Solve my riddle??

Django x2

Django x2

Django x2

Soldato
Joined
28 Sep 2008
Posts
14,207
Location
Britain
Ok, I'm all for brevity when talking networks, but you'll have to bear with me as I'm trying to figure this one out.

1. I'm toying with some private cloud labs at home.
2. My home broadband sits on 192.168.2.x and looks after a small media PC and any wireless devices such as Macbook, laptop, phone, etc
3. Also on this address (182.168.2.17) is an ESXi host with one NIC
4. I created a vLAN on the host with a 10.1.1.x address range for a few vms to operate in a domain, and they route through a PFSense VM which is NAT'd to 192.168.2.20 (my home network) > 10.1.1.254 (PFsense gateway)
5. That vLAN within ESXi is called TNIC.
6. Other "test" VMs in ESXi sit on the normal 192.168.2.x which is basically the VMNetwork assigned by ESXi.

All domain joined machines within the 10.1.1.x network can see the internet and talk to each other and all sit on the TNIC vLAN. Traffic comes in via firewall rules on the Vigor and the PFsense VM.

As I test for RRaS, I added DHCP to one of the machines within the 10.1.1.x range.

The issue comes from the fact that whenever I create a new VM and assign it the normal NIC (ie, Not the TNIC), it seems to get a 10.1.1.x address.

Question? I'm unsure why that is happening. Perhaps I need to create a 2nd (3rd vLAN) for all private VMs within ESXi....
 
That's odd, isn't DHCP a broadcast from a host? So it should not be going into the TNIC VLAN unless it's being forwarded by the PFsense?

Can you do a screenshot of VMwares networking please?
 
Ahh, I might be able to shed some light here.

So that the PFSense VM can pass through to the actual 192 network, it has 2 NICs assigned in the VM. One to the TNIC (10.) and one to the VMNetwork (192.)

Still doesn't quite add up though
 
That's what I thought you would have set up, as ESXI doesn't support NAT (pretty annoying IMO) hence using PFsense to do it for you.

So you have 192<>PF<10>

Is there an IP helper setting in PFsense? I'm unfamiliar with it, but if there is one then it will forward the DISCOVER broadcast packet from the 192 VLAN as a unicast into the 10 VLAN hence onto the DHCP server which would do its job with an OFFER.
 
From a quick Google it's DHCP relay on PFsense. I don't know if not configured means enabled/disabled.

Something is forwarding the broadcast if it is connected as you describe.
 
If this isn't enabled, I can't see how this is working:

VjzR65I.png
 
In which case I think the problem is that you are essentially running two separate broadcast domains on one physical interface and you are not using VLAN tags.

I haven't played with the type of setup you have, except a failed attempt at doing it a few months ago (I didn't spend enough time learning about PFsense). I've since bought a layer 3 switch to separate the two networks (as I also wanted LACP for my Synology).
 
I guess I could vLan at the Draytek, but that limits me slightly.

Ultimately, it's not a massive issue, as I just assign the NICs of the new machines with a 192 address, but it's still meh
 
If you have the option to VLAN on a routable device, this would be the preferred option rather than using PFsense to NAT. Why would it limit you?

Thinking out loud, this is probably why VMware don't allow NAT within ESXI.
 
You must log in or register to reply here.
Back
Top Bottom