VMware Cloud Community
Kal4601
Contributor
Contributor
Jump to solution

NAT on ESXi

I am testing ESXi on an HP box with 2 NICs. I want to use one of the NICs for NATing for all VMs on this host and 2nd NIC for management, in other words my physical NIC address is 10.10.10.5, I want all the VMs to use 192.168.12.XXX addresses. Is it possible? if yes, how do I accomplish that? Thanks in advance.

Tags (3)
1 Solution

Accepted Solutions
TravisT
Enthusiast
Enthusiast
Jump to solution

Here is an example of how our ESX hosts are networked. There are two vSwitches, one for the management network and one for the virtual machine network. The highlighted IP address in the management network would be your 10.10.10.5 address. The physical nics attached to that vSwitch are teamed and load balanced within the properties of that vswitch.

There isn't a IP address that you assign to the virtual machine vswitch. The ip address, default gateway, and dns settings are set within the virtual machine it's self. If you would like to create a different subnet such as 192.168.12.0/24, then you would set your VM's with those addresses. However, if you don't have a physical router to act as a router you can create a virtual router. However, don't get confused, this isn't something VMware provides in their software. This is just another virtual machine that you would create that would have routing capabilities. In this case I have created a diagram to illustrate what you would do.

So, above you'll have two vswitches for your virtual machines. One will contain the physical nics that connect to the physical network. The other vswitch will not contain any physical nics but will connect all of your VM's together. The virtual router will have two virtual nics, one plugged in to vswitch1 and the other plugged in to vswitch2. The traffic will go through this VM or "virtual router".

Now, this is a little complex, but it will accomplish what you are looking for. The other option that mentioned and is the method I use is to use VLAN's to segment my network. Our VM's, Management Network, SAN, and physical network are all on seperate VLAN's connected to a layer 3 switch. The layer 3 switch allows me to do routing between the VLAN's. So, my gateway is just my VLAN interface on my physical switch.

So, to answer your questions based off of what I have illustrated:

1) NAT would be part of the Virtual Router. This could be a windows server with routing and remote access setup. Or you could setup a linux server with IP routing. There is a free linux distro called IP cop that would probably work for you.

2.) The gateway would be the virtual nic interface on the virtual router that is connected to vswitch 2 in the illustration.

Hope that helps,

Travis

View solution in original post

Reply
0 Kudos
12 Replies
oreeh
Immortal
Immortal
Jump to solution

ESXi doesn't do NAT.

Simply configure the VMs to use IP addresses in the desired range and add a virtual router which does the NAT.

Reply
0 Kudos
Kal4601
Contributor
Contributor
Jump to solution

what would be the gateway address and DNS address? I want these VMs to be able to brows Internet.

Reply
0 Kudos
oreeh
Immortal
Immortal
Jump to solution

Whatever IP you configure in the virtual NAT device / virtual router (any Linux will do the trick).

Reply
0 Kudos
patrickds
Expert
Expert
Jump to solution

Of course, but this has nothing to do with NAT.

Just create a vswitch with your Service console port group and the 10.10.10.5 address, and a second vswitch with the VM Network portgroup and the 192.168.12.xxx addresses on the VMs.

If the two networks aren't physically separated (using the same physical switch) you can just create one vswitch, with both physiacal nics and portgroups and their respective IP ranges.

That way you can have network redundancy and loadbalancing for both portgroups.

This is not NAT, because the physical network will be aware of the MAC addresses of the VMs on the vswitches, and see all virtual adapters, instead of only the Servcie Console, if it had been NAT.

Reply
0 Kudos
patrickds
Expert
Expert
Jump to solution

Does your 192.168 ip-range also exist outside of the ESXi server, or only on VMs?

Reply
0 Kudos
TravisT
Enthusiast
Enthusiast
Jump to solution

If you have the ability to create VLAN's on your physical switch, then I would create two VLAN's. One for the management network and one for the VM's. Then create a vSwtich for the management network and set it's IP to 10.10.10.5 and add a nic to it. Then create another vSwitch for the virtual machines and add the other nic. Plug the nics in to their respective vlan's on your switch (ex. Port 1 = managment vlan and Port 2 = vm vlan).When you create your guest vm's, set their ip to the 192.168.12.0/24 network.

Also, if your switch isn't a layer 3 switch, then you will need to have a router to route traffic between the two VLAN's. However, unless you plan on putting vCenter or other monitoring tools that need access to it, you may not have to do this.

Hope that helps,

Travis

Reply
0 Kudos
TravisT
Enthusiast
Enthusiast
Jump to solution

oh, and you could always have a vm with two nics acting as a router in between the two vswitches.

Reply
0 Kudos
Kal4601
Contributor
Contributor
Jump to solution

I am sorry but I still don't get it. How could simply assigning 192.X.X.X. address will allow VMs to go through a physical NIC 10.10.10.5 to the Internet if there is no NAT and there no routing? The questions below still remain;

1- How and where can I setup NATed network range on the VM host? (192.x.x.x

2- What will be the gateway for VMs?

Attached photo might help understand what I am trying to explain. Thank you everyone for your responses.

Reply
0 Kudos
Kal4601
Contributor
Contributor
Jump to solution

Oreeh- How do I create a v-router through V-center?

Reply
0 Kudos
TravisT
Enthusiast
Enthusiast
Jump to solution

Here is an example of how our ESX hosts are networked. There are two vSwitches, one for the management network and one for the virtual machine network. The highlighted IP address in the management network would be your 10.10.10.5 address. The physical nics attached to that vSwitch are teamed and load balanced within the properties of that vswitch.

There isn't a IP address that you assign to the virtual machine vswitch. The ip address, default gateway, and dns settings are set within the virtual machine it's self. If you would like to create a different subnet such as 192.168.12.0/24, then you would set your VM's with those addresses. However, if you don't have a physical router to act as a router you can create a virtual router. However, don't get confused, this isn't something VMware provides in their software. This is just another virtual machine that you would create that would have routing capabilities. In this case I have created a diagram to illustrate what you would do.

So, above you'll have two vswitches for your virtual machines. One will contain the physical nics that connect to the physical network. The other vswitch will not contain any physical nics but will connect all of your VM's together. The virtual router will have two virtual nics, one plugged in to vswitch1 and the other plugged in to vswitch2. The traffic will go through this VM or "virtual router".

Now, this is a little complex, but it will accomplish what you are looking for. The other option that mentioned and is the method I use is to use VLAN's to segment my network. Our VM's, Management Network, SAN, and physical network are all on seperate VLAN's connected to a layer 3 switch. The layer 3 switch allows me to do routing between the VLAN's. So, my gateway is just my VLAN interface on my physical switch.

So, to answer your questions based off of what I have illustrated:

1) NAT would be part of the Virtual Router. This could be a windows server with routing and remote access setup. Or you could setup a linux server with IP routing. There is a free linux distro called IP cop that would probably work for you.

2.) The gateway would be the virtual nic interface on the virtual router that is connected to vswitch 2 in the illustration.

Hope that helps,

Travis

Reply
0 Kudos
Kal4601
Contributor
Contributor
Jump to solution

Thank you TravisT. This clears up my confusions. In other words the VSwitch within the VM host is just a Layer 2 switch and cannot do routing or NATing. I will have to use a seperate vrouter or a physical router for that. Thanks a bunch again. Now I can move on.:)

Reply
0 Kudos
TravisT
Enthusiast
Enthusiast
Jump to solution

No problem. Yes it's kind of like a Layer 2 switch although slightly dumber and smarter in ways. I have attached a quick guide on virtual networking for you.

-- Travis

Reply
0 Kudos