Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense Configuration Issue with VMware ESXi

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 202 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hollowman
      last edited by

      I am attempting to create a network within my VMware ESXi 7.0 environment, which has a single network interface card (NIC).

      The network configuration on the ESXi host is as follows:

      Virtual Switch: vSwitch0
      Port Groups: WAN and LAN (both are associated with vSwitch0 and VLANID of 0)

      The pfSense VM running has the WAN interface associated with the WAN port group and LAN interface associated with the LAN port group. There is another Fedora endpoint (with its Network Adapter set to the LAN port group) that is running with the gateway set to the IP Address of the pfSense VM.

      What I would like to do is create a network configuration such that any VMs that have their Network Adapter set to the LAN port group (+ gateway pointing to pfSense) have their traffic controlled via the rules configured in pfSense.

      To that end, I have been successful in blocking IPv4 ICMP traffic towards remote hosts but when I type in ping www.google.com, then it resolves the IPv6 address (for hosts that do not have a IPv6 address, I get the "N. I have configured a separate rule that blocks IPv6 ICMP traffic but to no avail - the ping packets receive a response:

      PING www.google.com(lga34s32-in-x04.1e100.net (2607:f8b0:4006:809::2004)) 56 data bytes
64 bytes from lga34s32-in-x04.1e100.net (2607:f8b0:4006:809::2004): icmp_seq=1 ttl=114 time=25.4 ms 64 bytes from lga34s32-in-x04.1e100.net (2607:f8b0:4006:809::2004): icmp_seq=2 ttl=114 time=17.1 ms
64 bytes from lga34s32-in-x04.1e100.net (2607:f8b0:4006:809::2004): icmp_seq=3 ttl=114 time=21.3 ms

--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 17.059/21.235/25.394/3.402 ms

      Additionally, I would like the VM not to be able to ping local hosts as well - essentially everything goes through the firewall. I have achieved this via the route command on the Fedora system, but a consequence of this is that I can't SSH into the VM from my local network.

      Is my network configuration correct? Additionally, why do I fail to block the associated ping traffic with the IPv6 rule configured?

      Note: I understand that ICMP has it's uses, but I would like to learn how to set things up the right way!

      If there are any details that I can add to aid my query, please let me know and I will more than happy to do so.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.