Folks came from VMWare Server world to ESX 3.5 often find missing NAT capability very inconvenient.  Fortunately, with the help of Vyatta Router as one of the virtual guest machines, you can implement NAT rather easily. I'd say, within 2 hours, you should be able to setup a network similar to the following diagram, and learn something about Vyatta open source router along the way. Nice! right?

The following shows you exactly how to set it up.

Assumptions:

• You have VMWare ESX 3.5 or ESX 3.5i setup and running as the host
• You have an "external" network 192.0.2.0/24 that your VMware host is connected to
• You want to have an "internal" VM network 192.168.1.0/24 on your host, and have it NAT-ed to the "external".
• You are familiar VMware Infrastructure Client (VIC), and know how to create a virtual machine on the host

Steps:

1. Create an additional Virtual Switch vSwitch1 in additional to the default vSwitch0. The intent is that vSwitch1 will be serving the internal VM network, while vSwitch0 will be connecting the outside world.

Under VMware Infrastructure Client (VIC), click the Configuration tab
Add Networking…
Select "Virtual Machine", Next >
Select "Create a virtual switch", there will be no adapters. Next>
Give a Network Label, something like "Internal - NAT", leave VLAN ID blank. Next>
Finish

2. Under VMware Infrastructure Client (VIC), create a virtual machine for Vyatta Router. Remember fundamentally Vyatta Router is just another linux guest on the VMware host. Wizard:

* Custom, Next>
Name: Vyatta Router, Next>
Select a Datastore, Next>
* Linux, Version Other Linux (32-bit), Next>
Number of virtual processors: 1, Next>
Memory 256MB is OK, Next>
How many NICs do you want? 2
	NIC1 VM Network, Flexible, check connect at power on,
	NIC2 Internal - NAT, Flexible, check connect at power on,
	Next>

SCSI Adapter: * LSI Logic, Next>
Select a disk: * Create a new virtual disk, Next>
Disk capacity: 2GB, Location * store with the virtual machine, Next>
Specify Advanced Options: Take default values, Next>
Finish.

3. Download the Vyatta ISO to your Windows desktop that runs VMware Infrastructure Client.

4. You now burn the ISO to a CD, and load it on your Windows machine. Under VIC, open properties of the vm you setup at step 2, make CD/DVD connect at power on, and check connected, and select client device. (Note that you could also download the ISO directly to VMware host datastore, and boot directly from the ISO file there).

5. Boot your Vyatta VM off the Vyatta ISO using VIC. On the console under VIC, you will get the login prompt. You could login as root and using password vyatta, make sure you change your root password.

6. As soon as you login to the system.

install-system

"remove" the CD from the VM, and Reboot.

7. Setup the router. See ALSO: Vyatta quickstart guide.

Login to the virtual Vyatta router:

configure

That enters the configuration mode. Now go on type the following commands:

# set interface eth0 address
set interfaces ethernet eth0 address 192.0.2.21/24

# alternatively, you could set eth0 to get a dynamic address from external network via DHCP
set interfaces ethernet eth0 address dhcp

# set interface eth1 address
set interfaces ethernet eth1 address 192.168.1.10/24
commit;

# setup NAT
set service nat rule 1 source address 192.168.1.0/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 type masquerade
commit;

# set DNS server used in your 192.0.2.0/24 network
set system name-server 12.34.56.100
# set your gateway used in your 192.0.2.0/24 network
set system gateway-address 192.0.2.99
# give your router a hostname 
set system host-name vyatta-router
# set domain-name
set system domain-name example.com
commit;

save;

By the way, most of the Vyatta commands start with one of the three verbs: show, set, delete. Like the set you have seen, you have commands like the following to get you information:

show interfaces ethernet eth0
show interfaces
show service dhcp-server
# or even just
show

8. You are done as far as setting up NAT for your 192.168.1.0/24 network. However, one question you might be asking: how do I access my "internal" network? There are at least 3 ways to do so.

a) use VIC console

b) use the virtual router, because it has "external" address 192.0.2.21 and it sit in both networks.

c) extend the "internal" network to an outside switch. If your VM host has another physical adapter eth1, you can attached vSwitch1 to eth1, and have eth1 connected to an external switch - anything connect to this switch will be part of your 192.168.0.1 network, and routed by the virtual Vyatta Router.

Questions or comments, please email: ray@kneew.com or write a comment below.