I am not a pfSense expert, others will probably give better insights,
here comes my opinion:
Em 08-08-2013 16:44, [email protected] escreveu:
1) Put the ESXi management interface on the 2nd NIC on each server, on a
private IP space (e.g. 192.168.x.x), so they're not accessible from
"outside".
Yes, you can.
2) Implement VPN access so that we can get to the management interfaces
(pfSense webgui, and ESXi management interfaces) on the private LAN.
Yes, you can.
3) Route the various /28 public IP addresses to the 1st NIC on whichever
server is hosting that particular IP.
Better NAT or port-forward than route. Assign the whole /28 to pfSense
and NAT your servers.
4) Also wouldn't mind routing local traffic between the VMs over the
private LAN (could add access to the 2nd NIC and give them "inside" IP
addresses).
Yes, you can. Better: you should.
The hardware appliance we're considering (and suggestions for alternatives
are welcome) is the Netgate 7541, with six GbE ports.
I run mine on a virtual machine on ESXi also, side-by-side with my servers.
Do I need any additional hardware (e.g. L2 or L3 switch)?
Not for the needs you said.
Can I bridge
the public IPs to the servers, and still provide access to the local LAN
via VPN or ???
Don't know. Better NAT, I think.
Side question: are there iPhone/iPad/Android apps that will allow VPN
access so I can get into the management interfaces while on the road?
Not sure, have tried searching list archives? There are some messages
regarding this a while ago, if I remember correctly.
Regards.
--
*Marcio Merlone*
TI - Administrador de redes
*A1 Engenharia - Unidade Corporativa*
Fone: +55 41 3616-3797
Cel: +55 41 9689-0036
http://www.a1.ind.br/ <http://www.a1.ind.br>
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
