• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense HVM domU: bridging help

Virtualization
2
2
3.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    black0ut
    last edited by Jun 5, 2010, 4:28 AM

    I've got pfsense2.0 running as an HVM domU with Debian as the dom0 on Xen4.0.  My hardware doesn't support PCI-passthrough, so I'm trying to make do with just bridging.  I have 4 physical NICs named wan, safe, unsafe, and wifi.

    I have a few problems with networking:

    1. I would like to dedicate wan to the pfsense domU.  It has to obviously pass through the dom0, but I read that since it is simply bridged, there is no security threat (?).  What I've done is create the bridge pfsense-wan from wan, which I then add to the xen cfg of the pfsense domU.  The problem is that pfsense is unable to receive a dhcp lease on the wan NIC.

    2. I would like the safe NIC to also be passed to the pfsense domU.  I've created a xen-safe bridge from safe, and passed that to the xen cfg.  I would also like the dom0 to be a DHCP client of the pfsense domU.  I found that the tapX.1 interface that xen creates when the domU is created can receive a DHCP lease, but I couldn't ping it from the gateway.

    Here is my /etc/network/interfaces on the dom0:

    # This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# 3Com 100Mbit PCI NIC (wan)
auto wan
iface wan inet manual

# Onboard Realtek Gigabit (safe)
auto safe
iface safe inet static
address 192.164.4.1 #this is the LAN ip in pfsense (and safe is the LAN NIC)
netmask 255.255.0.0

# DGE-530T Gigabit PCI NIC (unsafe)
auto unsafe
iface unsafe inet manual

# Atheros Wireless-G PCI NIC (wifi)
auto wifi
iface wifi inet manual

# Bridging for Xen

# bridging wan to pfsense domU
# no other interface has access to this bridge
auto pfsense-wan
iface pfsense-wan inet manual
        bridge_ports wan
        post-up /sbin/iptables -A INPUT -i wan -j DROP
        post-up /sbin/iptables -A INPUT -i pfsense-wan -j DROP

# bridging safe for use by xen
# more than one domU will be connected to this internal bridge
auto xen-safe
iface xen-safe inet manual
        bridge_ports safe

    and the relevant part of the xen cfg for the pfsense domU:

    
vif = [ 'bridge=pfsense-wan', 'bridge=xen-safe' ]

    If I can figure out these 2 NICs, I can figure out the other 2 on my own (I hope!)

    1 Reply Last reply Reply Quote 0
    • C
      cougarmaster
      last edited by Jun 6, 2010, 5:38 AM

      Hi black0ut,
          You can assign other names to the bridge under debian. What is the config file in you made for the network-bridge? My example is like this but for xen 3.3.2 :-

      #!/bin/sh
      dir=$(dirname "$0")
      "$dir/network-bridge" "$@" netdev=eth0
      "$dir/network-bridge" "$@" netdev=eth1
      "$dir/network-bridge" "$@" netdev=dummy0

      hope this helps
      Eric

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.