We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

ESX 6.0 w/failover IP & pfSense or DD-WRT


DirtySpiv
2016-02-01, 02:55 PM
What is in Interfaces > WAN > IPv4 Upstream Gateway? Should be set to None.
Firewall > NAT > Outbound should be set to "Manual Outbound NAT rule generation" and mapping for you LAN should be created.

West6372
2016-01-31, 05:50 PM
Well if I have 4 failover IPs, then that would leave me with only 4 VMs that I can use. My whole goal is to setup a lab environment for VMware vCenter, running probably 8 VMs in total. I just don't understand with the pfSense, seems very simple in theory, I just can't it to work...thinking I must be overlooking something.

HTMLtag
2016-01-31, 12:30 AM
I'm just wondering why you want your private network to route to a public network instead of having a private network and public network.

In OVH, you can assign a Virtual MAC to an IP address. (Choose VMware type for ESX due to the limited MAC range).
Create a bridged network adapter on each VM with the MAC address it generated and network it as if it were a physical box.
IP = IP of Virtual MAC
Subnet = 255.255.255.255
Gateway = IP of host with .254 as the last octet
Broadcast = IP of virtual MAC
DNS = your preference, I like Google's 8.8.8.8 and 8.8.4.4

If you want an internal network, just create another network adapter with an internal lan.

I don't know why you're trying to complicate it with vswitches and things like pfsense. I mean you can do things that way, but they are unnecessary unless you're trying to do something advanced or need another layer of security. Outside of OVH, I've used OpenVSwitch in place of expensive hardware switches, but that was because I was doing advanced things with dynamic vlans and isolation of the networks for groups of VMs along with promiscuous networking in those vlans so I could have pxe automation services... however, it sounds like you're just trying to get some VMs to have Internet access, with the possibility of also having a private internal network.

West6372
2016-01-30, 04:33 PM
Not using advanced firewall layers. I thought the whole reason for using pfSense was to setup a bridge from private to public network? Think I may not be understanding what you're saying, could you elaborate further?


Quote Originally Posted by HTMLtag
Is there any reason you're not just using a Bridge and associating the virtual MAC addresses and offload the routing to OVH's switches? Are you wanting to use advanced firewall layers?

HTMLtag
2016-01-30, 04:18 PM
Is there any reason you're not just using a Bridge and associating the virtual MAC addresses and offload the routing to OVH's switches? Are you wanting to use advanced firewall layers?

West6372
2016-01-30, 03:51 PM
Here are some images to go along with what was described above...notice the Gateway says it's 'offline.'

https://www.dropbox.com/s/vxyfhlspnf...rking.jpg?dl=0

https://www.dropbox.com/s/7xyoxxawrj...nsole.jpg?dl=0

https://www.dropbox.com/s/co7cjol357...l_LAN.jpg?dl=0

https://www.dropbox.com/s/7fmhbzv6no...teway.jpg?dl=0



Quote Originally Posted by West6372
I've researched everything through this forum and other sites, trying to setup an internal network to use for my VMs, but I still cannot gain Internet access. I'm hoping that someone will see something that doesn't look correct and can point me in the right direction. Thanks ahead of time.

I have the dedicated IP which ESX is using and I requested additional failover IPs to use for the VM(s).

I also requested the MAC for the failover IP and am using that in my WAN adapter configuration for the NIC within the VM settings.

I setup an additional switch, 'vSwitch1' for use with new Virtual Machine Port Group 'WAN,' and assigned to 'vmnic1,' 'vSwitch0' is connected to 'vmnic0' with 'LAN' designation.

Within pfSense, I've assigned em0 to my WAN interface, and em1 to my LAN
I've added the route commands at the shell of pfSense as follows:

route add -net 158.x.x.254/32 -iface em0
route add default 158.x.x.254

I created a Firewall rule on LAN side saying Source is 'LAN net,' and Port, Destination, and Gateway are all set to '*'
I created a Floating Firewall rule for pinging, with Protocol being set to 'IPv4 ICMP' with Source, Port, Destination, and Gateway all set to '*'

If I try to ping the Gateway, 158.x.x.254 from the pfSense console, I receive 'Host is down.'
Likewise if I try to ping from a 2008 VM I have running and assigned a 192.168.111.0/24 address from pfSense, I'm not able to reach anything.

One other thing I tried was creating a new Virtual Machine Port Group 'WAN1' interface on 'vSwitch0' since I'm only using one NIC anyway, and then assigning the MAC address within the settings for the NIC, and designating 'WAN1.' This still does not get me any internet access.

The IP I'm using for the failover 192.x.x.77, I assigned to my 2008 VM, along with the MAC within the NIC properties, and I verified that the IP does work fine, and with that I'm able to get onto the Internet no problem.

So, what is it that I'm missing here? Any help would be greatly appreciated. Thanks.

Eric

P.S. I tried to setup DD-WRT on another VM with pfSense powered down, and end up with the same issue, no internet access.

West6372
2016-01-30, 12:17 PM
I've researched everything through this forum and other sites, trying to setup an internal network to use for my VMs, but I still cannot gain Internet access. I'm hoping that someone will see something that doesn't look correct and can point me in the right direction. Thanks ahead of time.

I have the dedicated IP which ESX is using and I requested additional failover IPs to use for the VM(s).

I also requested the MAC for the failover IP and am using that in my WAN adapter configuration for the NIC within the VM settings.

I setup an additional switch, 'vSwitch1' for use with new Virtual Machine Port Group 'WAN,' and assigned to 'vmnic1,' 'vSwitch0' is connected to 'vmnic0' with 'LAN' designation.

Within pfSense, I've assigned em0 to my WAN interface, and em1 to my LAN
I've added the route commands at the shell of pfSense as follows:

route add -net 158.x.x.254/32 -iface em0
route add default 158.x.x.254

I created a Firewall rule on LAN side saying Source is 'LAN net,' and Port, Destination, and Gateway are all set to '*'
I created a Floating Firewall rule for pinging, with Protocol being set to 'IPv4 ICMP' with Source, Port, Destination, and Gateway all set to '*'

If I try to ping the Gateway, 158.x.x.254 from the pfSense console, I receive 'Host is down.'
Likewise if I try to ping from a 2008 VM I have running and assigned a 192.168.111.0/24 address from pfSense, I'm not able to reach anything.

One other thing I tried was creating a new Virtual Machine Port Group 'WAN1' interface on 'vSwitch0' since I'm only using one NIC anyway, and then assigning the MAC address within the settings for the NIC, and designating 'WAN1.' This still does not get me any internet access.

The IP I'm using for the failover 192.x.x.77, I assigned to my 2008 VM, along with the MAC within the NIC properties, and I verified that the IP does work fine, and with that I'm able to get onto the Internet no problem.

So, what is it that I'm missing here? Any help would be greatly appreciated. Thanks.

Eric

P.S. I tried to setup DD-WRT on another VM with pfSense powered down, and end up with the same issue, no internet access.