Transparent mode on ESXi using VLAN's

gollo · 07-01-2009, 03:42 PM

I've got ESXi 4 installed on my server. I have 4 NIC's trunked (for VLAN'ing purposes). I've got Untangle 6.2 installed and have an IP on my DATA VLAN for managment and the other vnic is plugged into my INTERNET VLAN. Plugged into the INTERNET VLAN is my firewall/router.

What I want is to run Untangle in transparent mode in a VM. Whenever I plug in the "external" vnic into my INTERNET VLAN port group internet doesn't work.

Is there any way for this to work with out turning on routing in Untangle?

What I have:

inside network (DATA VLAN) > switch > internal int of firewall (on DATA VLAN) > internet

What I want:

inside network (DATA VLAN) > switch > internal int UT (in VM) > INTERNET VLAN (via ext int of UT) > internal int of firewall (on INTERNET VLAN) > internet

As mentioned I have 4 NIC's trunked (for load balance/fail over as well as 802.1q VLAN trunking) which I have DATA VLAN and INTERNET VLAN split into port groups on the same vswitch.

Can it be done? Thanks in advance for any input.

EagleTG · 07-05-2009, 03:45 PM

For what it's worth, I'm also testing this configuration, and experiencing issues routing traffic between the internal and external switches via UT.

My config:
Router <- Physical Network Switch <- VM External Switch <- External UT Server Port
- and -
Internal LAN <- Physical Network Switch <- VM Internal Switch (Promiscuous Mode) <- Internal UT Server Port

A link that describes the steps I've taken:
forums.untangle.com/installation/9262-ut-esxi.html (I still can't post links, so you have to copy/paste)

I had made the configuration changes to the VM network AFTER installing UT, so I thought that was part of the issue, so I killed the VM and reinstalled UT, then went through the Setup Wizard for UT once more. It made no difference.

I'm re-testing a dedicated (No VM ESXi) install on the same hardware with the same config just to prove that it's ESXi causing the issue. I'll post back with my findings.

Thanks.

EagleTG · 07-05-2009, 03:51 PM

Ok, as I suspected, it worked first-try when configured directly on the hardware itself. I'm actually posting through UT right now.

Hmm. I'll keep poking at it, and post back with any findings.

EagleTG · 07-05-2009, 08:20 PM

One more comment on this. I tried installing via:

http://wiki.untangle.com/index.php/U...ance_on_VMware

...in a VMWare Server environment instead of ESX/ESXi. I am getting a very similar issue to what happened from the ESX install.

I downloaded the referenced VM Appliance from the Wiki, it's running an older copy of UT, but I thought I'd be able to look over the network settings. I don't see what they are doing in the Appliance that might be making it work.

I'm done working on it for tonight, but will continue pursuing. Hopefully someone will have a tip or two that will help us.

Thanks everyone!

sky-knight · 07-05-2009, 11:05 PM

Make sure the virtual switches that have any internal UT adapters connected to them are configured to allow promiscuous mode. Then the thing will start pushing packets.

gollo · 07-08-2009, 03:05 PM

Quote:

Originally Posted by sky-knight

Make sure the virtual switches that have any internal UT adapters connected to them are configured to allow promiscuous mode. Then the thing will start pushing packets.

You, sir, are a genius.

/me tips hat

scobar · 07-09-2009, 04:33 PM

Quote:

Originally Posted by sky-knight

Make sure the virtual switches that have any internal UT adapters connected to them are configured to allow promiscuous mode. Then the thing will start pushing packets.

This.

Also, if you are using another routing distro before untangle...

External(ineternet) put on 1 virtual switch with 1 physical nic.

Then, the router gets that physical nic. connect that switch to an intermediate switch, no nics. create a virtual nic for the router, and, 1 for UT, and assign them both to this switch, and, set the ut virtual nic to promiscuous mode.

Since you want to do vlan, perhaps put the physical nic's on a switch and then do vlan from there?

I had pfsense setup out front of ut on esxi.

EagleTG · 07-09-2009, 05:44 PM

I had already set Promiscuous mode on my internal vSwitch... My problem was two-fold. First, the vSwitch has a promiscuous setting, as does the network. Under the properties of the vSwitch, I was setting promiscuous mode on the network (security tab), I *SHOULD* have been setting it under the vSwitch security tab. After this, it still didn't work.

The trick, in my test configuration, was to set promiscuous mode on BOTH my Internal and External vSwitches. This is likely due to the specifics of my test environment.

Now I know. :-D

EagleTG · 07-09-2009, 05:53 PM

Since pictures are worth a thousand words...

Under Network Configuration, Click Properties:

The following is the WRONG PLACE to set Promiscuous Mode:

The following it the CORRECT PLACE to set Promiscuous Mode:

Hope this helps someone.

scobar · 07-10-2009, 01:28 PM

Yeah that's how I got mine set. Pics are worth a thousand words.

07-01-2009, 03:42 PM	#1 (permalink)
gollo Newbie Join Date: Jul 2009 URLs submitted: 2 Posts: 7	Transparent mode on ESXi using VLAN's I've got ESXi 4 installed on my server. I have 4 NIC's trunked (for VLAN'ing purposes). I've got Untangle 6.2 installed and have an IP on my DATA VLAN for managment and the other vnic is plugged into my INTERNET VLAN. Plugged into the INTERNET VLAN is my firewall/router. What I want is to run Untangle in transparent mode in a VM. Whenever I plug in the "external" vnic into my INTERNET VLAN port group internet doesn't work. Is there any way for this to work with out turning on routing in Untangle? What I have: inside network (DATA VLAN) > switch > internal int of firewall (on DATA VLAN) > internet What I want: inside network (DATA VLAN) > switch > internal int UT (in VM) > INTERNET VLAN (via ext int of UT) > internal int of firewall (on INTERNET VLAN) > internet As mentioned I have 4 NIC's trunked (for load balance/fail over as well as 802.1q VLAN trunking) which I have DATA VLAN and INTERNET VLAN split into port groups on the same vswitch. Can it be done? Thanks in advance for any input. Last edited by gollo; 07-01-2009 at 03:50 PM..

07-05-2009, 11:05 PM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 9,951	Make sure the virtual switches that have any internal UT adapters connected to them are configured to allow promiscuous mode. Then the thing will start pushing packets. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

07-05-2009, 03:45 PM	#2 (permalink)
EagleTG Untanglit Join Date: Jun 2009 Location: Pennsylvania Posts: 23	For what it's worth, I'm also testing this configuration, and experiencing issues routing traffic between the internal and external switches via UT. My config: Router <- Physical Network Switch <- VM External Switch <- External UT Server Port - and - Internal LAN <- Physical Network Switch <- VM Internal Switch (Promiscuous Mode) <- Internal UT Server Port A link that describes the steps I've taken: forums.untangle.com/installation/9262-ut-esxi.html (I still can't post links, so you have to copy/paste) I had made the configuration changes to the VM network AFTER installing UT, so I thought that was part of the issue, so I killed the VM and reinstalled UT, then went through the Setup Wizard for UT once more. It made no difference. I'm re-testing a dedicated (No VM ESXi) install on the same hardware with the same config just to prove that it's ESXi causing the issue. I'll post back with my findings. Thanks.

07-05-2009, 03:51 PM	#3 (permalink)
EagleTG Untanglit Join Date: Jun 2009 Location: Pennsylvania Posts: 23	Ok, as I suspected, it worked first-try when configured directly on the hardware itself. I'm actually posting through UT right now. Hmm. I'll keep poking at it, and post back with any findings.

07-05-2009, 08:20 PM	#4 (permalink)
EagleTG Untanglit Join Date: Jun 2009 Location: Pennsylvania Posts: 23	One more comment on this. I tried installing via: http://wiki.untangle.com/index.php/U...ance_on_VMware ...in a VMWare Server environment instead of ESX/ESXi. I am getting a very similar issue to what happened from the ESX install. I downloaded the referenced VM Appliance from the Wiki, it's running an older copy of UT, but I thought I'd be able to look over the network settings. I don't see what they are doing in the Appliance that might be making it work. I'm done working on it for tonight, but will continue pursuing. Hopefully someone will have a tip or two that will help us. Thanks everyone!

07-09-2009, 05:44 PM	#8 (permalink)
EagleTG Untanglit Join Date: Jun 2009 Location: Pennsylvania Posts: 23	I had already set Promiscuous mode on my internal vSwitch... My problem was two-fold. First, the vSwitch has a promiscuous setting, as does the network. Under the properties of the vSwitch, I was setting promiscuous mode on the network (security tab), I SHOULD have been setting it under the vSwitch security tab. After this, it still didn't work. The trick, in my test configuration, was to set promiscuous mode on BOTH my Internal and External vSwitches. This is likely due to the specifics of my test environment. Now I know. :-D

07-09-2009, 05:53 PM	#9 (permalink)
EagleTG Untanglit Join Date: Jun 2009 Location: Pennsylvania Posts: 23	Since pictures are worth a thousand words... Under Network Configuration, Click Properties: The following is the WRONG PLACE to set Promiscuous Mode: The following it the CORRECT PLACE to set Promiscuous Mode: Hope this helps someone.

07-10-2009, 01:28 PM	#10 (permalink)
scobar Untangler Join Date: Oct 2008 Location: Litchfield MN Posts: 64	Yeah that's how I got mine set. Pics are worth a thousand words.