Hypervisor configuration not adding 2 NICs for virtual pfSense
-
I am trying to build:
1 bridged router.
2 physical wired NICs for WAN and LAN.
1 machine running Debian based OS, running hypervisor KVM/Qemu/Virt manager.
1 VM router pfSense.The machine sees the 2 NICs, however the hypervisor seems to set up 1 virtual bridge?
I think I need 2 bridges to see the 2 NICs?
Here's my network topology:
.
Configuring the network has a few options like
GUI: Virtual Manager.
TUI: Network scripts, Nmcli tool or Virsh command.
I tried the GUI, but Virtual Manager seems to show 1 NIC using Virtual Network Interface with a Network source: Virtual network 'default':NAT. I'm wondering why Virtual Manager only shows 1 NIC and a NIC unrelated to my 2 physical NICs?
Virtual manager has an option in Virtual Network Interface Network source to select Host device enp2s0:macvtap. Maybe this should be selected for 1 of my 2 physics NICs?
Creating a new VM in the hypervisor offers an option at Network selection as default, Virtual network 'default':NAT, however maybe I should select the option: Host device enp2s0:macvtap, Source mode: Bridge?
Regardless, after selecting enp2s0:macvtap, the VM router pfSense installs and only shows 1 LAN (vtnet0) -> v4: 192.168.1.1/24.
In VM router pfSense install, I select 1) Assign interfaces and the only valid interfaces are:
vtnet0 52:54:00:6c:84:7a VirtIO Networking Adapter.
This interface is Virtual Manager's NIC MAC address, not any of my 2 physical NICs' MAC addresses?I tried the TUI Network scripts, creating this file in /etc/network/interfaces, however same issue?
# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: # ip -c a, for interface details. # loopback device. auto lo iface lo inet loopback # WAN port (NIC1, top of case with I/O shield stuff). auto enp3s0 iface enp3s0 inet manual # LAN port (NIC2, bottom of case at PCIe slot). auto enp2s0 iface enp2s0 inet manual # WAN bridge pfSense is connected with veth0. Veth0 is the FreeBSD Network Interface Name for virtio Network devices. auto virbr0 iface virbr0 inet static bridge_ports enp3s0 bridge_stp off bridge-fd 0 # LAN bridge pfSense is connected with veth1. # Gateway is pfSense. auto virbr1 iface virbr1 inet static address 192.168.1.120/24 gateway 192.168.1.170 bridge_ports enp2s0 bridge-stp off bridge-fd 0 bridge-pvid 4095 bridge-vlan-aware yes bridge-vids 1-4044 # Save, exit and restart networking service:~$ sudo systemctl restart NetworkManager > Enter.What am I doing wrong please?
-
@eiger3970-0
You have set up two virtual bridges, virbr0 and virbr1, each using one of the NICs as slave.In the VMM VM network configuration then select "brigde device" at source and enter the desired bridge below manually.
The "virtual network" settings in VMM is for configuring virtual networks, isolated or natted.
An isolated network can be used as DMZ for instance. A natted won't be needed, if running pfsense as a router within a VM. -
This post is deleted! -
@viragomann That fixed the hypervisor/VMM seeing the 2 NICs.
Now, my host machine cannot ping the VM and vice versa. My host machine needs to ping the VM router, so I can load a browser and configure the VM router.My VM router can ping the LAN printer and google.com though.
Maybe I need to install a 3rd NIC for the host machine to be on the LAN?Here's my updated network topology:
-
@eiger3970-0
No, there is no additional interface needed for this.
It's not clear from this map, where the host is connected to now. But from the network settings above, it should be vibr1, which is LAN.
So any traffic from the host to any other subnet or internet has to pass pfSense. Therefore you have to set the pfSense LAN IP as default gateway on all devices. Check if this is done correctly.Also consider that you have to allow access from outside on the devices in the virtual network. By default this is blocked by their own firewalls. Or maybe disable their firewalls for testing purposes.
-
@viragomann the 1st post with the /etc/network/interfaces file is no longer used, as the VMM's GUI setup the bridges nicely.
Here are the current /etc/network/interfaces files I have tried to ping 192.168.1.1 on the VM router from 192.168.1.120 on the VMM host machine are:# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: auto lo iface lo inet loopback auto enp3s0 iface enp3s0 inet static address 192.168.1.120/24 gateway 192.168.1.1# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: auto lo iface lo inet loopback auto enp2s0 iface enp2s0 inet static address 192.168.1.120/24 gateway 192.168.1.1# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: auto lo iface lo inet loopback auto macvtap1@enp2s0 iface macvtap1@enp2s0 inet static address 192.168.1.120/24 gateway 192.168.1.1# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: auto lo iface lo inet loopback auto macvtap1 iface macvtap1 inet static address 192.168.1.120/24 gateway 192.168.1.1# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: auto lo iface lo inet loopback auto vtnet1 iface vtnet1 inet static address 192.168.1.120/24 gateway 192.168.1.1I updated the network topology a little to make it clearer?
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on