need to give your ip to the dashboard as that's your only means of getting access. i saw your pic, but you mentioned you have only one nic, one ip, so you better create 2 virtual switches.

    Not sure why you have 2 nics connected to the virtual switches

    See one of my esxi servers scheme below, then virtual ips, 1:1 nat and make rules to allow access.

    The Debian is on my Lan to have internal also access to the dashboard.

    Let me know if u got it working.

    ![VMware-with 1-1 NAT.png_thumb](/public/imported_attachments/1/VMware-with 1-1 NAT.png_thumb)
    ![VMware-with 1-1 NAT.png](/public/imported_attachments/1/VMware-with 1-1 NAT.png)



  • @Nicklas:

    Yeah, I thought so, as you mentioned the hosting company and one IP, if you have no kvm or other access your need to give your ip to the dashboard as that's your only means of getting access. i saw your pic, but you mentioned you have only one nic, one ip, so you better create 2 virtual switches.

    Not sure why you have 2 nics connected to the virtual switches

    See one of my esxi servers scheme below, then virtual ips, 1:1 nat and make rules to allow access.

    The Debian is on my Lan to have internal also access to the dashboard.

    Let me know if u got it working.

    do you mean like this photo

    ??



  • yip, just like my example, use Greenshot tool to make screen-shot and obfuscate your IP, this is a forum after all ;-)


Log in to reply