• Vmware workstation 9

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Esxi5 and pfsense multiwan

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    N

    I assume that you say.
    I was trying to use vlan in pfsense but not okay cox there are one broadcast domain in physical network.
    So, the only way to solve this problem is to create broadcast domain separately by using vlan in physical network that you said.
    Thank a lot for your help.

  • 0 Votes
    2 Posts
    2k Views
    S

    Any default gateway set on the VMs?
    By default there is a deny rule on all new interfaces, start with adding allow all to all rules on all VLANs

  • Vmware ESXi bridged network

    Locked
    2
    0 Votes
    2 Posts
    8k Views
    johnpozJ

    Bridged??  Yeah I run pfsense on my esxi and it is my connection to the internet..  AYou don't nat/bridge in an esxi setup.  Your nic would be tied to a vswitch.  Devices connected to that vswitch would have access to that physical network.

    So one nic connected to your modem is on 1 vswitch - this is your WAN for pfsense.  Another nic is connected to your lan, and this you put the lan interface of pfsense on that vswitch.  Vms you want connected to lan you connect to your lan vswitch, that physical nic connects to switch of your actual lan and there you go everyone happy and connected.  Pfsense is now your edge router/firewall.

  • How to configure pfsense as vm in front of all vm server network?

    Locked
    5
    0 Votes
    5 Posts
    8k Views
    V

    Thanks for the reply and link!

    I've solved 1) and 2) by using the setup wizard and adjusting IP's - somehow settings stuck that didn't when I entered them bypassing the wizard.

    I have the adapters right now for WAN and LAN, and after getting NAT working, will read that link thoroughly and look at making the firewall transparent by bridging WAN and LAN.

    But for now I've decided NATing/port-forwarding will be more flexible in the short-term eg should I want pfsense to handle redundancy/load-balancing.

    And it means I won't have to mess about with virtualbox adapters again for a little while! ;)

    The problem I currently have appears to be concerned with nat-reflection…

    As I wrote earlier, I can access the public IP from the mac host (and externally) without pfsense integrated.

    This includes both the webserver over port 80 and my squirrelmail on email server over 443.

    But with pfsense being port 80 forwarded to by the modem, I keep getting redirected to my modems web admin page over https (whereas normal access to it is over http).

    The public ip isn't resolving externally, at least from my testing via a proxy, so I'm really confused/frustrated…bleh.

    I've set up NAT and port-forwarding rules, tried the auto-generated ones from setting up NAT rules and auto-generated Easy Rules added from the firewall logs, as well as my own tweaks to each.

    Before I used pfsense, I fixed the same issue with my modem to allow locally resolving the public IP, by telneting to the modem, enabling nat loopback and trying to delete the relevant wan http/https admin rule.

    (For some reason I can't delete the https rule even as admin user as it does'nt recognise the wan group in the rule - though 'wan' is one of the actual group options for their ifdelete command! #)

    None of the pfsense rules I've setup or are auto-generated redirect from http to https, and none of my reverse proxy rules could cause this redirection.

    So… is the problem how nat-reflection is setup somewhere in pfsense?

    I've tried 2 ways to fix this:

    i) enabled Nat Reflection settings in my NAT rules (and tried disabling/system default)
    ii) using split-dns by enabling dns-forwarding and adding host and domain entries for servers the reverse proxy listens for.

    Perhaps I'm doing each wrong??

    Once I have this solved, I should have pfsense doing everything needed including dns.

    I hope someone has encountered this problem and has advice to fix it.

    Thanks

  • WAN can't ping after I allocate it a static IP?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    V

    I managed to get it working by using the setup wizard and not bypassing it by clicking the logo above it.
    From a comparison, I entered the same information manually as I did in the wizard, so I'm not sure why it now works.
    But it does.

    Thanks for your reply.

  • About virtualization and very high throughput

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    Y

    Use the pci passthrough feature. It will come at a cost (upped power consumption, because freeBSD NIC drivers appear to do that compared with linux). I am running xen with a pfSense VM, and I found that the CPU time went up when moving traffic that went through my LAN interface (which was the shared interface, the WAN interface already had a passthrough NIC). Because all traffic that came in to the LAN interface was inevitably destined for the WAN, I didn't hit a transfer limit cap, but I estimate I would have been capped at somewhere between 50 and 100MB/s. No good. So I installed a third NIC and also passed that through as the LAN interface, Power consumption went up by 2W, but the CPU never goes up for network transfers now.

    The reason is that  (in linux+xen anyway), when running a purely HVM virtual machine (required, since BSD + paravirtual drivers don't really work yet), qemu-dm is used to emulate the device. This process uses a lot of CPU-time (read: it's crap) and is a major cap for network and disk I/O. Disk I/O will still suffer the same limitations, but one doesn't expect too much disk I/O for this to be a serious concern, unless you have lots of logging (then use a remote log server I guess?). A linux virtual machine doesn't have this limitation, because paravirtual drivers do work, and this allows a HVM guest to control the I/O device directly (indirectly) through some PCI front and and back end drivers in the guest and host that doesn't rely on device emulation, like qemu-dm.

    So basically, if you want a high throughput firewall system, its absolutely possible. You'll probably need a remote logserver, your hardware must support VT-d (or AMD equivalent which provides IOMMU, don't know its commercial name, and its essential bother motherboard and CPU support this properly), and your hypervisor should support using IOMMU (I imagine all paid hypervisors do by now, xen and by extension citrix xenserver, most certainly do).

  • New esxi 5 build with pfsense help with NICS

    Locked
    17
    0 Votes
    17 Posts
    10k Views
    B

    I'm surprised it only happens every minute.  This is DHCP traffic, as heper has said.  It's cable modems obtaining or renewing leases.

    If I leave on the Log packets blocked by the default rule I see the DHCP requests and replies for every cable modem on the same segment of cable.

  • Clock Sync Issue on ESXi 5.0 Ent + running 2.0.1 RELEASE x64

    Locked
    8
    0 Votes
    8 Posts
    7k Views
  • ESXi and multi WAN

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    H

    yeah you can do vlan's for your wan's either on esxi or pfsense. I've done both.

  • PfSense and xen PV drivers

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Y

    I found something that shows some promise for getting this out of the box

    http://wiki.freebsd.org/FreeBSD10

    But that probably wouldn't materialise and trickle into pfSense 'til 2013, maybe 2014 ..

  • Lab setup using vmplayer

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Pfsense installed in VMware.

    Locked
    8
    0 Votes
    8 Posts
    7k Views
    johnpozJ

    "172.6.0.1"

    You mean 172.16 ? 172.6 is not a valid private IP range.

    So you say your vmware intefaces 1 is bridged, 2 is Custom: Specific virtual network: VMnet2

    That doesn't really tell me much about interface 2, and what is connected to what?  your wan of pfsense is connect to vmware 1 and is bridged to your physical interface, and what network is that on?  You can not assign your pfsense a IP of 192.168.2.19 and expect it to work if its bridged to a physical network of 192.168.1.0 etc..

    Again - are you running workstation, server, esxi ?  How are you vmware interfaces connect to your physical network?  What physical ip ranges are you using.  Can not help you if we do not understand how your trying to set this up.

    Are you wanting to use this pfsense install as the actual router for your physical network?  Are you want to just play with it?  What networks do you want to route/firewall between?  2 virtual networks, which one do you want connect to your physical network - if any?

  • XBMC + PFsense on same divice

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    johnpozJ

    Your in the visualization section, so I assume your asking how to visualize your router (pfsense) and have another VM that runs xmbc.  Sure that would not be an issue at all.

    I currently run my pfsense on a N40L box as VM, and have multiple other VMS running on that same hardware N40L - I installed the free ESXI 5 from vmware on the n40l.  Then created whatever vms I need, one is router - then others for my NAS, my test workstations, couple linux distros, couple bsds, test 2k8r2 server for active directory testing, etc.  There should be no issues running a xmbc vm.  I currently stream all my moves from my NAS vm.

    So what hardware do you have to work with?  And what virtual software are you most familiar with?

  • Bug report - pfsense on ESXi 5 freeze

    Locked
    13
    0 Votes
    13 Posts
    11k Views
    A

    After a power cut,

    uptime 14 days, 15:29

    which I think it means that this is a fix/workaround. before it would fail within a week and need to be restarted.

  • PfSense & xenserver

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Problem with DHCP from WAN interface

    Locked
    10
    0 Votes
    10 Posts
    6k Views
    johnpozJ

    Check out the other thread on this - I have uploaded a modified dhclient that has ttl set for 128 vs 16.  Still not understanding why it would be set so low?  Why not just use the OS default setting for ttl.  For freebsd that would be 64.

    http://forum.pfsense.org/index.php/topic,51803.0.html

  • Problem with receiving DHCP WAN IP

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Pfsense with openvpn under KVM

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    R

    Cool! Did you have to install pfsense youself or did the product come with? I'm most concerned about installing the drivers for it to work in KVM.

  • PfSense + ProxMox + RealTek = Millions of collisions (solved)

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    D

    Realtek and anything is a nightmare.

    Open Solaris also has issues, I had to swap it with an Intel PRO 1000 CT to fix my fileserver access issues.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.