It will load but cant take something like 30 mins.  :-\

You can do port forwarding if you are ok with using ports like your example :5700 and :5600

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

You would use a reverse proxy if you want to allow access via dns name that all points to your one public IP.  so for example www.yourdomain.tld points to 192.168.1.158, while ftp.yourdomain.tld points to .159  If your ok with just using ports on the url like you gave in your example than a simple port forward works.

@Asgaroth:

I would be interested in a howto on SmartOS and pfsense:)

The only issue I have with smartOS at the moment, and also, the only reason it is not running here at home, is because the kvm implementation on SmartOS does not have pci passthrough support yet (it's been a while since I checked if they support it now, but the last time I checked there was no pci-passthrough support (vt-d) in smartOS)

I'm a fan of ZFS and only just discovered Joyent SDC and SmartOS so I could see myself ending up there in the near future and will then need a pfSense instance so I'd love to see more support.

I run tools on pfsense 2.1.5 i386 and never have any issues, are you running amd64, then there is a thread about comment out part of the vmware tools script that creates the not configured file.

I have updated the docs for vmware tools that touches on this subject.

https://doc.pfsense.org/index.php/VMware_Tools

If you are having problems with tools not starting on reboot, you can edit /usr/local/etc/rc.d/vmware-tools.sh Have not seen this on 32bit pfsense, but have seen reports on 64 after say 2nd reboot

Comment out the whole section

if [ "$exitcode" -gt 0 ]; then
    # Set the 'not configured' flag
    touch "$vmware_etc_dir"'/not_configured'
    chmod 644 "$vmware_etc_dir"'/not_configured'
    db_add_file "$vmware_db" "$vmware_etc_dir"'/not_configured'
    "$vmware_etc_dir"'/not_configured'
    exit 1
    fi

And is there a not_configured file?  If so you didn't comment out the .sh correctly.

Build  1623387?  That is Update 1, way back in March..  Yeah I would update lots of changes and fixes and drivers updated, etc.

Use the 2.2 beta for better hyper-v support or run

ifconfig hn0 down
ifconfig hn0 up
(dhclient hn0 only if hn0 get his ip by a DHCP server)
ifconfig hn1 down
ifconfig hn1 up

after every start of your vm

nth that.

(oh hi danswartz, Zarathustra[h] here from over at the [h])

pfSense "just works" for me in ESXi.  Currently on 5.5U2, but been using it since the original 5.0 release.

The web interface has a simple installer for the Open-VM-Tools package.

Some people cringe at the thought of having a guest be your firewall, due to potentially added vulnerabilities, but I think that risk is relatively minor.

Even so, I have direct I/O forwarded a dual port intel NIC to my pfSense guest, to further minimize the risk of exposing the VMWare virtual network.  (It also improved latencies a tiny bit)

Good luck.

Why do you need a physical nic to connect VMs?  think of your vswitch as just a normal switch with the physical nic just being a connection to the real world switch.

All your VMs can talk as long as they are connected to the same vswitch, or if there is a router connected between the vswitches - pfsense with a  vnic in connected to each switch.  As long as one of the legs as tied to real world with physical nic, then even the physical world can connect to the virtual connected only vms via pfsense.

I wouldn't worry too much about the discovered IP ranges.  Kind of a useless feature if you ask me ;)  But it determines it by broadcast
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006744

If you don't have cdp or llmr switch you could do this to get it set how you want it to your network,  etc..
http://sostechblog.com/2012/08/13/vsphere5-setting-the-observed-ip-range/

So back to your physical nic - do you have boxes that you want in this DMZ that are physical?  If not then why do have physical nic on that vswitch?  See my w7 box there in my dmz..

I can ping it from my lan segment from a physical machine

C:\>ipconfig                                                            Windows IP Configuration                                                Ethernet adapter Local:                                                  Connection-specific DNS Suffix  . :                                    IPv4 Address. . . . . . . . . . . : 192.168.1.100                      Subnet Mask . . . . . . . . . . . : 255.255.255.0                      Default Gateway . . . . . . . . . : 192.168.1.253                    C:\>ping w7x64-vm                                                      Pinging w7x64-vm.local.lan [192.168.3.206] with 32 bytes of data:      Reply from 192.168.3.206: bytes=32 time=1ms TTL=127                    Reply from 192.168.3.206: bytes=32 time=6ms TTL=127                    Reply from 192.168.3.206: bytes=32 time<1ms TTL=127                    Reply from 192.168.3.206: bytes=32 time=1ms TTL=127                    Ping statistics for 192.168.3.206:                                          Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),                Approximate round trip times in milli-seconds:                              Minimum = 0ms, Maximum = 6ms, Average = 2ms                        C:\>tracert w7x64-vm Tracing route to w7x64-vm.local.lan [192.168.3.206] over a maximum of 30 hops:   1    <1 ms    <1 ms    <1 ms  pfsense.local.lan [192.168.1.253]   2    <1 ms    <1 ms    <1 ms  W7X64-VM.local.lan [192.168.3.206]

And it can talk to the internet - but it can not talk to my other segments because I have that blocked.

If you don't have a need for a physical devices to be on a specific segment you don't need a physical nic on it.  Which you could then prob put lan on its own vs sharing with your vmkern

If you're not going to go with a Type 1 hypervisor then you're stuck with a Windows or Linux host directly connected, which is bad unless you have experience hardening Windows/Linux servers for the Internet.  You can go with the option kejianshi suggested and put two boxes in serial, WAN <-> pfSense <-> LAN <-> Custom Server.  However, if you've only got the one router with no redundancy then no matter what someone does to it, you're hosed regardless of whether it's hosted on a Type 1 or physically installed.  Going with small PCs also has the hassle of failing fans and hard disks to maintain which can bring the house down when they fail.  It's going to be a challenge to get high availability on that budget.

check this:

The "Realtek PCIe GBE Family Controller" NIC can be configured to not strip the vlan tags, by going to the Adapter Settings and setting "Priority & VLAN" to "Priority & VLAN disabled"

Do you have virtual switch in hyper-v?

You have to assign static address in virtualPfSense, within same network, your LAN is configured.

pfSense
192.168.1.1

Hyper-v
192.168.1.2

pfSenseVirtual
192.168.1.3

If you want more specifig answer you have to describe you network more specific (vlans etc).