Pfsense Install & Configuration Esx Server

mali · Nov 16, 2009, 5:00 PM

Hi,

I am new bie to Pfsense. I have ESX Server 4 (vsphere) having 2 NIC .
Right Now only 1 NIC is connected to Internet and having PUBLIC IP say
202.33.44.2
I want to secure Virtual Machine running on it.
What should i know to configure PFsense on ESX Server(Vsphere).

Is there any tutorial or recommendation for it.

Regards,
mali

heitor.lessa · Nov 20, 2009, 10:47 AM

HI there,

Actually I´m using pfsense under VMware ESXi with 2 nic*, both internal network and works fine.

What kind doubt do you have exactly?

How to configure 2 nic on pfsense under ESXi?

First you need to know what nic is from internet (public address), on this case will be WAN nic
Second you need to adjust one more nic on "Configuration" –> "Networking" on VMware to add your LAN nic.

To install choose what nic is WAN e what nic is LAN.. for example:

em0 -> LAN
em1 -> WAN

About security, pfsense uses pf firewall and you´ll need to know how to configure policies, rules, nat. But this ... deppends of you.

Anyway, I´m here for any questions about installation and configure under ESX.

Regards.
Heitor Lessa

mali · Nov 20, 2009, 4:12 PM

First of all i THANKS for your reply.

I have 2 Virtual Machine on Vmware ESXi and i want to protect it from Pfsense.

I have installed Pfsense on Vmware ESXi with One Physical NIC.

I have assigned em0 to LAN & em1 to WAN Interface.

em0–--> Vswitch0 ----LAN Interface. (202.33.44.2)

em1----> Vswitch0 ----WAN Interface.(202.33.44.3).

These are my concern.

How can i access WebGUI on WAN Interface ?
Can i used Public IP Address on Lan Interface ?

My Virtual Machine is also on Public Ip (202.33.44.4) which i want to protect from Pfsense.

Regards,
mali

heitor.lessa · Nov 21, 2009, 12:41 AM

Well,

I have 4 VM under ESXi, but my environment is totally different of yours.

Anyway, answer some questions.

How can i access WebGUI on WAN Interface ?
Yes, it´s possible, for this propose you need to uncheck box "Block Private Addres" IF you need to access from your LAN, IF ELSE you just need allow port 80 on firewall rules or OTHER IF you change the WebGUI port, sure.

Can i used Public IP Address on Lan Interface ?
In LAN Interfaces you configure private ip address and not Public address ^^, until you can, but isn´t a best practice in security relation and standards.

Try not use just one NIC for pfsense firewall, use 2 nic and configure it on Networking as Virtual Switch and assign on pfsense, if not you can have a bottleneck.

About protect your other server, you REALLY need to configure public address in your other server?
You can configure an internal address and put gateway for your firewall (pfsense), and to access any service in this server, you can redirect traffic using NAT.

But this, I still not try this feature on pfsense, it´s better you ask in Firewalling topic.

Regards.
H

mali · Nov 23, 2009, 10:28 AM

Thank you so much for this support.

I have added you on my MSN.

I am using one Physical Nic and two two logical NIC which connected to Virutal Switch.
I am able to connect WebGui on Wan Interface and ping it perfectly.

Now my major concern is that My Virtual Machine is on Public IP Address and i want to protect it from
Pfsense which is sitted infornt of my Virtual Machine.

For this what i have to do.

Can you share me your environment with Two Physical Nic.

Regards,
mali

heitor.lessa · Nov 25, 2009, 1:09 PM

You´re Welcome.

I still not received your ack for MSN.

But if you wanna add me on Skype is -> heitor.flessa

How I said, you may ask for firewalling topic for pfsense expert, but I throught that is not possible if you don´t redirect to pfsense gateway.

Sure I can.

We talk on MSN or skype.

Regards,
Heitor Lessa

EddieA · Dec 22, 2009, 11:12 PM

Here's how to set up your VMs on ESXi with 2 NICs. As they say, a picture is worth a thousand words:

Cheers.

kdoswald · Dec 23, 2009, 9:51 PM

You're wording is confusing me on this one. Protect the vm from pfsense? Do you mean protect the vm from outside using pfsense?

I use pfsense under esxi similar to other post. But have 3 virtual nics and two real ones.

Vswitch0 is local network
vswitch1 is my FIOS connection/Wan
vswitch2 is virtual for DMZ.

Pfsense setup
Lan - le0 (vswitch0)
wam - le1 (vswitch1)
OPT2 - le2 (vswitch2) (DMZ)
OPT3 - Tun0 (openvpn to connect to lan from outside)
OPT4 - tun1 (openvpn connection to office for work)

I would think if you want to protect those other machines with pfsense. Option would be port forward or 1:1 nat

Do these machines need to have public ip? I just redirect ports to my web server and other things mainly to DMZ on inside.

tractng · Feb 25, 2010, 7:15 PM

@EddieA:

Here's how to set up your VMs on ESXi with 2 NICs. As they say, a picture is worth a thousand words:

Cheers.

I like the setup. I am going to setup like yours :).

One NIC going to the WAN port of the FIOS router. The other NIC for internal connections with VMs.

tnt