I managed to set up okay on vmware worksation using a spare netgear router connected too the wan port and set up my existing router as an access point connected to the LAN port.

Should I keep the firewall on the wan netgear on or will it be safe to turn it into a dumb modem? ie expose the wan port of the workstation pfsense is running on directly to the internet. I only have the vmware service enabled on that nic, all other services like tcp/ip sharing are disabled?

Also how would someone easily bypass the firewall from the workstation without re-enabling the services on the nic?

@biggsy:

Now there's a good point!  Why didn't I think of that?  I must have been distracted by all those beautiful girls who (amazingly) live in my area and, according to the ads, would just love to date me  :)

You must live near me :) Amazing - I never knew there were so many single cute girls in the area :)

Sorry, definitely use an E1000 adapter.

Biggsy

I just ran up a new pfSense VM and it works perfectly, so I guess something went hinky on the other install  :-\ Wouldn't even detect VMXNET2 Enhanced so had to go with E1000 and started working just fine.

Thanks to everyone who took the time to help, now to try and plumb in the Untangle box for reporting purposes :)

Kindest regards

bb

@cmb:

Either a quirk of the driver, or of VMware's USB redirection, or a combination of the two. That doesn't sound like a very good means of operation, I'd much rather use the NIC on the host, make sure it has no protocols checked other than the VMware bridge (so it can't have a v4 or v6 IP on that NIC, and doesn't offer any other services on it, to protect the host), and bridge it to the VM.

Yea, I was thinking the VMWare redirect, since I've used the USB NIC on a laptop with PFSense fine. But wanted to see if anyone had the same issue and had worked around it. The reason I like the USB connected to the guest is the isolation it provides. I have it set to bridged, now, though.

Thanks,
Ben

You mean beyond the documentation I've already linked you to, which includes tutorials of various types?

There's nothing magical about virtualisation. Plan and design it exactly as you would for a physical network. You just need to take the time to learn how VMWare or VirtualBox work and how to configure networking in them first. Then build your virtual network.

Overall, HV3 is very intriguing.  With PFsense I was able to get the VM to replicate between hosts, but it wouldn't auto-start on the receiving end…  Probably due to no integration services.

I believe the beta Win8server bits will be out in a couple of weeks, so you may want to hold off a bit.

http://files.pfsense.org/jimp/ipv6/

running the lastest on alix and ipv6 very stable :)

:) agreed.. i just want to be sure that i havent got it setup wrong and have future problems

You can use pfSense on WMware Workstation with VLAN Tagging. You need to:

1. Make sure your physical NIC do not strip VLAN Tags.
2. Due to a WMware Workstation (and Player) bug, not more than 1500 bytes will be passed as MTU to your VM. Since your Tags will add at least (if you do not use QinQ) 4 bytes, you should also tune (i.e. lower it) MTU parameter in your VM.

Thx, I was having an issue with my credentials but has been resolved. I was able to access the downloads on their website, etc. and have gotten the ISO.

My problem was that I had downloaded the Dell version and I was using the VMware checksum and was paranoid that I had gotten a bad ISO. I was looking for a 3rd party ISO because I wanted it to match up to the checksums on the VM site.

Sorry for posting here - I was in a bind and it was late at night and wasn't able to just call tech support or my rep and get it resolved.

moderators please feel free to delete.

if this ends up sticking around then if anyone finds this in the future:

(obviously) the dell esxi 5 iso does not match the vmware iso's checksum and vice-a-versa.

I did this just the other day and in my vSphere I do have an option "connected on power on"

Another thing you can try, you may change the LAN bridged interface to use a loopback adapter instead a network card, if I understood your problem well, It should be something like the one described here:
http://timita.org/wordpress/2011/07/29/protect-your-windows-laptop-with-pfsense-and-virtualbox-part-1-preamble/

take a look at page 5  ;)

I found where is the problem.  "Disable all packet filtering" in PFsense.

Thanks for the reply, though a little late…

I have used a different scenario, being helped my the great people in this forum.

I bought an Alix device for my experiments, and now I am ready to go to production using PFSense in ESXi 5, mostly because I need to use packages, that I cannot do with Alix.

Best regards

Kostas

@photonman:

From a security point of view, is it best to have a VM pfSense on its own isolated host hardware or is it okay to share the host hardware with other line of business servers?

My issue is the whole point of virtualization is to more fully and efficiently utilize server hardware but there has to be some kind of security risk when you share the hardware of your network edge with internal servers.  I can go either way as I have the hardware but I would prefer to be more green without introducing unnecessary and real risk to my network.

Either way I enjoy the flexibility and recoverability of the vm for pfsense.

Thanks for you input and thoughts.

To answer your Question, The "safest" way it to install a hypervisor or bare metal virtualisor like ESX or Hyper-V Server from Microsoft. At that point you can create a virtual LAN with multiple switches and dedicate 1 Adapter Bridged to the VM and the other to Bridged to a virtual switch used to administer the host and internal LAN. safer yes since this is bare metal virtualisation. Vmware server that runs on an OS is debatable if hack able despite protocols being disabled on the adapter side.

As you already know by now virtualisation allows for hardware consolidation. Hypervisor's leverage that idea. Long are the days that you need a dedicated hardware for each server.

I'm now having trouble with pretty much every virtual software - on Xen I can't even figure out how to make it happen (on OpenXenManager) and on XenServer I only have a trial so that's out.

On VMware ESXi 5.0 Enterprise Plus I can see the HW pass thru in the configuration but every time I've selected it the system freezes during boot and I've had to re-image the system.

This is a Dell dual-xeon motherboard, not in a server chassis but its a Dell Precision T7400 Workstation - the same exact chipsets that are included in all Dell servers of that vintage.

I have two items in my BIOS related to Virtualization - VMM and Intel VT for Direct I/O. Both are turned ON.

I'm at a bit of a loss because the ESXi 5.0 is a legit licensed (non-trial), fully paid for, etc. VMware support wasn't much help. Its frustrating to be able to see it but not utilize passthru.

Also - The VMware ESXi uses a driver that pfSense recognizes so my only issues with passthu are really the Cisco AIR-PI21AG-A-K9 wireless card (to the pfsense or even having ESXi recognize it) and video cards (not related).

I should have the ability to allocate and share GPU on this version (enterprise plus) as well as pass thru the Cisco AIR-PI21AG-A-K9 card directly to pfSense, which I can't.

Thx for any help, thoughts, suggestions, etc.

@jimp:

By default, pfsense blocks access on the WAN.

True when you have more than one interface, when you have only one interface there is the anti-lockout rule that should solve the problem above  ;)