Curious why your changing ports in your forward from 3395 to 3389?  You sure you actually told your rdp client to connect to port 3395?

Here
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

And also if still having issues - post up screens of your rules so we can see what your doing wrong.. Have source port set is common mistake.

You sure its not just local firewall of where your trying to rdp too - this is another common mistake.  Your off that boxes local lan, so its firewall most likely is not going to have that open.  Unless you set it to be.

If you haven't seen it, check out http://forum.pfsense.org/index.php/topic,56565.msg364122.html#msg364122 for ISO images to install pfSense with Hyper-V support. YMMV.

AFAIK, WSrv12-R2 doesn't include a new version of the Integration Services for BSD -and even if it did, I don't know how you'd go about installing them in a running pfSense install, it likely doesn't have all the required components-, so it is up to the FreeBSD on Hyper-V open source project to release updates. There likely have been improvements in this port (the source patch we're using in the build is over 1 year old). Maybe next month I'll try to see if I can incorporate those fixes in the build process. Meanwhile, you could try the current build to see if it works for you, and post your experiences in that thread.

I have the same issue in Vmware workstation 10.  It's just flaky.  It "should" work but not so much in practice.  Works great using Virtualbox.

@invader7:

If you are familiar with making the basic pfsense setup to work , that means , assign public ip , assign lan ip , access pfsense , give virtual machines lan address etc.. then the only "problem" you are facing is how to access your virtuals using real ips.

i think this is your answer

Youtube Video

Thank you for the reply.
I had actually seen this video before posting however it says how to assign public IPs to internal hosts (meaning that the internal servers have IPs of private range i.e 192.168.0.x).
Yes this is easy, however this is NOT what I am trying to do here. I want to assign the public IPs DIRECTLY inside the servers so for example all server deamons are bound to a PUBLIC IP and not a private one (which would introduce NATing).

At the same time (and IF this is possible) I would like to control (at the pfsense level) what ports are open on those public IPs and hence stop/drop everything else, otherwise I would have to install a software firewall inside the VMs.

Is THIS possible?

Thank you

Just solved the issue. Turned out to be bound to virtio drivers.
Setting the NICs to e1000 solved the issue.
Lost some settings in the switch, like NAT rules (but not their firewall rule) and DHCP scope, etc. While other settings remained intact.

I was able to get it working by using virtual guest tagging basically I'm using the 802.1q driver inside of Pfsense. Also by doing this I basically removed the vswitch from the picture. However, this weekend I plan on trying to make it work via virtual switch tagging.

Download the iso from one of the mirrors of pfsense official site for example this one http://pfsense.foofus.com:81/downloads/pfSense-LiveCD-2.1-RELEASE-i386.iso.gz

Create a new virtual machine and give it the extracted iso as the installer disc , customize hardware and add 2 NICs

the installation is dead-simple , take a look at youtube http://goo.gl/EWKMQK

Here is the solution i followed…

http://serverfault.com/questions/353223/recommended-way-to-setup-a-secure-esxi-environment-with-a-publicly-accessible-ra/353242#353242

I followed steps 1-5

Here is how to configure openvp

Youtube Video

@biggsy:

Did you enable promiscuous mode on the vSwitch and permit forged transmits and MAC address changes?

I haven't had the need to do it but I think that's what's needed.

Please suggest me how to permit forged transmits and MAC address.

Input 3072 to that blank.

My memory usage has decreased from 90% to 88%, so my settings are working.  It maxed at 90% before purging cache.

90% utilization is good enough for me.

Because you have more ram than me, you may later need to adjust up or down slightly on the HDD cache.  Keep an eye on it.

I have resolve the issue.

What happened is that, due to imperfection yet of technology, I had to totally detach the livecd, although it has been released already after the first installation. Had my PC reset and boom! It fixed it's own.

I have run 2.1 all through its development and after final in esxi 5.0 and 5.1 and never any issues.  Now even on 5.5 without one problem related to it being a VM.

I have not updated anything from the default for time settings.. My esxi host runs ntp server that syncs to internet - and all my vms and physical use it to sync time.

I don't believe the vmtools you have installed even work Open-VM-Tools-8.8.1, use the 8.7 version.

^ dude read the freaking thread!! before you post and make yourself look - too late ;)

pfSense 2.1 RELEASE under Hyper-V 2008R2

setting

http://knowledge.zomers.eu/pfsense/Pages/Install-pfSense-on-Windows-2008-Hyper-V-server.aspx

ifconfig de0 down
ifconfig de0 up
ifconfig de1 down
ifconfig de1 up
dhclient de0

script
/usr/local/etc/rc.d/interfaces.sh

executed at boot, but does not work, we have to start it manually …

after obtain

....
DHCPACK from (Gateway provider)
bound to XX.XX.XX.XX (issued ip) -- renewal in 300 seconds

every 5 min. is updated by DHCP from the ISP connection and falls off to re-launch /usr/local/etc/rc.d/interfaces.sh

how to overcome it or remove renewal in 300 seconds?

thank's a lot

Interesting idea gi-minni

Have you also looked at VMware NSX?

what do you think your solution would bring to the table over integrating the router/firewall directly into the Hypervisor level?

maybe you could also look at using pfSense + the vmware API for layer 3+ features from pfSense and turn pfSense into a awesome competitor for the juniper and arista networks gear.

most of the NSX is based on Nicira's Open vSwitch so here's hoping for compatibility :)

Don't assign the same subnet for each nic.  Configure a BRIDGE in your interfaces section.  That bridge should give you in the end, ONE interface to assign an IP to.  That is how you would manage the box.

Yes, I presently have any to any passing all.

first hello to all :-)
i'am new here.

ok, i have an working pfsense as router/firewall and a debian installation as client on virtual box.
both NICs are configured with static addresses in pfsense (lan and wan and just ip4 network).

setup values:
first ethernet adapter is the NAT (select him as first NIC).
second ethernet adapter is Host-Only (allow access for vms and host).

pfsense config (i didn't use dhcp and configured both nics with static ips)

wan config: ip is 10.0.2.15/16, gateway 10.0.2.2, dns 10.0.2.3 and 192.168.*.1 (my physical router outside virtualbox u have to choose your router ip etc…)

lan config: ips is 192.168.1.1/24

and it workes fine.

a nice day for all
mahadev