Hi,
I have ESXi 4 installed successfully, and the management IP address is on the range 173.xx.xx.184/29
The ESXi host has configured the one single nic with the IP address of 173.xx.xx.186/29 as Management Network, the default gateway is 173.xx.xx.185
Now I have one single vSwitch which is connected to this IP range of 173.xx.xx.184/29.
Now the problem is:
- I have installed 3 windows virtual machines, assigned them the IP addresses 173.xx.xx.187/29, 173.xx.xx.188/29 and 173.xx.xx.189/29 with default gateway 173.xx.xx.185
- and I can access the first 2 VMs with RDP, but I can't access the third one .189
The firewall guys say that everything is opened and I don't know what is the problem, because if I change the .188 Virtual Machine from .188 to .189, then it becomes unaccessable.
And also a strange thing is that I can access the machines using RDP from one to another, meaning I can access from .187 the machines .188 and .189, but I can't access the .189 from exterior.
Hope it makes sense.
Any help would be very appreciated.
Thanks.
Also the internet connection on the hosts to which I can connect, is very slow, some sites are working, some are not ... This is a very weired behaviour ...
Any clue, somebody? Please
Here is a screenshot of the vSwitch configuration, may be it will be helpfull.
Thank you.
So all your VMs are behind a firewall?
"The firewall guys say that everything is opened and I don't know what is the problem, because if I change the .188 Virtual Machine from .188 to .189, then it becomes unaccessable.++
+And also a strange thing is that I can access the machines using RDP from one to another, meaning I can access from .187 the machines .188 and .189, but I can't access the .189 from exterior."
- Sounds like 3389 to .189 is not opened. Have the firewall admin double check and show the line that permits it
Can you ping the gateway 173.x.x.185? from the 189 VM. Do a tracert from the VM to a node on the other side of the firewall. See which hop its fails on. assuming that the other side is the internet and tracerts are allow thru the firewall, tracert to google.com (they allow it). Usually connections intiatied going out are ALL open - depending on the admin of course. This would prove that inbound connections are being blocked.
With 173.x.x.184/29 you should have 7 IPs. 2 will be un-usable, so you have 5 in the range to use. So you should be good.
1)Network Address: 173.x.x.184
2)Router/Firewall: 173.x.x1.85
3)ESXi host: 173.x.x.186
4) VM1: 173.x.x.187
5)VM2: 173.x.x.188
6)VM3: 173.x.x.189
7)BroadCast: 173.x.x.190
The latency could be due to the traffic you are pumping to/from the vms and your provisioned bandwidth. Do you have an additional NIC to add to vSwitch0.
-
Robert
BSIT, MCP, A+, VCP (VI3)
Hi,
I've done all the checks you've said before posting here, and I too think this is a firewall issue. Traceroute is blocked from the firewall and I can't tracerouter from or to the VMs. Ping to the gateway is working, everything is leading to the conclusion that the firewall is the problem. But the provider is saying that everything is opened there.
By the way about the IPs you are a bit wrong.
173.x.x.184/29 has 8 IP addresses (the IP addresses are usually the power of 2, here is 2 at the power of 3, which is 😎 from which 2 are unusable, which are
- the network address 173.x.x.184 is unusable
- and the broadcast address which is 173.x.x 191 also unusable.
But this is not the problem, I have enough IP addresses, and I can make NAT if I don't have. The problem is that I can't access the VMs.
Also a very strange thing is that checking the port 3389 from the internet site t1shopper.com/tools/port-scan/ it shows ports available for all the VMs, which made me think that here might be a problem from the ESXi also ...
This is a very strange problem, any help appreciated.
Thanks for the correction. You're definitely correct. I did remember the formula 2^n-2, but didn't use it - The idea was that you have enough host address. :smileygrin:
I would be very surprised if it is an issue at the ESXi level.
Based on what you wrote, I think you are going to have to put some pressure on the Provider.
They need to syslog your connection attempts and provide that you. It is not fun when you don't have any exposure to the devices in front of yours.
-
Robert
BSIT, MCP, A+, VCP (VI3)
Message was edited by: Walfordr - corrected very poor grammar and horrible fire fox formatting
Yes Walfordr,
I do agree with you and I am making some pressure on my ISP. I will post the results here.
I had an issue with the gateway and it ended up being an issue with my NIC configuration on my host as I had multiple NICS. I had two NICS on the host and the one I thought I was using wasn't actually selected. You might want to check that.
RC
Hi 5lbBass,
Thanks for reply, but the settings on the VMs are perfectly correct, and the internal firewall is disabled.
Hi All,
The problem was on ISP part. So nothing wrong with ESXi configuration.
Thank you all for your help.