ESX doesn’t have NAT inbuilt, so here’s how to configure it with the help of a VMware appliance called pfSense (an Open Source [free!] firewall/router).
There are three components in this setup:
Host
router/pfSense
NAT Client
Host
A great read for beginners and those refreshing is the VMware Virtual Networking Concepts whitepaper
Now lets create a network that our NAT’ed VMs will be using.
When prompted under Connection Type, select a ‘VM Network’, as this is for the typical traffic within the Virtual Machine (not IO or management of your machines).
Lets create a vSwitch that doesn’t connect to anything, a dud, a blankie. This will be our NAT’ed environment. It’s quite important that you DON’T connect a network card to this vSwitch to prevent any inadvertent DHCP leakage. Make sure you have nothing selected.
Give it a name to differentiate.
Once you’re done, click finish and you will have something two network available to your VMs:
VM Network
NAT Network
Time to setup pfSense. Once you’ve downloaded and extracted it. You have the option of either copying it directly to your datastore and then adding directly to inventory, or importing via the Standalone Converter. I find the latter is always faster.
router/pfSense
Incase you’re converting pfSense first (like I did whilst re-doing it for this post), I recommend you disable the network interfaces until you’ve finished setting up the host networks. We’ll enable these in a later step.
Disabled interfaces
Once the conversion is complete, time to configure our virtual router. pfSense is provided with two NICs out of the box. One for the WAN interface (which is your internal LAN), and one for ‘its’ LAN – the one on which it will be servicing DHCP requests.
Mark down the last 4 digits of the MAC address, these will help to validate the following step.
Configuring pfSense NICs
Start the pfSense VM. You will be guided through the mapping of the interfaces, and just to make sure – check to see the MAC addresses matching to the VM Network (in my case 67:3c) and NAT Network (67:46).
Upon following the wizard, and if you’ve followed everything accordingly (or rather I documented the steps properly) you will be shown the interfaces within pfSense, their mapping (WAN vs LAN) and IP addresses.
NAT Client[s]
You are now ready to assign clients on this host to the NAT Network and have them pick up addresses dished out by your shiny new appliance.
The whole setup takes just under 5 minutes from start to finish to complete.
Working with a heavily enterprise-led customer base, I was excited to see an article looking specifically at how large corporates can extend their workloads into the cloud, within the industry this is commonly referred to as cloud bursting and unicorn spotting. Last night I read a post by Aditya over…
Upon trying to create a Routed network within vCD, you can be faced with a “Error creating Edge VM” message. If you look within the debug logs, the stack-trace will look something like
In order to demonstrate to some customers, partners and colleagues that haven’t had a chance to enjoy vCloud Director yet, I’ve recently prepared some videos which demonstrate how you go setup a network within vCD.
Matemroz
Hey, I’ve read your article and it was very helpfull for me. But after doing everything what as you said, I have some problems.
I need an Internet in machines in VM Network. I set an interface for workstation in VM Network:
eth1: 192.168.1.2
gateway: 192.168.1.1
for pfsense:
lan ip: 192.168.1.1
wan ip: 9.*.*.19
gateway: 9.*.*.1
I can ping between these two machines, but only pfsesne machine has proper Internet connection. Could you help me with this strange problem?
Chad Gibson
Hey. I think I followed all of your steps correctly but the the WAN interface keeps saying -> NONE (DHCP) can you help me some?
for us real noobs, can you please provide a detailed breakdown of how you did the converting pfSense ?
Collims
Sir,my challenge is that i have a server 2012 which runs on a ESXI host. This server machine has an ip 10.108.13.11. i want this host to be statically mapped to 2.2.2.2 (fake public ip cos of security reasons) i have configured the static nat on the cisco router but i cant reach the internal host from internet.
However, i have read your article. I have successfully installed the NAT-NETWORK and pfsense.i am stuck in selecting the WAN interface as well as the LAN interface.you said my wan interface is my lan while the lan interface is pfsens’s lan.how do i view the lan interface to be used for the wan and the lan interface to be used for pfsense lan.
i do not understand what you mean by nat client. am i going to install a nat client software ?
