Page 1 of 8 123 ... LastLast
Results 1 to 10 of 77
  1. #1
    Master Untangler J2897's Avatar
    Join Date
    Mar 2008
    Posts
    105

    Question Almost ready to set up ESXi for the first time

    NOTE: "Switch & WiFi" = Standard Wireless Router with DHCP Disabled.

    This is how my current network is set up: Diagram1.jpeg

    This is how I am planning to set my new network up: Diagram2.jpeg

    I am aware of the ESXi HCL (my parts are white-listed).

    I don't have a CD Drive on the ESXi host.

    I have created a bootable ESXi on USB Flash using THIS script (#5 USB boot without custom files).

    My question is, would it be possible - using that hardware setup (Diagram2.jpeg) - to put these into DMZ mode?:
    • Windows Server 2003 (192.168.5.3). [Virtual Machine]
    • Debian (192.168.5.4). [Virtual Machine]
    • Nintendo Wii (192.168.5.11). [Wireless]
    • PS3 (192.168.5.6). [Ethernet from the Network Switch]

    The ESXi host has two NIC's. I plan to connect the Modem directly to the onboard NIC (Intel 82567LM), and the Gb Network Switch directly to the PCIe NIC (EXPI9301CTBLK).

    I plan to follow THIS guide to assist me in creating the new Untangle VM.

    I was originally thinking of using the VMware vCenter Converter to convert my current physical Untangle Server to a VM, so that I don't lose all of my Untangle Reports etc. Though I think it may be best to just use the Untangle Virtual Appliance.

    The ESXi Server has not yet been powered on with the ESXi USB Flash connected.

    Any advise or suggestions appreciated.

    Thanks.

  2. #2
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,325

    Default

    I would agree with the notion that you should just use the virtual appliance image webfool created instead of trying to convert your existing untangle. installing VMWare tools into an untangle VM is not point-and-click like it is for a regular VM, which is why webfool does it for every release. you can still backup your existing config of course, and restore it into the VM, but as you say you will lose your reports and log history.

    I suppose you could try virtualizing your existing untangle and just keep it for historical reference until you don't need the data any more (that is, put it on some other internal ip with dhcp off, don't have it do anything). then again, I'm not sure how much trouble you'll run into trying to install the vcenter converter agent on untangle; afaik the stand-alone boot-cd version that can clone an off-line physical machine is not free.

    as to a DMZ, I don't see any place for a DMZ in your setup. You appear to have one internet facing device (UT), and a variety of LAN devices. Unless you mean you want to create a separate DMZ subnet for some of the devices, in which case you'll need another network card if any of the devices are physical (but what is the benefit?).

  3. #3
    Master Untangler J2897's Avatar
    Join Date
    Mar 2008
    Posts
    105

    Default

    Thanks. Mostly from your input johnsonx42, I have come to the following conclusions:
    • I will now definitely use Webfool's Untangle Virtual Appliance.
    • I won't migrate my existing config file to the new Untangle VM: Default settings are always a good starting point.
    • I won't convert my current physical Untangle Server to a VM: I didn't know the boot-CD version wasn't free.
    • I am now aware that none of my physical devices will be possible to be put into DMZ mode.

    Regarding my DMZ question:

    To be honest, I was never planning to put the "PS3 and Wii" into DMZ mode, as I'm happy with the way Untangle's QoS feature currently handles the traffic for those devices. I just wanted to make the post clean and simple to read. The reason I asked was because I was curious to know if it would be possible for future devices. For example; if a friend or visitor asked to use my Internet from their own personal device (Smart Phone/Tablet/Laptop), I wouldn't necessarily want them on my LAN.

    A DMZ subnet sounds interesting. And yes - I will only have two physical NIC's, one in between the 'Internet and Untangle', and the other will be in between 'Untangle and the LAN'. I do have a spare 'PCI D-Link DGE-528T' Gb NIC, although I don't think it's currently supported by ESXi.

    So could I still put some VM's into DMZ mode without another physical NIC?

    Subnetting and DMZ's are new territory for me, although I have used the pre-set/default Port Forwards Rule:

    Configuration > Networking > Port Forwards

    "Forward remaining TCP, ICMP and UDP traffic to 192.168.1.101 (DMZ Host)"

    Before I start, I will do some learning on DMZ's and Subnets. Wikipedia, here I come...

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Using the appliance just saves you some time. Migrating it with the usual VMWare tools is a bad idea, because you essentially end up hacking up untangle to install the addons. Which webfool has done for you.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler J2897's Avatar
    Join Date
    Mar 2008
    Posts
    105

    Default

    I Know Subnets!

    I have two questions...

    Question #1:

    Will I now be able to put these two VM's into DMZ mode?:

    Please see Diagram3.jpeg.

    I've modified the addresses to incorporate a 2 bit subnet mask (4 possible subnets).
    • Windows Server 2003 (192.168.5.65 /26).
    • Debian (192.168.5.66 /26).

    Question #2:

    Assuming the answer to Question #1 is 'yes', why can't I put physical devices on the same subnet as the DMZ'd VM's? Or to rephrase - why do I need another NIC?

    If the answer to Question #1 is 'yes', I will proceed with setting up ESXi & the Untangle Virtual Appliance.

    Thanks.

  6. #6
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,325

    Default

    you can put virtual machines in a virtual dmz; in VMWare you just create a vswitch that has no physical network card attached to it. so then when you setup your UT VM, you give it three network cards - 1 on the vswitch attached to the public interface, one on the vswitch attached to the lan interface, and then finally one attached to the virtual-only vswitch.

    you're over-complicating matters though by trying to subnet a /24 network into 4 /26 networks... just use 2 different /24 networks like 192.168.5.0/24 and 192.168.10.0/24. It will be much easier that way.

  7. #7
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,325

    Default

    oh, yes, you can also create a dmz-like subnet on the same physical network if you like. you'd do it the same way, just add the second subnet to the internal interface of UT as an alias.

    the catch is that you have no interface separation, so you can't use DHCP on both subnets. if you want to statically assign your own IP's on your private subnet, then use DHCP for the 'public' subnet, it would work.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Yeah I have that configuration in my office, I didn't subnet for any kind of security, just sanity. 10.10.10.1/24 is the primary IP on my Untangle's Internal. 10.10.50.1/24 is an alias, it communicates with a few VMs that I wanted separate.

    It works wonderfully, but as indicated you don't have broadcast domain separation, so DHCP isn't possible on the second range.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler J2897's Avatar
    Join Date
    Mar 2008
    Posts
    105

    Default

    Ah' great. Thanks to both of you.

    Now that I know it's possible to DMZ some VM's, and also "DMZ-like" some physical devices, I will now proceed with the ESXi set up process - once I have created a backup image of the ESXi Flash. I can worry about 'how to set up the subnets/aliases' later.
    Last edited by J2897; 04-03-2011 at 08:09 PM. Reason: Add more info'.

  10. #10
    Master Untangler J2897's Avatar
    Join Date
    Mar 2008
    Posts
    105

    Default

    Just a quick update on where I'm at...

    The ESXi Flash was running 4.1.0 Build 260247.

    I followed these two videos on how to configure ESXi:

    I have used these NTP Time Servers because I'm in the UK:
    • 0.uk.pool.ntp.org
    • 1.uk.pool.ntp.org
    • 2.uk.pool.ntp.org
    • 3.uk.pool.ntp.org

    I have followed THIS guide to patch up to the latest version (ESXi 4.1 Update 1 (U1)).

    These are the commands I used to update ESXi (reboot after installing the CLI or else they won't work!):
    Code:
    perl vihostupdate.pl --server 192.168.1.125 --username root --password lame -b S:\John\ESXi\update-from-esxi4.1-4.1_update01.zip -l
    Code:
    perl vihostupdate.pl --server 192.168.1.125 --username root --password lame -i -b S:\John\ESXi\update-from-esxi4.1-4.1_update01.zip -B ESXi410-Update01
    There are five updates in total, but you only have to install one of them (ESXi410-Update01):
    Code:
    ---------Bulletin ID---------   ----------------Summary-----------------
    ESXi410-201101201-SG            Updates the ESXi 4.1 firmware
    ESXi410-201101202-UG            Updates the ESXi  4.1 VMware Tools
    ESXi410-201101223-UG            3w-9xxx: scsi driver for VMware ESXi
    ESXi410-201101224-UG            vxge: net driver for VMware ESXi
    ESXi410-Update01                VMware ESXi 4.1 Complete Update 1
    The ESXi Flash is now running 4.1.0 Build 348481.

    I've created another backup image of the ESXi Flash.

    The ESXi Server has successfully obtained a local IP, via DHCP, from my current physical Untangle Server. The Modem is not yet physically connected to the onboard NIC (Intel 82567LM).

    I will now proceed with the Untangle Virtual Appliance guide.

    Here are a list of the files I have downloaded for future reference:
    • mkesxiaio_4.1.sh
    • Untangle_811_x64_vmware.ova
    • update-from-esxi4.1-4.1_update01.zip
    • VMware-viclient-all-4.1.0-258902.exe
    • VMware-viclient-all-4.1.0-345043v4.1.exe (Ignore this file until after you have updated to 4.1 Update 1.)
    • VMware-vSphere-CLI-4.1.0-254719.exe
    • VMware-VMvisor-Installer-4.1.0-260247.x86_64.iso
    Last edited by J2897; 04-08-2011 at 11:52 PM. Reason: Clarification.

Page 1 of 8 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2