jmsge
Contributor
Contributor

VSwitch routing: making public, private VLANS communicate

Jump to solution

how do i configure ESX 3.5 to: make two LANS, one on public network (using DHCP) and the other a private LAN (192.168.x.x). could this be done without using any physical router? thanks in anticipation

0 Kudos
1 Solution

Accepted Solutions
Lightbulb
Virtuoso
Virtuoso

You right I had not bothered to check license status since I use out in testing env.

You could check their web page in the link provided.

You could build a VM with IPCOP, Shorewall or any Linux variant with the proper routing and iptables rulesets.

View solution in original post

0 Kudos
18 Replies
weinstein5
Immortal
Immortal

Welcome to the Forums - Natively ESX does not provide routing - with that being said you can use a physical router in your environment or if you to maintain it all in the ESX Server you can create a VM Based router and route between the virtual switches in your ESX Server - FreeSCO is one that is open source

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Lightbulb
Virtuoso
Virtuoso

2 vswitchs each bound to a NIC that is attached to one of the respective vlans. Install Vyatta Virtual appliance (http://www.vyatta.com/downloads/index.php) on ESX host. Set one adapter on each of the vswitches. Configure each vyatta adapters

set interfaces ethernet eth0 address dhcp

set interfaces ethernet eth1 address 192.168.1.254/24

commit

Setup NAT

set service nat rule 1 source address 192.168.1.0/24

set service nat rule 1 outbound-interface eth1

set service nat rule 1 type masquerade

commit

Set default gateway

set protocols static route 0.0.0.0/0 next-hop xxx.xxx.xxx.xxx (Where xxx.xxx.xxx.xxx is gateway of external network)

commit

I have not done this with DHCP but give it a try.

0 Kudos
Texiwill
Leadership
Leadership

Hello,

Two route between two vSwitches where both have pNICs you can use a physical router, gateway, or firewall. If one vSwitch has no pNIC then you will need a virtual firewall, router or gateway.

Any Linux system can act as one.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
jmsge
Contributor
Contributor

any linux system cab act as virtual router? something built into ESX software ? please suggest. thanks

0 Kudos
Lightbulb
Virtuoso
Virtuoso

Don't mean to be a broken record but Vyatta fits the bill. Give them a look. Its free

Vyatta Virtual appliance (http://www.vyatta.com/downloads/index.php)

0 Kudos
jmsge
Contributor
Contributor

free for commercial use? what are the licensing terms?

0 Kudos
weinstein5
Immortal
Immortal

ESX is not Linux - you will need to build a virtual machine with Linux -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Lightbulb
Virtuoso
Virtuoso

You right I had not bothered to check license status since I use out in testing env.

You could check their web page in the link provided.

You could build a VM with IPCOP, Shorewall or any Linux variant with the proper routing and iptables rulesets.

0 Kudos
Texiwill
Leadership
Leadership

Hello,

To reiterate: ESX is NOT Linux.

Any Linux Virtual Machine can act as a virtual firewall, router, or gateway. There are scores of premade virtual appliances that will do what you desire, Vyatta is just one of them. Even windows with ICS would work.....


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
jmsge
Contributor
Contributor

i have installed IPCOP 1.4.20 on ESX VM. my NIC0 is currently used by Service Console. IPCOP configured eth0 for GREEN(192.168.0.1) and eth1 for RED(DHCP ON). in the end nothing works. can someone help here with IPCOP and ESX (eth0, eth1). i just want to configure a private, public routing..no DMZ required. also ESX 3.5 supports Cisco Discovery Protocol...does this help my situation? thanks in advance

0 Kudos
Lightbulb
Virtuoso
Virtuoso

Ok few things

Can you ping the Green interface from the internal LAN ?

Are both vnic attached to vswitches that uplink (via pnic) to the respective RED and Green VLANS.

Note:

RED needs to be cabled directly in to hub/switch that connects with DSL/Cable modem or whatever you have. I have not Setup IPCOP with a DHCP RED interface before, but IPCOP has some folks on their forums who might be able to help.

0 Kudos
jmsge
Contributor
Contributor

my ESX has vmnic0 which has bunch of VM's on a DHCP network(corporate...DNS is managed, this becomes my RED: connected to internet). vmnic1 is free and this is where i am looking to setup a private LAN(GREEN). this is not configured now that is no VM's on this network. both NIC's have the same AMD driver (built in NIC's on mainboard). but IPCOP somehow picks my eth0 during setup for GREEN. could not think away? pl help if you can. thank you.

0 Kudos
Lightbulb
Virtuoso
Virtuoso

From the console of IPCOP you can run "setup" command which should allow you to modify Network assinments and other settings. I do not have an IPCOP systems in front of me right now so what I just said is from memory, but i am pretty confident about it.

0 Kudos
jmsge
Contributor
Contributor

hello

everything is set now. my 192.168.0.2 m/c is able to ping my RED IP....but i cant access the IPCOP webpage at http://192.168.0.1:81

0 Kudos
Lightbulb
Virtuoso
Virtuoso

Try also https://192.168.0.1:445

Can you ping 192.168.0.1 from green network?

You are doing this from Green network system, right?

0 Kudos
jmsge
Contributor
Contributor

yes i can ping 192.168.0.1 from my GREEN n/w and trying to reach the webpage from here. i am logged in as root on IPCONFIG VM does pose any access issues?do i have to be admin? thanks again for your support

0 Kudos
Lightbulb
Virtuoso
Virtuoso

IIRC the webadmin interface user is other than root. Try admin and see

0 Kudos
jmsge
Contributor
Contributor

hello, the website for IPCOP works on my ESX image, thanks a bunch for your excellent support

0 Kudos