Ive put a tad more traffic on the network… LAN interface (le1) Status up MAC address 00:0c:29:6b:26:f4 IP address 10.10.10.1  Subnet mask 255.255.255.0 Media autoselect In/out packets 728395/1259410 (113.04 MB/1.70 GB) [b]In/out errors 125/0[/b] Collisions 0 WAN interface (le0) Status up MAC address 00:0c:29:6b:26:ea IP address 216.151.xxx.xxx  Subnet mask 255.255.255.192 Gateway 216.151.xxx.xxx ISP DNS servers 4.2.2.2 4.2.2.1 Media autoselect In/out packets 1301400/726785 (1.70 GB/116.27 MB) [b]In/out errors 70/0[/b] Collisions 0

@EddieA: Here's how to set up your VMs on ESXi with 2 NICs.  As they say, a picture is worth a thousand words: [image: EsxiNetwork.jpg] Cheers. I like the setup.  I am going to setup like yours :). One NIC going to the WAN port of the FIOS router.  The other NIC for internal connections with VMs. tnt

This thread may possibly be of interest to you, especially if your ISP supports what is being discussed there: http://forum.pfsense.org/index.php/topic,23094.0.html

Congrats doomsday, you've gotten yourself banned. It's rather obvious you have absolutely no idea what you're talking about, and not the slightest clue about networking. Then you attack someone who is trying to help you and clearly knows what he's doing from his 1400+ posts here.

I did it with proxmox, working pretty good.  Was wanting untangle for some utm stuff since i cant keep the l7 stuff in pfsense 2 working without blocking everything or crashing.  Works exactly as planned, i just created a dmz and didn't do a tbridge, w/ two physical nics for in/out interfaces.  Untangle pissed me off since there are no good reports for the webfilter w/ out paying for esoft.  So was looking at redesigning and putting a pf+squid back in front of untangle and converting to tbridge.  So it would be a dual pf setup w/ an untangle tbridge in the dmz mostly for layer 7, av.    its really neat, a vrouter appliance.  i can redesign on the fly, etc.  I have 4 gbit intel mobo so i have enough adapters to come back out to the real world for dmz's + portals + extra router/wan interfaces, + i can add to more to my appliance pretty quickly and cheaply.  I had to combine all the diff products to get all the functions i wanted, just had to use more hardware. i added a 2nd 2.5" 160gb 7200 drive just for the untangle vm to run on as it used the disk quite a bit, it took a few mins to boot all the way up on 1 disk, 2-4 or so, still waiting for 2nd drive to arrive.  running on a c2d e8400. would like to get it down to roughly a min and and add a vm or so… .  didn't seem to affect my internet connection at all, im only 10/1 mbps though.  like to do some real world thruput testing, vpn etc...  kinda fun project.  Slap one of those new 1156 chips deskop or server, and that would be some serious firewalling power for SMB if it can perform well.

It is no problem hardware wise….:)

In this case you want to use 1:1 NAT settings and not the Virtual IP settings. with the Virtual IP settings you have, you're telling pfSense to respond to the global IP addresses, but there's nothing to corolate them with the internal IP addresses. with 1:1 NAT, i believe you shouldn't need the Virtual IP settings (although you may)

Hello After some research i found a workaround for this problem. I want to share this if somebody else encounters my problem. I added the following line in /boot/loader.conf kern.hz="100" I rebooted the machine and after that cpu usage is 10-14% from 50-60%

@mali: I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic. (WAN) em0–-->vswitch0-----Pfsense (LAN)  em1---->vswitch1-----Pfsense VM1-----vswitch1       VM2-----vswitch1       VM3-----vswitch1       VM4-----vswitch1 I want to Protect my 4 Virtual Machines whcih are behind Pfsense. All 4 Virtual Machines having Public IP Address . Pfsense (Wan) ----- 202.61.42.15 VM1 ---202.61.42.18 VM2 ---202.61.42.19 VM3 ---202.61.42.20 VM4 ---202.61.42.21 I want to protect these VM through Pfsense. I donot want NAT or Port Forwarding. Can any body help me in configuring or designing this. Not sure if you figured it out yet, but I will answer your question in case anyone else searches for this :) There are 2 scenarios: 1: Using pfsense as a router/firewall with NAT (internal IP's behind pfsense) 2: Using pfsense as a transparent firewall (external IP's behind pfsense) You are talking about scenario #2. For both scenarios, the VM and vSwitch configuration is actually the same. The exception of how you setup pfSense. First of all, you will need to configure pfsense as a transparent firewall, which includes bridging the LAN interface with the WAN. There is a good tutorial on how to do this located at http://pfsense.trendchiller.com/transparent_firewall.pdf On the ESX server you will need to create the following: vSwitch-1 (connected to a physical NIC) vSwitch-2 (not connected to any physical NIC) For vSwitch-1, connect the pfsense WAN interface For vSwitch-2, connect the pfsense LAN side interface Put all your VM's on vSwitch-2. You may need to configure the actual vSwitches to be in "Promiscuous Mode" - you do this inside ESX in the "Configuration" tab via the VI Client. Now add all your firewall rules accordingly. That's it! Hope this helps. -Sean

Well, this is my setup that I have under testing and seems to work. Physical Hardware: Laptop with 1 Ethernet and 1 Wireless built in. 1 dir-825 1 dir-655 1 dwa-160 (usb 2.4/5Ghz card) Siemens Gateway I have the Seimens gateway outward facing as it is being used as the ADSL modem > dir-825 as access point > dwa-160 > laptop > ethernet > dir-655 as second access point. Stupidly complex setup but all i have is a laptop which I use for everything and the dir 655 is only in the equation to test how pfsense works as a NAC/router and AP. As for software typology, I have pfSense as a guest OS inside VMWare 7. (versioning doesn't matter, I originally intended to try and figure out how I could fit esxi into the equation to eliminate all hardware routers and strictly have everything running as softawre and virtualised). Anyway, pfSense as a VM only has two Virtual adapters. The WAN and LAN (for now). On Windows 7, I had VMware create only 1 Vmnet adapter that I will be using. In VMware (not pfSense webgui), I bridged what would be pfSense's WAN interface to my dwa-160 which is connected to the DIR-825. So now pfSense connects directly to my physical network and obtains the physical internal network ip address of 192.168.0.xxx I set vmware to also bridge what would be pfSenses LAN interface to my physical LAN adapter. I put the ethernet cable into anything but the WAN port of the dir-655 (since i am still double nated this way) after turning off DHCP in the router. With both virtual adapters bridged to physical adapters, I am able to test pfSense outside the virtual environment. IE: how physical computers will be affected by pfSense. I did however have to set static IP address for the LAN adapter within pfSenses network segment. Now, to test the network as an access point, I just connect my built in wifi adapter (not the dwa-160, remember I listed I had 2 wifi cards) to the dir-655 which is now successfully hardwired to the laptop and see if the wifi adapter gets an IP address from pfSense, which is a success. However I can't test against pfSenses functionality because Win7 will be using my dwa-160 as it's internet connection and any changes to it will affect network connectivity with the AP and pfSense. For THAT, I load up Win7 in VMware and connect the laptops built in Wifi card directly to it. Once the Virutal Win7 see's the card as a real device, I then do the same, connect it to the dir-655. I get an IP address from pfSense, great, AND I get internet as expected. Traffic is flowing through pfSense as it should and so is the L7 and other QoS rules and the portal. I am sure that it will communicate just fine with the radius server as well. So in terms of a wireless router hardwired to the machine that is running pfsense as a vm and having it act as an AP, yes it's do-able. If your method of connectivity includes a modem that has wireless capabilities ie:Gateway, then the method I described above will work fine. Your physical machine will not be affected by pfSense but you will should still maintain access to the webconf without having to load up a seperate VM. If you want to have VitualBox use a wifi usb as a passthrough device, you will have to check on the HCL if the wifi chipset is a supported device and if OpenSolaris supports it, otherwise VirtualBox won't detect it. My guess is that you may have a lot of device hacking and scripting that you may have to play with.

I'm using a similar setup in testing (just started testing pfSense about a week ago in a VM on ESXi 4). Started with 1.2.3 but I'm testing 2.0 Beta now. VLAN 4095 when marked on a virtual network interface in VMware indicates "pass through all VLANs into the virtual machine" so the VM handles the VLANs. Since you can only add four "physical" virtual NICs to one machine if you define each VLAN as a separate network adapter in ESXi, if you want more than four interfaces on your VM you need to passthrough most of your interfaces this way, per the example in the original post. The only hitch I ran into is that I'm using ProCurve switches and I have ALL VLANs set to Tagged (no untagged VLAN 1) on my VMware hosts. When I pass these through, pfSense refuses to pass traffic on VLAN 1 if I define VLAN 1 and assign it to an interface. However, the other VLANs work fine. I added a VMware-level secondary NIC to my VM that is assigned to VLAN 1 so pfSense sees the VLAN 1 network as "physical" and the rest as VLANs, and that seems to work around the issue. This is in 2.0 Beta from Jan. 8th, I don't recall figuring that out in 1.2.3 so I haven't tested there. However, while I can get to the WAN from multiple VLANs (and the "physical" VLAN 1 interface) behind pfSense, I can't seem to get the routing to work between interfaces (so VLAN 10 can access a webserver on VLAN 1 for example, both being internal networks). I suspect this is something I'm not fully understanding about the configuration though, and not a software issue, since WAN access works.

@ideaman007: Any updates to your testing with the VM?  I'm having some issues myself using pfsense under vmware 2.0 on ubuntu 8.04.3 LTS server. Sorry haven't posted in awhile… I've been running several pbx servers each with pfsense inside vmware server 2.0 in CentOS 5.2 host, successfully.  Under standard Business DSL 5M/768K, these servers handle 25+ computers & extensions, >6 simultaneous external voip calls, and multiple RDP sessions through the vm-pfsense beautifully.  The clients have been very impressed with what they get from a C2D machine.

Its worth buying the book "The Book of XEN". Good read and has a good explanation of how things works. It is basically based on Red Hat but the idealogy in it is very good and easy to understand more of config files and stuff. Anyway just buy it.

alright. I cant access it with crome but can with IE. Very wired.

Ok I resolved this by changing the "Firewall Optimization Options" to conservative and it is running smoothly.

It works just fine. Finally I was able to combine 3x 20Mbit with just 1 NIC, 1 modem and one computer.  ;D