Giving a VM access to a physical NIC on the host

networking vmware-server dmz

I am running VMware Server 2.0.2 with 2 VM's. One of the VM's I want to have bridged with the domain/primary NIC of the host which I have done successfully. I want the other VM to have access to only the other NIC on the host which is wired directly to the hardware firewall/gateway with a DMZ dedicated to that port. The purpose of this is to have the VM segregated from the domain network because it is going to be a web server. I am having troubles configuring the VM so that it only has access to the DMZ'd NIC. I have a dedicated IP address from our provider that I can use to staticly assign either the VM or the NIC on the host which I want DMZ'd to the VM.

What other information would be useful to help me?

Is there a more practical/secure way to do this?

Here's a diagram:network diagram


Solution 1:

it's better to use two firewalled routers for a real DMZ .. this is more an "exposed router" setup ;)

There isn't a big difference in the overall technical setup between VMWare Server and ESXi - which is called VMware vSphere Hypervisor now. If you comply with the hypervisor hardware requirements you should use it instead of VMWare Server.

Check the compatibility guide first: http://www.vmware.com/resources/compatibility/search.php?action=base&deviceCategory=server

You may add IPs/ranges to your scheme e.g DMZ 10.10.1.0/24 and LAN 10.10.2.0/24. Will use these two networks from now on.

As for the VMWare Server 2.0.2 setup, you may like to rename the existing two physical NICs according to your scheme via windows network center; then start the "VMWare Virtual Network Editor" Application and

  • Remove all interfaces from automatic bridging
  • Assign the two NICs in the "Host Virtual Network Mapping" tab, e.g VMnet1 for DMZ & VMnet2 for LAN access
  • Deactivate/Stop DHCP & NAT services

As you wrote, you already connected the first NIC to your LAN + configured the physical server for LAN access. Check that if your 2nd NIC for virtual DMZ access has DHCP config activated change it to a static configuration (e.g. 10.10.3.1 here; an unused ip range).

Assign the configured virtual LAN interfaces to the two virtual machines via the "VMware Server Home Page" according to your network mappings, eg. vm01 gets vmnet1, vm02 gets vmnet2.

Startup your VM01 host and setup the static IP configuration, e.g 10.10.1.2 with gateway 10.10.1.1, if your Firewall has 10.10.1.1

Your public IP is assigned to the WAN interface of your firewall. The DMZ port of your firewall is connected to the server NIC1/vmnet1 an gets the (internal) ip 10.10.1.1, the LAN port the ip 10.10.2.1 to the network switch.

You may activate a DHCP server for the LAN port. All LAN/domain devices now use 10.10.2.1 as Gateway and receive an ip from range 10.10.2.0/24 if DHCP is active.

If you like to add an additional LAN server, just connect it to your lan connection vmnet2.

Is it working? ;)

Related

Gentoo emerge a package gives 404s - Do I need to --sync?
Does 2012 R2/TFS/SQL need limits set so it doesn't eat up disk space with logs?
iis 7 - IP-restrictions on one part of a website's bindings?
Execute ssh command without password?
Bad behaviour of native win32 application when replacing the exe with some users using it
Two way, multi-site replication in MySQL
nginx set X-Real-IP to downstream proxied servers to prevent spoofing
stop postfix local relay / external mail server
Gitlab and Nginx not loading gitlab
Acrobat 7 stalls downloading PDF from IIS 7
How can I tell why I have access to a file share on Windows Server
Plesk adding logs folder as part of virtual host skeleton