VMware Cloud Community
mjimlay
Contributor
Contributor
‎12-18-2012 08:48 AM

Single IP Address

My ESX 5 server is assigned an external public IP address from the data center. I need some VM's to have access to the internet with port forwarding enabled for services. In the past, I would setup a pFSense box as a VM and assign the public IP to it and give all my VM's local IP's and setup port forwarding to them, but this was when I had multiple IP's and not just a single IP.

I don't want to waste an IP to strictly only have it for the VMWare Management. Is there anyway possible I can have a single IP but shared between the host and VM's and just setup port forwarding accordingly? I really don't want to pay for an additional IP.

0 Kudos
5 Replies
a_p_
Leadership
Leadership
‎12-18-2012 09:02 AM

I'm afraid there's no way around a second IP address. How would you manage the host if the pfSense firewall is turned of or has issues?

André

0 Kudos
jkovba
Contributor
Contributor
‎12-18-2012 10:02 AM

Here's a creative idea that requires some overhead to maintain, although not a ton, but does allow you to use just one single external IP:

I'm not sure how big you are on networking, but at least on a Cisco ASA, you can accomplish this by using static NAT statements.

1. Configure your ESX host to accept traffic on port X.

2. Configure your VM to accept traffic on port Y.

3. Setup NAT rules similar to these on whichever device you are using for routing or NAT'ing:

static (outside,inside) tcp <external_ip> <port X> <ESX_host_ip> <port X> netmask 255.255.255.255

(send traffic destined for <external_IP>/port X (ex: 80) to the ESX host IP)

static (outside,inside) tcp <external_ip> <port Y> <vm_ip> <port Y> netmask 255.255.255.255

(send traffic destined for <external_IP>/port Y (ex: 8080) to the VM IP)

Notice that the traffic is all going to the same external IP, but it is being NAT'ed to a different machine based on the destination TCP port!

By specifying the 'tcp' flag in your NAT statements on the Cisco commandline, it lets you NAT based on TCP port number, not just IP address.  So, if you can configure your host to use one port number and your VM's to use another port number, you can successfully use NAT with just a single IP.  The downside is, of course, that you'll need a different port number for each VM as well as a different NAT rule.

It's a creative idea that will definitely work, but it requires some network expertise to get going.  Enjoy!

0 Kudos
nshetty
Enthusiast
Enthusiast
‎12-18-2012 10:04 AM

Dont think 2nd Ip would be a possibility here. However, I shall try a few things and get back to this thread.

As of now, I dont think its possible.

Cheers,

NS

0 Kudos
iw123
Commander
Commander
‎12-18-2012 01:13 PM

Hi

when you say, public IP, you mean as in internet routable ip assigned by an ISP? Why would your host managment be configured with a public IP?

*Please, don't forget the awarding points for "helpful" and/or "correct" answers
0 Kudos
mjimlay
Contributor
Contributor
‎12-18-2012 01:53 PM

The host management does have a public IP assigned to it and this is the only way it can be configured and this is how I have alway configured all my ESX servers and never had a problem. There is no VPN/Firewall in place. The server is connected directly to the ISP per say and that cannot be changed.

Either way, I just found out that I actually have 3 additional IP's for a total of 4 of which 1 is being used by the host. If you know of a better way then by all means tell me, but I use vSphere and simply enter in the public IP regardless of where I am located at so I can access all my VM's.

0 Kudos