In part one of Managing ESXi without the VI client I dealt with some initial setup issues and creating a VM. In part two I demonstrated the process to add a license key, enable VM auto-start options and to unregister a VM. In part three of these articles I’ll go over the process of creating a new virtual switch to which I’ll attach a firewall VM. My host server has 2 NIC ports one of which was used by default for vSwitch0 during the install of ESXi. I attached the second NIC port to a physical switch which was also connected to one of my ISPs.
1) The first step of the process was to create a new virtual switch which was done with the -a option and with the first command I created a vSwitch called DMZ which was not linked to any physical NIC port.
If I wanted to create an isolated vSwitch I could have then skipped to the third command of adding a port group for VMs. Instead I ran the esxcfg-vswitch command again with the -L option which linked vmnic1 to the vSwitch DMZ. The last command was necessary to create a virtual machine port group to which the firewall VM will be connected to.
esxcfg-vswitch -a DMZ
esxcfg-vswitch DMZ -L vmnic1
esxcfg-vswitch DMZ -A DMZ_VMs
2) Once the commands were run I then used the -l option to list the current vSwitch configuration.
esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 64 8 64 1500 vmnic0
PortGroup Name VLAN ID Used Ports Uplinks
VMNetwork 0 0 vmnic0
VM Network 0 5 vmnic0
Management Network 0 1 vmnic0
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
DMZ 64 2 64 1500 vmnic1
PortGroup Name VLAN ID Used Ports Uplinks
DMZ_VMs 0 0 vmnic1
3) For the firewall VM I choose to use m0n0wall. It can be downloaded and the zip package contains a VMX and VMDK file. I copied those into a folder on the datastore of the host.
I then edited the VMX file and set it to the below. Initially tried to edit the VMX file to convert it to a format ESXi would use, but kept getting an error when trying to register the VM. It would register, but the output of vim-cmd vmsvc/getallvms would list the VM as invalid.
If you choose to edit the existing VMX file and get errors, you can look at /var/log/vmware/hostd.log for pointers about the problem and you’ll also have to unregister the VM ID before you try to register the VMX file again.
.encoding = "UTF-8"
config.version = "8"
virtualHW.version = "4"
nvram = "FreeBSD.nvram"
deploymentPlatform = "windows"
virtualHW.productCompatibility = "hosted"
unity.customColor = "|23C0C0C0"
tools.upgrade.policy = "useGlobal"
powerType.powerOff = "soft"
powerType.powerOn = "default"
powerType.suspend = "hard"
powerType.reset = "soft"
displayName = "FIREWALL01"
extendedConfigFile = "FreeBSD.vmxf"
floppy0.present = "FALSE"
scsi0.present = "TRUE"
scsi0.sharedBus = "none"
scsi0.virtualDev = "lsilogic"
memsize = "64"
scsi0:0.present = "TRUE"
scsi0:0.fileName = "Monowall.vmdk"
scsi0:0.deviceType = "scsi-hardDisk"
ide1:0.present = "TRUE"
ide1:0.clientDevice = "TRUE"
ide1:0.deviceType = "cdrom-raw"
ide1:0.startConnected = "FALSE"
floppy0.startConnected = "FALSE"
floppy0.clientDevice = "TRUE"
ethernet0.present = "TRUE"
ethernet0.networkName = "VM Network"
ethernet0.addressType = "generated"
ethernet1.present = "TRUE"
ethernet1.networkName = "DMZ_VMs"
ethernet1.addressType = "generated"
ethernet2.present = "TRUE"
ethernet2.networkName = "VM Network"
ethernet2.addressType = "generated"
ethernet0.startConnected = "true"
ethernet1.startConnected = "true"
ethernet2.startConnected = "true"
guestOSAltName = "Other (32-bit)"
guestOS = "other"
uuid.location = "56 4d d6 1c 06 f9 91 c9-ba 5c 2d 8b b6 e8 79 89"
uuid.bios = "56 4d d6 1c 06 f9 91 c9-ba 5c 2d 8b b6 e8 79 89"
vc.uuid = "52 5a 5e aa 73 ce 97 ab-e4 0a 21 8b 73 5b 5d 0a"
RemoteDisplay.vnc.enabled = "True"
RemoteDisplay.vnc.port = "5910"
RemoteDisplay.vnc.password = "secure"
4) The next step was to convert the VMDK file to a format ESXi would use. I renamed the file to Monowall_source.vmdk and then used vmkfstools to convert it.
/vmfs/volumes/4a68046d-2159a120-ebac-001a9253e68f/FIREWALL01 # vmkfstools -i Monowall_source.vmdk Monowall.vmdk
Destination disk format: VMFS zeroedthick
Cloning disk 'Monowall_source.vmdk'...
Clone: 100% done.
5) I then ran chmod 744 FireBSD.vmx to set the correct permissions on the VMX file. The VM was then registered with the command vim-cmd solo/
6) I then powered on the VM, but I couldn’t connect with a VNC viewer. I ran ps | grep vmx to see if there was a specific process for the VM but didn’t see one. I then looked at the vmware.log file for the VM and found this.
Oct 14 06:03:52.987: vmx| KHZEstimate 2133409
Oct 14 06:03:52.987: vmx| MHZEstimate 2133
Oct 14 06:03:52.987: vmx| NumVCPUs 1
Oct 14 06:03:52.987: vmx| UUID: location-UUID is 56 4d d3 2e 26 76 0f e0-da 39 79 3e 84 50 77 18
Oct 14 06:03:52.987: vmx| UUID: location-UUID is 56 4d d3 2e 26 76 0f e0-da 39 79 3e 84 50 77 18
Oct 14 06:03:52.987: vmx| UUID: location-UUID is 56 4d d3 2e 26 76 0f e0-da 39 79 3e 84 50 77 18
Oct 14 06:03:52.988: vmx| UUID: location-UUID is 56 4d d3 2e 26 76 0f e0-da 39 79 3e 84 50 77 18
Oct 14 06:03:52.988: vmx| Msg_Question:
Oct 14 06:03:52.988: vmx| [msg.uuid.altered] This virtual machine may have been moved or copied.
Oct 14 06:03:52.988: vmx|
Oct 14 06:03:52.988: vmx| In order to configure certain management and networking features VMware ESX needs to know which.
Oct 14 06:03:52.988: vmx|
Oct 14 06:03:52.988: vmx| Did you move this virtual machine, or did you copy it?
Oct 14 06:03:52.988: vmx| If you don't know, answer "I copied it".
Oct 14 06:03:52.988: vmx|
Oct 14 06:03:52.988: vmx| ----------------------------------------
7) I then used vim-cmd vmsvc/message to respond to the question. I first queried the question by specifying only the VM ID of 256. With the second command I responded to the message (message ID 0) with the response of 2 (I copied it). After entering the message I could then connect with the VNC client and configure m0n0wall.
/vmfs/volumes/4a68046d-2159a120-ebac-001a9253e68f/FIREWALL01 # vim-cmd vmsvc/message 256
Virtual machine message 0:
msg.uuid.altered:This virtual machine may have been moved or copied.
In order to configure certain management and networking features VMware ESX needs to know which.
Did you move this virtual machine, or did you copy it?
If you don’t know, answer “I copied it”.
0. Cancel (Cancel)
1. I _moved it (I _moved it)
2. I _copied it (I _copied it) [default]
/vmfs/volumes/4a68046d-2159a120-ebac-001a9253e68f/FIREWALL01 # vim-cmd vmsvc/message 256 0 2