ESXi

Hi All, I am currently running VMWARE ESXi 4.0 server hosting a number of virtual machines on a public network IP address.   The VMWARE server is also on the public network IP address as well such as 9.x.x.x.  

Since we have a limited of public IP addresses assigned to us, we are running out.   We would like to continue to build more virtual machines but no more public IP addresses.   We are thinking to put these new virtual machines to a private network within VMWARE environment such as 192.168.x.x. 

Knowning that these virtual machines on the private network won't be able to access to public network or via versa.  I know that there should be a way to accomplish this to allow both-way traffic between public and private network but I am unable to find a proper step-by-step to do this.

I have looked at the ESXi Configuration Guide ESXi 4.0 vCenter Server 4.0 documentation and it confused me even more. 

Prehaps someone or someboby has already done this and would like to share this information.   That would be appreciated.....

Another question is that once this is done,  how do I access to one of these virtual machines on the private network if I am using a computer from a public network?  

Thanks in advance.....

David.

you will need to connect your esxi to a router then to WWW. the router can be a physical or a virtual router which you can use as virtual appliance.  Vyatta is a good one. http://www.vmware.com/appliances/directory/522

davidyuz wrote:

Another question is that once this is done,  how do I access to one of these virtual machines on the private network if I am using a computer from a public network?  

You'll need a router and a device that can NAT/PAT (usually a firewall).  You would use 1 public IP for the computers in the private network and on the firewall you would do NATing/PATing over different ports for the private IP for each VMs.

For example, say your public is 9.1.1.1

You would set up NAT/PAT on the firewall to translate 9.1.1.1:80441 to private 192.168.1.1:3389.  Your next firewall rule could do 9.1.1.1:80442 to vm 192.168.1.1:3389.  3389 example is assuming that you are using RDP to windows servers.  You may be able to find a virtual firewall/router appliance.

If you use external DNS you do not have to remember IPs. You could have something like vms.mycompany.com which points to your one public IP.  Then you would use vms.mycompany.com:portnumber to connect to them.

Thanks folks who responded to my questions.  I will review them.

David.

you could set up some sort of a firewall appliance that can NAT all your address requests.

My preference is the Vyatta router appliance.

I have a quick config guide available  - does not take too long to set up.

http://www.get-virtual.info/2011/02/18/using-vyatta-as-firewall-in-esxesxi-for-private-network-simulation-routing-firewalls-dhcp-and-identifying-port-requirements/