3

I have 5 static IPs from my ISP (Comcast) and I have a physical machine with VMware ESXi 4.0 on it that is hosting multiple virtual machines. Right now I am just using the default vmware virtual network (vswitch0) with DHCP from the Comcast IP Gateway Router and everything is working fine. Each virtual machine can access the internet, etc.

One of my virtual machines is a webserver (Windows Server 2008) and I want to assign it to 1 of my 5 static IPs so it's accessible from the public internet, while leaving the other VMs on the internal LAN still using DHCP.

If I just plug my laptop directly into the Comcast IP Gateway (it has 4 ports on the back) and assign my laptop a Static IP using the windows networking dialogs, then I can hit my laptop from the public internet and it works great. However, if I try to do the same steps to set a static IP config on my Windows Server 2008 VM, it does not work. The VM cannot access the internet (open Firefox and try to visit google.com), and I cannnot see the VM from the public internet either.

I'm assuming I'm missing something in the ESXi config somewhere, but I'm pretty new to ESXi and I'm not sure how to configure it to work this way.

user9517
  • 114,104
  • 20
  • 206
  • 289
Kevin Southworth
  • 149
  • 1
  • 2
  • 5
  • I should note that the Comcast IP Gateway is configured to pass through any/all traffic on any of my 5 static IPs. This is why if I just configure my laptop to one of my static IPs it "just works" and I can now hit my laptop from public internet. I was assuming I could do the same with my Windows Server VM...but it seems the ESXi host is doing something to prevent that from working – Kevin Southworth Jun 23 '11 at 14:47
  • This almost certainly isn't an ESXi issue at all. Can you let us know your DHCP scope setup (IP range, netmask, gateway), then your router's internal IP address, and the range of statics you've got please – Chopper3 Jun 23 '11 at 14:50
  • What kind of network interface are you using in your virtual machines? Bridged? Natted? – wolfgangsz Jun 23 '11 at 15:16

1 Answers1

3

Since your VMs can talk to the inside of your Comcast router over vSwitch0, the physical nic used by vSwitch0 is also connected to the inside. I don't have that hardware at my disposal, and the Internet provides conflicting information, but I suspect that the router actually figures out which traffic to NAT, and which to pass through, based on the physical ports. That's why you can use DHCP and internal IPs on one port, and a public IP with your laptop on another port.

If my understanding is correct, then you need to attach another physical nic of your ESXi server to a port on the Comcast device, configure a new vSwitch using that pnic, and connect your VM to that vSwitch.

Now, forget everything I've just said. Because connecting a web server directly to the Internet is just reckless.

Instead, configure your web server VM with a static IP on your LAN (same network as assigned over DHCP, making sure the IP you choose is not in the DHCP range). Then you have two alternatives for routing: 1. Set up port forwarding for the public IP address used by the Gateway, so that connections to ports 80 and 443 go to your web VM's static IP, and connect web VM to vSwitch0. 2. Set up another firewall that will hold your public IPs and port forward 80+443, create another network path (second pnic - second vSwitch) to connect to the inside of that new firewall, and connect web VM to the new vSwitch.

Max Alginin
  • 3,284
  • 14
  • 11