Forget it all. Everything works fine now.

Turns out one of my PFsense devices was glitchy. Reinstalled from scratch and restored the information and it worked fine.

I wish there was a way to find out what made it so buggy.

Can see the PFSense Web GUI- haven't tried pinging other hosts on our LAN- im using my PF sense router as a double nat through another router/modem- and yes it does receive a DCHP given ip from my modem/router- tried pinging google.com but havnt tried google dns 8.8.8.8. i am indeed bridging the connections- i've disabled everything apart from the VMware protocol on the WAN card but not the LAN card- is that correct?

Thanks very much for your time Spraynpray was good of you to get back to me

Tom

BUMP

I've got it working with a untagged vlan but I hope that's not the only option. I'm thinking that creating vlans chop the speeds of my connections so now it's at something like 1/3 of 1gbit.

Take a freebsd VM running 7.3 (pfsense 1.2.3) or 8.x (pfsense 2.0) and install (really compile) vmware tools for the vm. Once you are happy with the functionality/stability of them copy the three .ko files over to your pfsense installs and bind them to the kernel loader.conf

Two years and two releases behind I would consider extremely old, especially when you're talking about specific version compatibility.

As for why Server isn't a target, I'm not sure. Probably because at the time I'm not sure anyone had Server installed to see if it worked. Pretty much everyone has moved on to ESX.

With the regular connection, pfSense wouldn't even show de0/de1 and ask me to install a network connection, so yes I'm definitely using legacy.

I actually manage to get a stable setup running now. With Oracle VirtualBox.

r_server.exe is the remote desktop service used. VirtualBox.exe use about 60% CPU with torrents and 10MB/s download on one of the two 2GHz cores.

PING ping.sunet.se (192.36.125.18) from 85.228.221.196: 56 data bytes
64 bytes from 192.36.125.18: icmp_seq=0 ttl=249 time=1.638 ms
64 bytes from 192.36.125.18: icmp_seq=1 ttl=249 time=1.460 ms
64 bytes from 192.36.125.18: icmp_seq=2 ttl=249 time=1.546 ms
64 bytes from 192.36.125.18: icmp_seq=3 ttl=249 time=1.824 ms
64 bytes from 192.36.125.18: icmp_seq=4 ttl=249 time=1.538 ms

ping seems to be stable too.

Seems to handle the 100MBit connection good too. Using 1 IntelPRO1000gt NIC as WAN, 2 virtual NICs on that card and running multiwan 20MBit*3.

Though I got one problem. Setting up rules for SSL to only use one interface works great but some other programs n shit aint working that good witout "sticky connections". When using sticky connections pfsense doesnt use multiwan at all, all connections seems to run on OPT1 or something. Running torrents without sticky connections reslut in like 5-6MB/s upload, and with sticky connections like 2MB/s (only 1 interface).

Any ideas?

The answer is yes.
However i dont see how this should improve security.
Do you really want to encrypt traffic from one VM to another?

Ok, figured out, but still don't know how to fix it.  ???
My jail's bin sbin lib are empty. Seems like symlinks from template were not restored  after reboot, so jail cannot start. Is there any command to rebuild symlinks??

I believe that pf should not be run in a vm for the same reasons as there will not be FreePFNAS. But thats just my opinion.

http://forum.pfsense.org/index.php/topic,10201.0.html

Wow, that's weird.

Well, thanks for posting your results and I'm glad you were able to (eventually) resolve it all.  :-)

I'd like to echo what Cry Havok said.  Running virtually means that your threat threshold increases to encompass not only your virtual machine's potential vulnerabilities but the vulnerabilities of the underlying Hypervisor (and its associated utilities).  The rule I try to adhere to is not to run machines requiring different security postures on the same VM.  This is the same policy I try to use when running VLANS on a switch.  For this reason I don't run firewalls virtually, and certainly not on the same host machine as I would run the machines the firewall is meant to protect.  If you assume the worst case scenario in an attack (ie: if the virtual host is compromised then the underlying host machine is also compromised) and structure your network accordingly, the threat of a compromise beyond a certain acceptable threshold (ie. the entire DMZ is owned) is mitigated.

"On 2008 you need to enable routing and remote acces as a service to forward the traffic from the physical nic to the VM"

How is that since 2k8 is not doing any routing nor would I want it too.  Its currently working for traffic going OUTBOUND from all the vms to the internet, and the host to the internet without it.

Same goes for changing the subnets.. of the nics..  If I did that – then something would have to route!!

I appreciate the attempted help - but unless your specifically running vmware server on a windows host, with pfsense as a VM, and your forwarding to other VMs on the same host as pfsense is running you might as well just not respond.. Or have run this setup in the past?

It has to be something with the vmware bridging into the physical nic.

Before I moved back to virtual -- I did this test.

So on the host running windump I watched for traffic to ubuntu on port 22 on the motherboard nic that is bridged to vmnet0.
At the same time Im watching for traffic on the vms nic inside ubuntu with tcpdump - tied to same physical nic through vmnet0

So I generate a ssh connection from the outside (my webhost shell account) to my public IP.. The packet travels through pfsense - can see on the firewall log that it passed the traffic.. And changed to go to 192.168.1.6

Now watching windump which is listening on the vmnet0 nic -- the HOST sees the packet.  But tcpdump running inside ubuntu does NOT.

So something in the bridge protocol is not passing that packet to ubuntu.

Now I can hook it back up virtual pretty quickly -- but until someone has some actual advice that makes any sense at all.. It pointless for me to do so.

As to 2k8 routing -- What should it route??  Why should I have to put another router behind pfsense to route traffic to another subnet for?  Like I said port forwarding is working through the VM pfsense - as long as it to a differnet physical box.. Not the HOST or guests.

To be honest I find it unlikely it has anything to do with pfsense - cuz I can see that it sent the traffic through.. It seems to be a issue with the vmware server bridging protocol.  Now I have the same question with same details on the vmware boards -- and have not heard squat from that post either.

Is no one running vmware server with pfsense as virtual on it per the tutorial of how to run pfsense virutual on the pfsense site??

Also, doesn't the appliance use the Open Source version of the VMWare tools, not the VMWare released ones.

If so, and memory serves me correct, they always show as "out of date".

Cheers.

I had the same issue.  Only solution I found was to use a smaller virtual disk (I think 10 GB worked for me).

Now I feel really dumb.  I just installed Linux and got that right.  That was the problem.  Some times the answer is staring you square in the face and you don't see it.

Thanks for the help, you rock!
-V