Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VM access in LAN pfsense from home network

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 301 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      artm1904
      last edited by

      Good afternoon! I have the following structure. In my home network, I have a router and a number of devices connected to it (an OrangePi single-board PC, etc.). My computer is also connected to the router. Several VMs are created on it according to the drawing. I have performed the standard pfsense configuration, configured LAN, DHCP in them, DNS, Firewall rules. As a result, I have internet access from each of the VMs, and the red line indicates that one VM cannot communicate with the other. From these VMs, I can access the internet, as well as other devices on my home network (ping, ssh to OrangePi). But the problem is that I cannot access these VMs from OrangePi (for example, I cannot execute the command on OrangePi #ping 10.10.30.51). I know that it is possible to configure NAT Forwarding, but this will only work for the service on the specified port, is it possible to make all VMs available by its address?Screenshot 2025-03-10 173823.jpg

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        To access the subnets behind pfSense from the orange pi it would need a route to them via the pfSense WAN IP. pfSense would also need firewall rules to pass that.

        pfSense will route between the LAN1 and LAN2 internal subnets by default though. You should only need appropriate firewall rules in place to pass it.

        The other thing you might see there is that VM1 and VM2 might have local software firewalls that reject traffic from outside their own subnets.

        A 1 Reply Last reply Reply Quote 0
        • A
          artm1904 @stephenw10
          last edited by

          @stephenw10 said in VM access in LAN pfsense from home network:

          need a route to them via the pfSense WAN IP

          I just started to figure out pfsense. I understand correctly that I need to add the GatewayLAN1, 2, 3 addresses in the System > Routing > Gateways section (initially there is only WAN). After that, go to the Static Route section and make the settings (specify Destination network 192.168.1.0/24, and in the Gateway section 10.10.20.1 (10.10.30.1 or 192.168.110.1). After that, go to the Firewall Rules section and allow the connection to Source - 192.168.1.0/24, Destination - 10.10.20.1, for example. If I'm wrong about something, then correct me if it doesn't take you long.
          If I made a mistake somewhere in the described algorithm, then tomorrow I can provide screenshots of all current settings in pfsense.

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @artm1904
            last edited by

            @artm1904 said in VM access in LAN pfsense from home network:

            I understand correctly that I need to add the GatewayLAN1, 2, 3 addresses in the System > Routing > Gateways section (initially there is only WAN). After that, go to the Static Route section and make the settings (specify Destination network 192.168.1.0/24, and in the Gateway section 10.10.20.1 (10.10.30.1 or 192.168.110.1).

            No. You should only have one gateway in pfSense itself and that should be the WAN.

            In order to route traffic to those subnets without port forwarding you have add the routes to the Orange Pi directly. And add them via the pfSense WAN IP.

            You might be able to add a route in the ISP router instead but many don't allow that and it will create asymmetric traffic that might be blocked.

            A 1 Reply Last reply Reply Quote 0
            • A
              artm1904 @stephenw10
              last edited by

              @stephenw10 said in VM access in LAN pfsense from home network:

              add the routes to the Orange Pi directly

              Okay, thanks for the idea. initially, I tried to add a path to the router itself, but I did not find such an opportunity. I'll try your idea tomorrow. Thanks for the quick replies, have a nice evening!)

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.