Configuration for using vyos as gateway to vmware

rich · April 6, 2017, 4:19pm

A little background.

We have a vmware esxi server with a /26 network and are going to use vyos as our gateway.
The vyos machine will be hosted on the esxi server itself.

On the ESXi machine we have currently setup one vSwitch with a couple of port groups, liked to a single physical NIC.
the port groups have different VLANs set, as that is how we would want to separate the network.

We will be using the vyos with a couple of interfaces pointing to the different subnets in vmware.

My questions are the following.

how do I set a 1:1 NAT to use public IP addresses on the interfaces behind the fw?

Do anyone here have any insight as to how we can accomplish this?

How it is suppose to be setup:
Internet -> ESXi (vyos) -> virtual guests

On the ESXi I have the following settings: (see screenshot)
Vm port group
Management Network
vl-rich
vl-mono
outside
vl-100

[attachment=179]

they all have different subnets and are all linked to the physical nic: vmnic2

on the vyos it looks like this:
(I will set the eth0 to a static address later on)

interfaces { ethernet eth0 { address dhcp duplex auto hw-id * smp_affinity auto speed auto } ethernet eth1 { hw-id * } ethernet eth2 { hw-id * } ethernet eth3 { hw-id * } ethernet eth4 { hw-id *

Sorry if it was a bit confusing. Ask if you want anything clarified =)

16again · April 7, 2017, 12:18pm

A full 1:1 NAT requires 2 NAT rules:
1 type destination, incoming interface=WAN, transforming destination=WAN IP into LAN IP
1 type source , outgoing interface=WAN transforming source LAN IP into WAN IP
Note, extra WAN addresses used like this should be added to WAN interface. This is where your problem really starts, since you’re on DHCP.

So 1st step is getting static IPs assigned to WAN.

rich · April 11, 2017, 2:28pm

Thanks for your reply.
As I stated above, I will set the eth0 to static and it will be set to a public IPv4 address.
The issue I am facing is how I would go on and assign public IPv4 addresses onto devices behind the for example eth1 interface?

let’s assume I have set the eth0 to the static IPv4 address of 45.40.40.1/27 I then have another 62 addresses in that space (including broadcast).
If I would like to give the IPv4 address 45.40.40.10 to a Linux server sitting behind the eth1 interface.

Would it be possible.
If it is, how would I do that?

I also want to be able to use internal addresses on other interfaces on the Linux server.
i.e; I have 2 NIC on the Linux server, one which uses the vl-rich in VMware, and one that uses vl-mono .
The vl-rich is using public IPv4 addresses while vl-mono uses internal addresses to talk to like database servers and such.

Thanks =)

16again · April 13, 2017, 9:07pm

best to get a /30 address from your ISP, and have the ISP route the /27 network to your /30 IP address.
(btw , /27 are only 32 addresses)

Without that, you have to jump through hoops to get public IPs on internal segment.

Splitting the /27 yourself is an alternative:
45.40.40.1 is your default gateway
45.40.40.2/28 = VyOS WAN interface /28 !!!
enable proxy-arp on WAN interface
45.40.40.17/28 is VyOS DMZ interface