I'm a bit at a loss here and am really looking for a suggestion. I have a VMWare ESXi server located in a data center. It has 10+ VM's running on it, such as a couple Exchange Servers, Web/DNS Server, and so on.
I have two blocks:
I have also a primary IP of 199.48.xxx.89. According to the data center, 199.48.xxx.89 is statically routed towards the .89 address, as per below:
inet.0: 141 destinations, 141 routes (141 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
23.92.xxx.120/30 *[Static/5] 1w0d 19:18:08
> to 199.48.xxx.89 via vlan.602
I am current using two IP's out of the /29 block. I am currently using two of these IP's... one for the ESXI interface so I can manage my server remotely, and one for a VM.
This is what I am looking to do:
I would like to have all IP's (except two of the /29 block) as well as the primary IP and /30 block assigned to a VM and have that VM route requests to different VM's... for example:
IP1 Port 25 route to 10.0.0.10
IP2 Port 25 route to 10.0.0.20
I currently have a Windows 2003 Server with RRaS doing this, but I cannot for the life of me get the /30 block to work on it. I even added a 2nd NIC interface specifically for the /30 block and had the primary IP as the main IP and the /30 IP as additional IP's.. but of course Windows Server throws an error saying subnet mask is invald which I am using 255.255.255.252. It also will not take 255.255.255.255
Any suggestions? I am open to using any OS as a "route" as long as I can get all these IP's working with port forwarding.
Personally I wouldn't be looking to use RRAS as my router/Firewall, another alternative which does have a free for business use license is Astaro.
Much easier to use IMO. What you are attempting to do here is Network Address Translation (NAT) which is fairly standard stuff.
Datacenters will secure networks in different ways. Providers may request the MAC address of the VM to secure the network that way, but they could be using different methods.
One potential issue is the traffic isn't even reaching your network as the second vNIC created hasn't had the mac address registered with your provider?
a /30 network will give you 1 usable IP address (if you are routing on the network as one will be used as the gateway). The others are the network addresses and broadcast addresses. I suspect you are entering in the broadcast or network address which is causing Windows to complain. Also you need to make sure you don't use the gateway IP address.
Thanks for your reply. According to the data center, I would have 4 usable IP's. See below:
This means you either must bind them directly on that host, or bind one of them on that host to act as a gateway and perform routing for the other host(s). Keep in mind that a /30 is just that, a /30 subnet. If you bind them directly on 199.48.xxx.89, all 4 would be usable, but if you intend to do routing for other virtual machines, etc, then only 1 becomes usable.
If you are binding them on the 199.48.xxx.89 machine, you may need to augment the network mask with 255.255.255.255