Is it possible to create correct configuration to safely publish private subnet of virtual servers (IIS+MSSQL+Developer) via CHR, as a virtual router?
Host server must be securely accessed and work also behind CHR.
Bare metal 1U server (HPDL360G7) planned to work in co-location place - so 1 IP white static address on one of physical RJ45 on server
and technical iLO isolated IP network on iLO RJ45 from hoster....
Scematic plan included in picture.
May be some source solutions already exists, so links are welcome!
Thanks for help!

Haven't tried it yet, but think the basics will be:

Need at least 2 NICs, one for host OS and other for guests
Create an internal virtual switch and connect the chr internal nic and servers to this switch
Create another virtual switch, but configure as external and connect your chr wan interface to this switch

This way, your servers can only talk to each other internally, and if need to go out, it has to be via chr

Thank you for correct advices!
However more precise settings needed...
General question - are servers more secured if they are absolutely isolated via PRIVATE.VS,
or it's a good practice to link them with HOST itself via INTERMAL.VS subnet?
Host ism't playing any role except managing virtual servers, so isn't it a good idea to
minimize possible interaction between servers & host?
Another story about properties of IP config for Extermal Intermal & private VS...
Must we choose only IP ver 4 checkmark and all other clear?
Is it make external swithch on host absolutely safe for host itself?
What about IP settings for internal? I mean GW, DNS etc, as in this article, -
https://www.interfacett.com/blogs/insta ... -internet/