VMware Cloud Community
Decapitator
Contributor
Contributor

Cannot understand routing table - how to make my MV reachable from outside?

I've following situation:

Dedicated server with 10 IPs

Installed VMware Esxi.

Installed VMs

I can access internet (Assigned one of 10 static IP)

But my VM is not reachable from outside (ping Remote desktop etc)

=======================================

Now I'll try to describe my network configuration:

My vSwitch gas one uplink connected to physical NIC, has 3 portgroups one of them connected to physical adapter another to esxi host and one to vm

how can I make my VM reachable from outside?

Thanks.

Reply
0 Kudos
5 Replies
a_p_
Leadership
Leadership

Welcome to the Community,

My vSwitch gas one uplink connected to physical NIC, has 3 portgroups one of them connected to physical adapter another to esxi host and one to vm

I'm not sure whether I understand your setup correctly. What you basically need (security / direct Internet access disregarded) is a single vSwitch, which has an uplink to the physical network. On that vSwitch you will have a VMKernel Port Group for the "Management Network" with its dedicated IP address, and a second "Virtual Machine" port group. The required IP configuration for the VMs is done within the guest OS itself.


André

Reply
0 Kudos
Decapitator
Contributor
Contributor

I can connect to internet from VM, but cannot connect to  VM from the internet. This is my problem, can you explain how to  setup my network correctly to do this.

I have 10  white IPs so this must work  as a VPS servers.

Thanks.

Reply
0 Kudos
a_p_
Leadership
Leadership

Does your server sit behind a firewall? Can you confirm that the required ports are open for ingress traffic?

I assume that you've configured the guest to allow ICMP (ping), and RDP, which is not enabled by default in current Windows versions.

André

Reply
0 Kudos
Decapitator
Contributor
Contributor

No my server is not behind firewall everything is open.

Guest can be pinged and can RDP is allowed.

So as I see my server has default configuration.

Reply
0 Kudos
Texiwill
Leadership
Leadership

Hello Archil,

A few things:

     1) Never put your hypervisor's management ports (vmkernel ports) on the Internet.

     2) Please provide a network diagram of all devices between the VM and the Internet (firewalls, switches, routers, modems, etc.)

IP reachability is dependent on many things unrelated to the VM. The most important part is usually what is upstream of the hypervisor.

For Example you can state something like the following:

     DMZ VMs <-> DMZ vSwitch <-> vFW <-> External vSwitch <-> External pNIC <-> External pSwitch <-> ISP Gear

Or

     VM <-> VM vSwitch <-> vFW <->    DMZ VMs <-> DMZ vSwitch <-> DMZ pNIC <-> FW <-> External/ISP Gear

It all depends on placement and what is in the netowrk path. In both the above cases, the FW is blocking external access while allowing internal to internet access.

In both cases there is another network just for Management:

     Mgmt VMs <-> Mgmt vSwitch <-> Mgmt pNIC <-> Mgmt pSwitch

When you virtualize a DMZ it is best to use different pNIC/vSwitch combinations with physical segmentation in the networking layers.

Best regards,

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos