5 Replies Latest reply on Feb 25, 2020 4:52 AM by Texiwill

    Cannot understand routing table - how to make my MV reachable from outside?

    Decapitator Lurker

      I've following situation:

      Dedicated server with 10 IPs

      Installed VMware Esxi.

      Installed VMs

      I can access internet (Assigned one of 10 static IP)

      But my VM is not reachable from outside (ping Remote desktop etc)

      =======================================

      Now I'll try to describe my network configuration:

      My vSwitch gas one uplink connected to physical NIC, has 3 portgroups one of them connected to physical adapter another to esxi host and one to vm

      how can I make my VM reachable from outside?

      Thanks.

        • 1. Re: Cannot understand routing table - how to make my MV reachable from outside?
          a.p. Guru
          Community WarriorsUser ModeratorsvExpert

          Welcome to the Community,

          My vSwitch gas one uplink connected to physical NIC, has 3 portgroups one of them connected to physical adapter another to esxi host and one to vm

          I'm not sure whether I understand your setup correctly. What you basically need (security / direct Internet access disregarded) is a single vSwitch, which has an uplink to the physical network. On that vSwitch you will have a VMKernel Port Group for the "Management Network" with its dedicated IP address, and a second "Virtual Machine" port group. The required IP configuration for the VMs is done within the guest OS itself.


          André

          • 2. Re: Cannot understand routing table - how to make my MV reachable from outside?
            Decapitator Lurker

            I can connect to internet from VM, but cannot connect to  VM from the internet. This is my problem, can you explain how to  setup my network correctly to do this.

            I have 10  white IPs so this must work  as a VPS servers.

            Thanks.

            • 3. Re: Cannot understand routing table - how to make my MV reachable from outside?
              a.p. Guru
              vExpertUser ModeratorsCommunity Warriors

              Does your server sit behind a firewall? Can you confirm that the required ports are open for ingress traffic?

              I assume that you've configured the guest to allow ICMP (ping), and RDP, which is not enabled by default in current Windows versions.

               

              André

              • 4. Re: Cannot understand routing table - how to make my MV reachable from outside?
                Decapitator Lurker

                No my server is not behind firewall everything is open.

                Guest can be pinged and can RDP is allowed.

                So as I see my server has default configuration.

                • 5. Re: Cannot understand routing table - how to make my MV reachable from outside?
                  Texiwill Guru
                  vExpertUser Moderators

                  Hello Archil,

                   

                  A few things:

                   

                       1) Never put your hypervisor's management ports (vmkernel ports) on the Internet.

                       2) Please provide a network diagram of all devices between the VM and the Internet (firewalls, switches, routers, modems, etc.)

                   

                  IP reachability is dependent on many things unrelated to the VM. The most important part is usually what is upstream of the hypervisor.

                   

                  For Example you can state something like the following:

                   

                       DMZ VMs <-> DMZ vSwitch <-> vFW <-> External vSwitch <-> External pNIC <-> External pSwitch <-> ISP Gear

                   

                  Or

                       VM <-> VM vSwitch <-> vFW <->    DMZ VMs <-> DMZ vSwitch <-> DMZ pNIC <-> FW <-> External/ISP Gear

                   

                  It all depends on placement and what is in the netowrk path. In both the above cases, the FW is blocking external access while allowing internal to internet access.

                   

                  In both cases there is another network just for Management:

                       Mgmt VMs <-> Mgmt vSwitch <-> Mgmt pNIC <-> Mgmt pSwitch

                   

                  When you virtualize a DMZ it is best to use different pNIC/vSwitch combinations with physical segmentation in the networking layers.

                   

                  Best regards,