• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

VMachine behind Pfsense Rule

Virtualization
3
3
3.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mali
    last edited by Dec 1, 2009, 11:25 AM Dec 1, 2009, 10:40 AM

    I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic.
    (WAN) em0–-->vswitch0-----Pfsense
    (LAN)  em1---->vswitch1-----Pfsense

    VM1-----vswitch1
          VM2-----vswitch1
          VM3-----vswitch1
          VM4-----vswitch1

    I want to Protect my 4 Virtual Machines whcih are behind Pfsense.
    All 4 Virtual Machines having Public IP Address .

    Pfsense (Wan) ----- 202.61.42.15

    VM1 ---202.61.42.18
    VM2 ---202.61.42.19
    VM3 ---202.61.42.20
    VM4 ---202.61.42.21

    I want to protect these VM through Pfsense.

    I donot want NAT or Port Forwarding.

    Can any body help me in configuring or designing this.

    1 Reply Last reply Reply Quote 0
    • S
      santhony
      last edited by Dec 3, 2009, 12:05 PM

      sorry, that's a little beyond me right now…  I'm sure someone out there will know..

      I was just able to install pfsense on Virtual Box using one NIC and three VLAN's...

      Works Great!!

      1 Reply Last reply Reply Quote 0
      • S
        seanlee
        last edited by Feb 1, 2010, 10:26 PM

        @mali:

        I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic.
        (WAN) em0–-->vswitch0-----Pfsense
        (LAN)  em1---->vswitch1-----Pfsense

        VM1-----vswitch1
              VM2-----vswitch1
              VM3-----vswitch1
              VM4-----vswitch1

        I want to Protect my 4 Virtual Machines whcih are behind Pfsense.
        All 4 Virtual Machines having Public IP Address .

        Pfsense (Wan) ----- 202.61.42.15

        VM1 ---202.61.42.18
        VM2 ---202.61.42.19
        VM3 ---202.61.42.20
        VM4 ---202.61.42.21

        I want to protect these VM through Pfsense.

        I donot want NAT or Port Forwarding.

        Can any body help me in configuring or designing this.

        Not sure if you figured it out yet, but I will answer your question in case anyone else searches for this :)

        There are 2 scenarios:
        1: Using pfsense as a router/firewall with NAT (internal IP's behind pfsense)
        2: Using pfsense as a transparent firewall (external IP's behind pfsense)

        You are talking about scenario #2. For both scenarios, the VM and vSwitch configuration is actually the same. The exception of how you setup pfSense.

        First of all, you will need to configure pfsense as a transparent firewall, which includes bridging the LAN interface with the WAN. There is a good tutorial on how to do this located at http://pfsense.trendchiller.com/transparent_firewall.pdf

        On the ESX server you will need to create the following:
        vSwitch-1 (connected to a physical NIC)
        vSwitch-2 (not connected to any physical NIC)

        For vSwitch-1, connect the pfsense WAN interface
        For vSwitch-2, connect the pfsense LAN side interface

        Put all your VM's on vSwitch-2.

        You may need to configure the actual vSwitches to be in "Promiscuous Mode" - you do this inside ESX in the "Configuration" tab via the VI Client.

        Now add all your firewall rules accordingly. That's it!

        Hope this helps.

        -Sean

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.