Hi all and sorry for my english...
I have a dedicated server online where is installed esxi 6.5 that I'm using for the first time...
The problem internet connection with VM...
This is my situation
WAN IP xxx.xxx.xxx.xxx that is attached to NIC vmk0 -> Portgroup Management Network
2 physical NiCs, 1 connected 1000 full duplex, 1 down
a vSwitch0, 2 Port Groups, 1 Uplink
2 port group VM Network and a Management Network
Seems that I need a virtual router to use VM for internet, than I have downloaded pfSense. I have created a new vswitch (2 times, with and without uplink) and a portgroup (NAT Network) to this vSwitch. In pfSense the 2 network adapters are VM Network and Nat Network, but can't get WAN working ...
What am I doing wrong? I can use another NICs, is this the problem?
Thanks a lot
It will be easier for others if you could post a screenshot of your vSwitch and port group and uplink topology.
Welcome to the Community,
do you have a second public (WAN) IP address for the virtual router? The first one cannot be used because it's already in use for the ESXi Management.
André
These are all my network tabs
---------
here I can add another VMKernel Nics
---------
---------
---------
Than I must ask for another IP address ?
Hey, hope you are doing fine:
If you place the ESXi management network on the WAN what you'll accomplish is exposing esxi over internet, and that's not ideal.
What you need to do is to add a portgroup named (for example) DMZ in which pfsense will reside. That portgroup needs to have the same VLAN ID as your WAN interface.
To your PFsense VM you will connect on one nic you DMZ porgroup and on the other nics your additional networks.
Hey FireFoxII,
As they say below you should not expose the ESXi over the internet as it is a risk in a security perspective even if you are NATing is as the ESXi does not need Internet access at all. Regarding your routing configuration, the PfSense should be configured like this:
If you share the same vmnic you will need VLAN tagging and the physical port of your ESXi into Trunk Mode.
On the pfsense you can do a SNAT rule to translate the whole VM Network into one WAN IP and after that you can configure the needed routing to reach the next hop and finally the Internet. To which equipment will your pfSense be connected?
I made the next diagram assuming a lot of things based on what you described:
First I suggest to use an easier router to work, for example a Mikrotik routing configuration is easier to setup in front of the pfsense that you chose.
Next I think it's better to setup your networking from the scratch. I mean for a moment don't consider the current WAN connection (WAN IP on VMK0). Then create two separate standard vSwitch and for each of them add a single port group: PG-LAN in VSS1 and PG-WAN in VSS2.
Then add that down pNIC to the LAN vSwitch (You should actually connect it physically) and then configure IP addresses for your virtual router. Add an internal IP address from the LAN network and add your WAN connection (IP address , PPPoE and etc based on your design).
At last step when you test the VM connection inside the internal network and it is actually Ok, then you can add the current pNIC that handle the VMK0 traffic to the WAN vSwitch. Anyway I know it's not a safe way because you may lose your connectivity temporarily, but It seems you don't have any additional WAN IP address and I think you have no choice to do ... But I did it many time in similar situation
For safe of the networking setup and, insurance that you don't lose the connection, yes if it's possible for you, request another WAN IP address from your ISP ...
Sorry, I'm always stuck.................
NathanosBlightcaller
I can't connect physically a LAN swicth because it's a dedicated server, it's located in a datacenter
Lalegre
Can you help me about this?
> If you share the same vmnic you will need VLAN tagging and the physical port of your ESXi into Trunk Mode.
What I am suggesting is configure the physical switch port in Trunk mode and tag the VLANs there. Could you please do a quick diagram of your network construction?
When I mentioned LAN means every internal network in your datacenter. For example port groups with their corresponding VLAN IDs that are defined in the virtual switch and, as you know you should configure the physical ports (vmnics) as trunk ports in the physical switch.