I’m running an ESXi host with some virtual machines on it. Some of those machines are administered by me but some are rented out to clients. In my hosting agreement with my provider I have a few public Internet ip’s assigned to the physical port of the physical switch in which my physical machine is located. This means that any guest machine attached to the first vSwitch can grab any ip in my allotted range. This is fine for the machines I administer, but I don’t want my clients to be able to snatch any ip they see fit, only the ones they’ve been assigned. So I did some research and found that what I needed was probably some sort of virtual switch with bridged interfaces and - on top of that - some sort of ACL. VyOS was suggested for this task. What I’ve done so far is create a vSwitch for every client vps and a separate interface in VyOS for every vSwitch, with the only Internet interface being the one connected through VyOS. Please see the attachment below for a better idea of the current network topology.
So far I’ve been able to get traffic flowing to and from the VyOS-machine only. No matter how I bridge the interfaces there isn’t any traffic going through to the guests. I am probably doing something wrong. What I’m wondering is if what I’m trying to do is at all possible with VyOS, and if so how one would go about it? So far I’ve spent several long nights wrestling with this issue to no avail. Out of the different solutions I’ve tried, VyOS is by far the most easy to work with so I would really like this to work.
Thanks in advance for any help!