Not a dumb idea. Actually a pretty basic one to protect your host behind pfSense. As Mats has explained, when you setup your vSwitch in Hyper-V Manager, there is an option to "Allow management operating system to share this network adapter”. By checking that box a new virtual NIC will appear in your host's network config. Configure that virtual NIC as if it was a physical NIC connected to that vSwitch. DO NOT change the configuration of the physical NIC in the Host's network config, that will break the vSwitch config. Basically you're using Hyper-V to virtualize your host network configuration the same way it's done for the VMs. Ideally, to accomplish what you're looking for, the NIC that connects to your modem would be attached to a vSwitch where “Allow management operating system to share this network adapter” is NOT checked so your host OS doesn't have access to it. Then you share your LAN vSwitch and configure your host to use that.

Found out what was happening. My motherboard is a Supermicro MBD-X9SCM-F-O with dual ethernet ports: 1x Intel 82574L and 1x Intel 82579LM. I was trying to passthrough the intel 82579LM, and couldn't make to survive a guest reboot. I switched to the other port, passing though the intel 82574L and it works a as charm. So it wasn't a configuration/KVM issue but rather a NIC drivers one.

Good info @johnpoz, I would say before adding the vmkern to the LAN side maybe setup a VPN with OpenVPN in PfSense ? This way you can just VPN into the LAN side network to manage the server && just lock down the vmkern on the WAN side in tell needed… ;) Oh and I found this when googling it may help a bit as reference material even tho they are using two NIC's in this HOWTO https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

with pfsesne 2.2 32/64 bit  and xs 6.5 : there is not parent nic in the vlan define window on pfsense , and the speed of nic 100 or 1000 not shown i am sure the xs 6.5 does not detect pfsense NIC driver i have tested PF ver 2.1.5 64/32 bit , everything works good any help or experience with Pfsense 2.2 on xs 6.5 about this issue ???

there you go so now you have a different wan IP.. but yes that makes sense.. Not what you were seeing before where you seeing on the wan 10.x as source address.

UPDATE: Still loving the install - does everything I need, and has solved several network issues I was having with my ASUS rt-ac68. 5-stars to pfSense! Only niggly problem is that the i350-T4 under Virtualbox and kvm uses 30-40% CPU when downloading at ~20Mbit/sec. The problem with kvm is that on my hardware (p7p55d-e-pro M/B and i5-750) I can't do vt-d passthrough of the PCI-e slot, hence the i350 NIC has to run using emulation (have tried with both the e1000 and virtio driver under pfSense 2.2.4, and disabled hardware checksum offloading). I contemplated upgrading to vt-d capable hardware (not that easy with consumer motherboards - grrrr ASUS/MSI/Gigabyte!), but an additional hassle was the odd occasion when I want to boot into windows (from Arch linux) and have to refiddle to get the virtualised pfsense router rebooted and running, which results in internet and LAN downtime (hence lower WAF). I also don't want to be bothered to move my multiple OS installs to a hypervisor environment, as they're currently multibooting from separate hard drives. So I have now purchased an ex-lease PC for use as a standalone pfSense box. I've gone with an HP Compaq 6300 Pro (i3-3220, 4GB, 500GB) which should be relatively low power consumption and have more than enough grunt for my current and future needs which at present are: 100/20 Mbit WAN, half a dozen LAN clients, and openVPN server for me as single-client road-warrior. Most importantly, the HP box has a PCIe slot for the i350-T4 - did not want that $60 to be wasted!

Dude I have no idea what you should or shouldn't do.. I have no clue why you think you need to put public IP your proxmox interface..  Why as it not setup before?  Why would creating a vlan disturb anything? Your statement that you "hate" vlans tells me your in the wrong field of work or play… Just giving you your options.. But the IP on the device behind pfsense directly, use a port forward or do a 1:1 - why you think you actually need a public on your server behind pfsense I have no idea.  But if the segments are routed to you it takes 2 seconds to set that up.

If you were going to use pfsense to route your traffic to firewall your VMs then package is clickity clickity..  But to be honest if you want to really run snort, etc.  And have full control and power and feature set, etc.. Better to run it on your own VM not the package integrated into pfsense.

Its 2.2.4 with VMWaretools. VMWare - Workstation In Pfsense 8-9% Hosttaskmanager 30% [image: PFsense224highcpu.jpg] [image: PFsense224highcpu.jpg_thumb]

@VFrontDe: To work around the issue I modified the driver to ignore invalid NVM checksums. you make it sound so easy… also, the stuff on v-front.de is amazing. thank you for all your work.

Thanks for the input Keljian. Another helpful user recommended I try enabling MAC address spoofing in the NICs within Hyper-V… as soon as I did that I was immediately able to connect to the admin GUI on those NICs.

@KOM: Also, I think I remember recently people were having trouble with the VMX NICs under load, and that problem wasn't present with the E1000's.  It is also debatable as to whether or not to install VMware Tools.  FreeBSD base already has the NICs, so it's really only required if you must have the server heartbeat, and even then it is a trick to get them properly installed.  Search this forum for other posts about VMware Tools/Open-VM-Tools. Not sure if this makes a difference, but I've noticed the latest openvm tools made a bit of a difference re latency

Thanks for your reply, I managed to get xentools installed so thanks for that. I however need to change a few things, if pfsense is off I can't access xenserver as it's IP is 192.168.2.2 and my computer trying to access it is 192.168.10.3. It can't access it if pfsense is down. If I give Xenserver a static IP in the 192.168.10.0/24 range I can then see it ok but then my Server 2012 running my exchange can't talk to the rest of the network as it's IP is 192.168.2.3 I could probably change everything to the 192.168.10.0/24 range I guess if that will work better. Regards Jamie

128mb is not much for an internet café…. I run 2GB for my homenetwork.

your WAN use ppoe or dhcp?

i use Proxmox v3.4 and Pfsense 2.2.3 for NIC i use Virtio  and in pfsense setting under System –>Advanced -->Networking i tick Disable hardware checksum offload and it work fine for me. I don't have slow wan anymore.   [image: Capture1.PNG] [image: Capture1.PNG_thumb]

Ok I stand corrected - and appreciate the dialogue!