After playing around with pfsense i have a few more questions, i have a ps4 and a PC connected via powerline, i would like to isolate these devices to "another" network for security reasons but i will need these devices to have internet access. How i can do that? can i create another bridge nic and asign it to pfsense as another lan port?

Can you guide me with a few security tips in order to setup pfsense?

If i need to create other VMs and connect them to my main network where i will bridge them?

@kiko83:

question 1) please i need help to configure the network!

on vmware workstation > virtual machine settings > i have added 2 network adapters, first one is  Bridget, but is not checked "replace physical network connection state", and another one network adapter is Host only.

Question 2) which options are best for me to make this to work properly? do is needed to change the first adapter to another one?  or the option "replace physical network connection state" to be checked ?

question 3) which is the procedure to make this thing to work?

I would use a virtual bridged adapter on the NIC from "the network which is coming by lan" as WAN for pfSense, on the additional NIC (WI-FI?) on the host system I would disable all services except of the vmWare-Networking, add a bridged virtual adapter on it and use it as LAN for pfSense "do is needed to change the first adapter to another one?" - no, the "Host only adapter" should not be used for your configuration - it is in the "localhost" network, which can normally not communicate with physical devices, "replace physical network connection state" seems to be good for pfSense - it will see, if the physical cable is connected, the question is too general, try to look at the documentation of installing pfSense on a virtual host, e.g. https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox, to general pfSense installation documentation https://doc.pfsense.org/index.php/Installing_pfSense , to "getting started" guides, read this forum, etc.

I was having the same issue. Here's what fixed it for me:
1. Disabling the dest/source checks from the Instances panel only disables the check for the primary network adapter
2. Go to Network & Security > Network Interfaces
3. Right-click on the LAN adapter (172.16.0.1/24) and choose Change Source/Dest. Check -> Disable

@Derelict:

Use the ID of the inside pfSense interface.

BINGO! That was it. I had to manually copy the Network Interface ID for the LAN adapter on the pfsense instance and paste it into the target for my new default route for the private subnet (writing it out for others to easily follow what I needed to do to solve this).

Thanks!

You can host anything you want on your VM setup.. Sure if you want to run Acitive Directory or LDAP.. have at it..

Well, I used the pfsense iso to get into single user mode, managed to fix errors with fsck to the point that I could copy config.xml and a few scripts I created to another volume and re-installed.

Read up one post. There is no identifiable problem with the firewall software. I would suggest starting another thread detailing exactly what you are seeing instead.

@yarick123:

I had problems, similarly to yours, as I had not correct routing + outgoing NAT configuration. It can be also something wrong with the Virtual IPs configuration. Or are you forwarding the firewall ports?

Thank you for your answer and sorry for the delayed reply. I was on vaction…

I solved the problem by reinstalling pfsense from scratch. I guess something was wrong with my vlan config and stuff because i experimented a lot with different setups and so on plus I started with a double NAT setup and then made the switch to connecting directly through a modem to the internet. So portforwarding is now working as expected. :-)

@yarick123:

For test purposes I would disable check-sums offloading on all possible physical/virtual NICs.

Don't have to do this since I reinstalled pfsense. I'm not touching the proxmox network settings manually anymore.. ;-)

Thanks for your help!!

I went back and looked at the WAN rule before I was going to screenshot it and I saw my mistake, under destination I had manually put in the WAN IP address. I changed it to "WAN address" and its working now, so thanks for that.

I'm still having issues with getting the VM connected. I've pretty much left everything default with regard to this, I'm not sure if I need some NATing rule?

I had a look through the doc you send me, I appreciate that in a normal setup using a VPN would be better but this is purely to separate my VM network from my home network so i'm not fussed about the security hole of having the webui accessible from my home network, i'll never be accessing it from public address space.

Thanks

I have a TP-LINK TG-3468 PCIe NIC as my WAN adapter for pfsense. I had to switch the VirtualBox "Adapter Type" for that NIC from Intel PRO/1000 MT Desktop to Paravirtualized Network (virtio-net). From what I have read in the VirtualBox documentation the Paravirtualized Network (virtio-net) adapter type is special in that it doesn't virtualize the network hardware when it is already supported out of the box by the guest OS. (https://www.virtualbox.org/manual/ch06.html#nichardware)

In any case, after making that change, pfsense worked like a champ! I guess I'll see if it has any ill effects as I begin to get deeper into pfsense. Thanks for all your help yarick123 and point me down the right path. ;D

I decided to try installing pfsense on Hyper V on Win 10 Pro and I got a HUGE boost in speed. I seem to get around 600 Mbps download and 900 Mbps upload. My understanding is the loss in upload speed is in the normal range, but the download still seems like abnormal loss (but far better then the 90% loss before), as soon as I take it off pfsense it is always 900 Mbps+. I just can't find what is bottlenecking. Is there anything for me to check in that range? I also think its really weird that now I have upload working pretty normally, and download is experiencing a 300 Mbps loss.

I'd also prefer to use Ubuntu as the host system, if anyone has any ideas on why Virtualbox performance is sooo atrocious on reasonable hardware?

But in this case the ppp connection should be configured for the interface. You did not say anything about it. Have you configured ppp[oe]?

Don't mind if anyone gets the same issue at least they might benefit from what i did, ..

Did pci passthrough basicly the same result, ..
Tried to see if it was related to only pfsense installed opnsense same result, ..
Made lagg0 of 4 pci gbit nic same result, .. not tested this senario on opnsense though.

I've got the impression there's some sort of bottleneck, .. not quite sure if it's vtnet related.

What are you gaining by using NIC passthrough??  The vNICs have worked well for me for years.

OK, that is good to know. I seem to recall reading that performance (or something) was better with vmx. However I will switch if that's what it takes for reliability.

I think some questions are funny and some answers are funny and that not every post that lands here is as serious as you might like.

But you are entitled to your feelings, so have at it.  Come on - Disabling both IPV4 and 6?  Its a little funny….

Not every reply to every mistake I ever made was serious either and I managed not to lose my cool.

That said, I just joked because you already answered the issue.

I have come accross the same thing.

The problem i have is when pinging the 2 carp boxes ping is fine.  When i ping the virtual ip address i get ping drops.]

I'm struggling with vmware and pfsense.

Mat

Is there anyone who has got this working?

Any resolve on this? I got the same issue