VMware Cloud Community
omnigis
Contributor
Contributor
‎01-26-2012 10:27 AM

How to use 1 public address on multiple vms

Dears, I'm not sure I can do that, but would ask for informations/help/tutorials/else to use 1 public static IP to connect to the esxi server and to it's vms.

More exactly that's my situation; I've a dedicated server in housing, and when i subscribed the contract I didn't care about IPs number, for that reason now I've 1 public static IP address that I correctly use to connect using vSphere Client to my ESXi environment.

What i need to do is creare a series of roules like a router, to forward TCP and UDP requests from the internet, to the "intranet" defined inside the vms.

For example, my public ip is 12.12.12.12, my 2 vms have 192.168.1.10 and 192.168.1.20 IPs. There is any way to connect to port 192.168.1.10:80 passing over the 12.12.12.12 ip?
Ofcourse I would use a lots of standard port, 443, 80, 21 and others.

Can I do something?
There is a virtual router :smileygrin: ?

Thanks for help
M

Tags (2)
0 Kudos
5 Replies
Dave_Mishchenko
Immortal
Immortal
‎01-26-2012 10:39 AM

Welcome to the VMware Communities forums.

ESXi does not include any port forwarding capabilities.   Typically what is done is something like the following:

1) Create a VM that acts as firewall.  It has 2 virtual NICs - one connected to the Internet and the other to a DMZ / internal LAN.

2) Additional VMs are just connected to the DMZ / internal and the firewall forwards traffic to the VMs as required.

That of course leaves out how you connect to ESXi.  It is not recommended to have direct Internet access to the host as it open it up to being hacked.  So you can either

1) Put it behind the VM firewall - this isn't recommended as if the VM goes down you have no access to ESXi. Plus to patch ESXi you have to shut down all VMs.

2) Get another public IP and configure ESXi to use it - as mentioned this is not recommended

3) Get another public IP and drop in a basic firewall / VPN device.

omnigis
Contributor
Contributor
‎01-26-2012 12:29 PM

Thanks Dave, i think would be fast to request more ips Smiley Happy.
I'm interested to your solution but i really don't know how to do that.

Thanks bye.

M

0 Kudos
golddiggie
Champion
Champion
‎01-26-2012 12:40 PM

Why not use a router to send any requests for the port to the VM that's supposed to respond? I have a single public IP, but I have [right now] two VM's that can be reached from outside my LAN. One is a FTP server, the other is a web server. I send any FTP port requests to the FTP server, while any incoming web page requests get routed to the web server. I am using services from DYNDNS to make sure that when my public IP changes (it's not static) the traffic still gets routed. Since you have a static IP already, it should be easy.

Part of the services from DYNDNS is to wrap an URL around those other port requests. Such as ftp port requests, have one url, where the web ones use another. It makes it easy for others to connect to my server(s). I perform those port forwarding tasks on my physcial router (a Linksys model). It's one of the few things my router does, since I have an AD DC VM doing all DNS/DHCP tasks (as well as being a domain controller for my home network)...

I pay a small fee each year for the domain routing from DYNDNS, and [IMO] it's money well spent. I also have them covering the domain renewal fees and such, so it's one stop shopping. If you have a domain name you're paying for, then I would seriously look to use their services.

0 Kudos
omnigis
Contributor
Contributor
‎01-26-2012 02:31 PM

Thanks, in my office i've this kind of configuration, i use a router and i forward all the request to internal ports and ip, but in this case i've a dedicated server in housing, i cant install a router. I've to buy more ips.

Thanks

0 Kudos
omnigis
Contributor
Contributor
‎01-27-2012 07:18 AM

HI, I'm back to ask more help.
Now i've got 3 ip failover (i had them included into my subscription).
Anyone can explain me how to use 3 ip failover to connect from internet to vms?

My server is:

IP: 188.*.*.172

Subnet: 255.255.255.0

Network 188.*.*.255

Gateway 188.*.*.254

DNS: 213.*.*.99

IP Failover
IP 178.*.*.28 forwarded to 188.*.*.172.
IP 178.*.*.29 forwarded to 188.*.*.172.
IP 178.*.*.30 forwarded to 188.*.*.172.

Any idea?

Thanks a lot, probably i'm trying to do something too hard for my limitated skill.
M

0 Kudos