Text Size

I needed a solution to create a private network for virtual machines in my ESXi server allowing only limited access to my home office network. I tried using m0n0wall and pfSense routers and although they are great gateways, they did not have the capability that I was looking for. Vyatta is an open source router that did exactly what I needed. (Thanks to Neil for pointing out a couple of the steps had some Typo's and an extra command)

If you have never worked with a router before it can be a bit challenging to figure out. Fortunately, Vyatta does a good job documenting example configurations and there are plenty of other resources that can be Goggled. The main issue that I had is that many of the sites I found with examples had incorrect documentation and command syntax issues. Make sure you consult the Vyatta documentation for the version of Vyatta that you download and I suggest you write the steps down as you go. In my case, I also took snapshots as I made configuration changes. Creating the snapshots allowed me to quickly undo the mistakes I made while initially configuring the system.

The first step is to download Vyatta from http://www.vyatta.org

Follow the direction here to get Vyatta up and running. Please note that confguring Vyatta from that link can create a private network in ESXi too. This article just takes it a litter further by adding firewall rules.

Once connectivity is verified it’s time to create the firewall rules to give access only to the machines on the VM Network that you want. In my case, I want my private network to have access to DNS, a www server, and a file server. When creating firewall rules, I leave plenty of digits between rules. That way I can add rules in between if necessary. The rule name used below is PVToutFilter you can use any rule name that you would like. I use PVToutFilter for private out filter. That way I know why I created the rule.

Start by adding firewall rules to get to a DNS server (do this twice incrementing the rule number by 1 if you add a second DNS server)

#set firewall name PVToutFilter rule 10 action accept
#set firewall name PVToutFilter rule 10 source address 192.168.1.0/24
#set firewall name PVToutFilter rule 10 destination address <enter DNS IP here>
#set interfaces ethernet eth1 firewall out name PVToutFilter



Create the firewall rules to get to www server

#set firewall name PVToutFilter rule 15 action accept
#set firewall name PVToutFilter rule 15 source address 192.168.1.0/24
#set firewall name PVToutFilter rule 15 destination address <enter www server IP here>
#set interfaces ethernet eth1 firewall out name PVToutFilter



Create the firewall rules to get to file share

#set firewall name PVToutFilter rule 20 action accept
#set firewall name PVToutFilter rule 20 source address 192.168.1.0/24
#set firewall name PVToutFilter rule 20 destination address <enter share IP here>
#set interfaces ethernet eth1 firewall out name PVToutFilter



Now its time to set firewall rules to block other traffic to the VM Network

#set firewall name PVToutFilter rule 50 action drop
#set firewall name PVToutFilter rule 50 source address 192.168.10.0/24
#set firewall name PVToutFilter rule 50 destination address <enter net and mask here. example 192.168.5.0/24>
#set interfaces ethernet eth1 firewall out name PVToutFilter
#commit

 



Once the configuration is set you can exit configuration mode

#exit

Congratulations, you have just secured your Private Network from your VM Network. If you want to allow internet access from your Private Network, all you need to do is have a proxy server on the VM Network and create a Firewall rule for the Private Network to have access to the proxy IP address.

Tech Stocks


Warning: Invalid argument supplied for foreach() in /home/sohowe5/public_html/tonystech.com/modules/mod_rokstock/lib/googlestock.class.php on line 71

Donations

If you like the site and feel the need to donate to help support the site, you can do it here.



Login Form