Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VMachine behind Pfsense Rule

    Virtualization
    3
    3
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mali
      last edited by

      I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic.
      (WAN) em0–-->vswitch0-----Pfsense
      (LAN)  em1---->vswitch1-----Pfsense

      VM1-----vswitch1
            VM2-----vswitch1
            VM3-----vswitch1
            VM4-----vswitch1

      I want to Protect my 4 Virtual Machines whcih are behind Pfsense.
      All 4 Virtual Machines having Public IP Address .

      Pfsense (Wan) ----- 202.61.42.15

      VM1 ---202.61.42.18
      VM2 ---202.61.42.19
      VM3 ---202.61.42.20
      VM4 ---202.61.42.21

      I want to protect these VM through Pfsense.

      I donot want NAT or Port Forwarding.

      Can any body help me in configuring or designing this.

      1 Reply Last reply Reply Quote 0
      • S
        santhony
        last edited by

        sorry, that's a little beyond me right now…  I'm sure someone out there will know..

        I was just able to install pfsense on Virtual Box using one NIC and three VLAN's...

        Works Great!!

        1 Reply Last reply Reply Quote 0
        • S
          seanlee
          last edited by

          @mali:

          I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic.
          (WAN) em0–-->vswitch0-----Pfsense
          (LAN)  em1---->vswitch1-----Pfsense

          VM1-----vswitch1
                VM2-----vswitch1
                VM3-----vswitch1
                VM4-----vswitch1

          I want to Protect my 4 Virtual Machines whcih are behind Pfsense.
          All 4 Virtual Machines having Public IP Address .

          Pfsense (Wan) ----- 202.61.42.15

          VM1 ---202.61.42.18
          VM2 ---202.61.42.19
          VM3 ---202.61.42.20
          VM4 ---202.61.42.21

          I want to protect these VM through Pfsense.

          I donot want NAT or Port Forwarding.

          Can any body help me in configuring or designing this.

          Not sure if you figured it out yet, but I will answer your question in case anyone else searches for this :)

          There are 2 scenarios:
          1: Using pfsense as a router/firewall with NAT (internal IP's behind pfsense)
          2: Using pfsense as a transparent firewall (external IP's behind pfsense)

          You are talking about scenario #2. For both scenarios, the VM and vSwitch configuration is actually the same. The exception of how you setup pfSense.

          First of all, you will need to configure pfsense as a transparent firewall, which includes bridging the LAN interface with the WAN. There is a good tutorial on how to do this located at http://pfsense.trendchiller.com/transparent_firewall.pdf

          On the ESX server you will need to create the following:
          vSwitch-1 (connected to a physical NIC)
          vSwitch-2 (not connected to any physical NIC)

          For vSwitch-1, connect the pfsense WAN interface
          For vSwitch-2, connect the pfsense LAN side interface

          Put all your VM's on vSwitch-2.

          You may need to configure the actual vSwitches to be in "Promiscuous Mode" - you do this inside ESX in the "Configuration" tab via the VI Client.

          Now add all your firewall rules accordingly. That's it!

          Hope this helps.

          -Sean

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.