Hey! I know this is maybe better suited for a VMWare group, but I can’t find one with the whole Reddit fiasco. So I’m hoping someone can point me in the right direction or give a bit of advice.
I have VMWare Workstation 16 currently using NAT. This has been working well for a while, as whenever I need to open a port, I just manually do it one by one. But as I’ve been hosting game servers it’s becoming a bit tedious to do one by one and there’s not an option to open ports by ranges using NAT.
I read that Bridged is what is recommended for my use case. And I’ve tried this but can never get it to work. I’ve tried deselecting all but the main NIC too.
I rent a dedicated server, I only have access to one IP with the option to purchase a secondary IP. I’m guessing it’s because of this I can’t get Bridge to work, because I don’t have access to DHCP.
Is my only option to purchase a secondary IP, create a VM for PfSense and have that manage the DHCP? (That’s even if I’m understanding this correctly)
Or would installing something like EXSi achieve what I’m trying to do?
Many thanks in advance!
I think you might be misunderstanding what bridging and NAT are.
Network Address Translation (NAT) is a technology that allows one IP to have many IPs behind it, and those IPs will route through a specific (potentially virtual) machine to reach things on the internet (and vice versa). In the case of a VPS hosting VMs or Containers it allows you to have many different VMs and Containers share a single IP and therefore save IPs and money.
Bridging is effectively creating a switch, so every VM would be directly connected to whatever network is a being bridged (sounds like that would be the internet in this case)
On a VPS you would almost definitely want to be using NAT
Hi! Thank for replying!
I certainly won’t disagree about misunderstanding, and thank you for explaining. I noticed you saying that for VPS I would certainly want to be using NAT, would that also apply for dedicated server? As that’s what I’m using and thought there was a difference. (Sorry if I come across as dense, it’s because I am dense haha.)
I would quite happily still use NAT if there was a way that I could open a range of ports for one of the VM’s. As I do want to expose that VM to the internet as it’ll be used for deploying several steam game servers.
Which is why I thought that my option would be to purchase a secondary IP, create a virtual nic using the details of that secondary ip, and create a pfsense vm and have that acting as a dhcp for the vm that I want to expose with a range of open ports.
I then thought that instead of purchasing a secondary ip, maybe I could still achieve this if I changed my host(currently windows) to proxmox or exsi to achieve what I’m hoping to try and do. But the more that I’m reading, the more I’m thinking I might just need that second ip.
Purchasing a second IP won’t stop you from needing to forward ports. As long as you’re exposing services to the internet you’ll need to open and forward ports as any kind of firewall requires you to poke holes for the services you want people to access.
What you might be able to do if you just want port ranges is setup a PFsense VM with two virtual NICs, one bridged with the public IP you’re renting and one set to a VMware internal network (I think that’s the verbage VMware uses) as a LAN, then connect all of your individual virtual machines to that internal network. You would need to somehow access the PFsense webgui from an internal VM though as that shouldn’t ever be exposed to the outside internet, and there is the performance hit to consider if your server is at all resource constrained
From a networking standpoint there’s no difference between a VPS and a dedicated server. A VPS is just a VM that you’re renting sharing hardware with a bunch of other VMs rented by other customers, meanwhile a dedicated server is renting an entire server (I’ve also seen some services offering the middle ground of a dedicated CPU where you aren’t potentially sharing CPU cycles but still get the cost efficiency of sharing hardware. Still exactly the same from a networking standpoint though)
Why do you believe you need a second IP?
The issue I have isn’t about forwarding ports, it’s more of how I’m able to forward ports. The VMWare Workstation on NAT only allows me to forward a single port at a time which is extremely tedious. I understand that forwarding ports is required to expose services to the internet. So I’m trying to find a way to not use it. Bridged mode would be perfect if I could get it to work.
The pfsense situation seems perfect for what I need, the only problem I have is that it won’t bridge. (I tried the different options; replicating, and only selecting the nic that provides internet without any luck) I thought it didn’t work because I don’t have access to the hosts dhcp.
I believed that I needed a second IP for like what rs5th mentioned; One for management of the server, and the second to handle all the VM Network Traffic. When provided with the second IP, I’d set it up as a vNIC as a WAN going to pfsense, and a second vnic for the other vms. Exactly like how you described except from the bridging, seeing as I can’t get that to work.
Are all your VMs on the same subnet under the NAT? If so, you should be able to set up a reverse proxy and having ir route traffic on certain port(s) to your specific servers without needing a second ip. That, of course depends on the policies of your host.
Hey! Thanks for your reply!
Yeah, they are. I do use Nginx Proxy Manager to access some websites that way. I don’t see how I can do that with a range of ports with NPM without adding them one by one. Maybe that’s a NPM limitation? Or I’m not quite sure how.
I was kind of hoping that for example on the VM opens ports 8000-9000. And all I needed to do was on my Windows Server (Hosts the VM) allow ports 8000-9000 and it would all just work haha
But because it’s on NAT I have to use the Virtual Network Editor and add ports one by one.
ESXi is a full OS, not sure if you have the option of swapping out the OS on your server. I’m also not sure it will help in this case.
You are very constrained in what you can do by your networking situation. I think your fundamental problem is that you have a single IP that has to be both the management IP of the server, and also handle all the VM network traffic.
The ideal topology for this would be firewall using the public IP for it’s WAN interface, then your VM host and VMs all on its LAN interface (using DHCP or not). With another IP address, you could run a firewall as a VM.
Any way you slice it, I think you’re either an IP or a networking device short.
Hi, thanks for replying! It’s an option that I can do, it would be a pain to start fresh but if it’s not needed then I’d rather not.
I can get it working at home, but I’m guessing that’s because I have a lot more control over my networking situation so I’d agree with you.
It’s for that kind of reason that I’m thinking that I might have to purchase an additional IP. Is the topology you mentioned similar to what was mentioned about using pfsense in earlier post?