Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VMWare - Subnet routed through the main IP and VMs unable to get to name server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VMWare - Subnet routed through the main IP and VMs unable to get to name server

spammyspammy Member
edited November 2016 in Help

I have a dedicated server with Dacentec that I have a /29 and I have just purchased another block of /29 to be used for the individual VMs. To save on the IP my second /29 has the following routing scheme:

Network: FIRST_IP_OF_NEW/29

Gateway: MAIN_IP_OF_HOST (the management IP and first IP of the original /29)

Broadcast: LAST_IP_OF_NEW/29

Subnet Mask: 255.255.255.248

When I tried to add the second IP of the new /29 to one of my VMs as the main IP (Windows 2008 R2 VM), the IP configuration seem to work however it couldn't reach the name servers (used the Google DNS) and as a result it can not access the Internet.

I have tried to use the the gateway of the new /29 as well as the gateway of the original /29, both have no luck fixing that. All my VMs routed through the original /29 works fine.

Any clue if there is anything I need to fix on the host side or if there is something else I am missing?

Comments

  • No one have a clue?

  • ClouviderClouvider Member, Patron Provider

    How is that supposed to work if the gateway is remote to the subnet?

  • @Clouvider said:
    How is that supposed to work if the gateway is remote to the subnet?

    I assume they can somehow route the subnet to my primary IP?

  • ClouviderClouvider Member, Patron Provider

    Yes, and they probably did.

    How is the guest host supposed to know how to get to the Internet, if the gateway is not within the same subnet ?

    You can have a static route towards the gateway, but then the gateway also has to know where the particular IP from within the remote, from it's perspective, has to be routed to.

    In other words, your setup is not standard, it breaks things. Replace those 2x /29 for a 1x /28 if you want to save on IPs and have everything working correctly.

    Thanked by 1spammy
  • @Clouvider said:
    In other words, your setup is not standard, it breaks things. Replace those 2x /29 for a 1x /28 if you want to save on IPs and have everything working correctly.

    Good idea, not sure if they are willing to do that but nonetheless it might worth a try.

  • Nope, can't do

    Unfortunately our servers can't have anything larger than a /29 directly associated with them in the same account. Additional IP blocks can always be routed to that server, but each server must have an IP block directly associated with it.

  • I have similar with OVH.

    Found best way for me anyway was a firewall appliance such as untangle or pfsense that has an IP on the original range and then any new IPs added are aliased to this appliance and then NAT'd from there to internal VMs.

    Would mean giving the firewall the IP theyve routed the new block too.

    Each internal VM then has a private IP and gateway of the firewall. (The VMs are on a vswitch with no physical NIC and the firewall gateway has a presence on both)

    All controls applied on the firewall.

    May not work for you but something to consider anyway.

    Good luck :)

    Thanked by 1spammy
  • ClouviderClouvider Member, Patron Provider

    As @casualjoe says, in that case you basically need a VM acting as router and have them route the new subnet to this VM.

    This, or go to a provider that's more flexible.

    Thanked by 1spammy
  • Is it possible in VMWare to set up a VSwitch directly without PFSense? Because what @casualjoe suggested would mean we still need to have one VM (and hence 1 IPv4) dedicated to the PFSense router hence I would still be losing one usable IP? (All my VMs are Windows so I don't think I can get PFSense to work unless I create a separate VM with PFSense installed)?

    If that's the case either way I am losing one usable IP and there is probably no point for me to go through all the hassle.

  • ClouviderClouvider Member, Patron Provider

    VMware is not a router. Not the ESXi itself at least.

  • I can help you
    please contact me
    I can tell it does not work over IPv4
    which runs through the port
    thank you

  • edited November 2016

    -nvm-

  • @keomut500 said:
    I can help you
    please contact me
    I can tell it does not work over IPv4
    which runs through the port
    thank you

    Not the PFSense method?

Sign In or Register to comment.