VMware Cloud Community
Fade
Contributor
Contributor
‎03-17-2011 08:20 AM
Jump to solution

ESXi on host system with one physical MAC restriction

Hi to all!

We have ESXi installed on a host system, located in datacenter with MAC restriction on one physical adapter.

Earlier we have VMWare Server 2 with bridged network, so it was not a problem.

All virtual servers was accesible via port forwarding.

On ESXi I cannot found any solution to create bridged network.

Please give me a tip on how to solve this problem.

0 Kudos
1 Solution

Accepted Solutions
J1mbo
Virtuoso
Virtuoso
‎03-17-2011 08:59 AM
Jump to solution

Create a vswitch with no physical adapters.  Connect VM's to that (and an ESXi management vmkernel).

Then install a virtual firewall such as vyatta connected to both the isolated vswitch and the default vswitch with the physical adapter.  Then setup port forwarding rules as required.

View solution in original post

0 Kudos
8 Replies
J1mbo
Virtuoso
Virtuoso
‎03-17-2011 08:59 AM
Jump to solution

Create a vswitch with no physical adapters.  Connect VM's to that (and an ESXi management vmkernel).

Then install a virtual firewall such as vyatta connected to both the isolated vswitch and the default vswitch with the physical adapter.  Then setup port forwarding rules as required.

0 Kudos
DSTAVERT
Immortal
Immortal
‎03-17-2011 09:11 AM
Jump to solution

I often create isolated networks like that.

-- David -- VMware Communities Moderator
Preview file
61 KB
bulletprooffool
Champion
Champion
‎03-18-2011 01:50 AM
Jump to solution

As stated above, something like a Vyatta appliance is the way to go - step through guide here: http://www.get-virtual.info/2011/02/18/using-vyatta-as-firewall-in-esxesxi-for-private-network-simul...

One day I will virtualise myself . . .
Dave_Mishchenko
Immortal
Immortal
‎03-18-2011 02:10 AM
Jump to solution

Do you just have one MAC in total to use (i.e. access to VMs and access to ESXi).  If that's the case then you'll need at least two.   If you put a VM firewall in front of ESXi then you'll have issues should the VM now be able to start.  Plus,  you need to have all VMs powered off to patch the host.

0 Kudos
Fade
Contributor
Contributor
‎03-18-2011 06:43 AM
Jump to solution

Please take a look on my current situation on a screenshot.

I need that Vyatta have IP and MAC of physical adapter. Right now this parameters belongs to Managment Network.

How can I connect firewall to physical adapter directly?

Preview file
136 KB
0 Kudos
bulletprooffool
Champion
Champion
‎03-18-2011 06:49 AM
Jump to solution

The Vyatta will not have the MAC, or IP of the physical adapter. the physical adapter behaves like a Switch (a vSwitch in this case) and allow saccess to the Appliance.

The physical Nic's MAC becomes the same as a switch port, so from a networking point of view, devices on the network see the vSwitch that you create in the same way as any other switch.

One day I will virtualise myself . . .
0 Kudos
Fade
Contributor
Contributor
‎03-18-2011 11:24 AM
Jump to solution

Dear David,

I cannot understand how you transfer "Managed Network" to virtual network without physycal adapter (like on your screenshot).

I tried to create new port within internal network, but it conflicts with IP and MAC of default managed network.

I need to transer it behind the firewall, and firewall must be port to external adapter, with its IP and MAC.

0 Kudos
Dave_Mishchenko
Immortal
Immortal
‎03-18-2011 09:03 PM
Jump to solution

You would need to configure a VM with 2 NICs (one for each vSwitch) configured with IPs on 2 subnets.  Then you'll add a vmkernel port on that new subnet.

After that you can removed the primary vmkernel port and later change the IP address that you use for management if you need to.

0 Kudos