Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense as VM in vSphere and VLANs (VLAN Routing)

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      powerzumsel
      last edited by

      Hi
      I got pfsense 1.2.3 as VM Appliance and I want it to work as Firewall/Router within VLANs

      I am going to give several VMs in different VLANs the ability to connect to one PC (FTP)
      I want pfsense connected at a Trunk port of a vSwitch, to recieve all VLANs.
      The FTP will then be connected on a different interface and all VMs should have access to this FTP.

      TRUNK of vSwitch
         VLAN 10
         VLAN 20     –------>   pfsense  --------> FTP    
         VLAN 30
         VLAN 40

      Is this possible with pfsense? Is there any supporting guide?
      pfsense.PNG
      pfsense.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • M Offline
        Metu69salemi
        last edited by

        As long as devices can find out route to ftp, it should work

        1 Reply Last reply Reply Quote 0
        • P Offline
          powerzumsel
          last edited by

          How can it be done?

          I have tried for some time but I cannot (at first) get a ping connection between FTP and TestVM.
          On my pfsense VM I got 4 Nics
          em0 WAN                            - at the moment not used
          em1 LAN                            - just for web configuration
          em2 OPT1 named TRUNK        - is connected to Trunk port of vSwitch and so provide all VLANs
          em3 OPT2 named FTP (static) - FTP VM connected (static IP)

          For em2 I created new Virtual interface (vlan0  named V1000 with static IP) with same VLAN (ID 1000) where the TestVM is located in
          I Created Rules at FTP interface and V1000 interface to pass all ICMP trafic
          From FTP VM I can ping to FTP interface ip
          From TestVM I can ping to V1000 interface ip
          But cannot ping directly from TestVM (out of VLAN 1000) to FTP VM

          1 Reply Last reply Reply Quote 0
          • T Offline
            triskelion
            last edited by

            What rules do you have in place?
            Can you ping the pfsense interface from either host?
            Or access the web interface (port 80, 443) on either?

            I run a similar setup, only I don't trunk the pfsense box, I run multiple NICs into port groups on different VLANs which then extend to my physical switch.

            1 Reply Last reply Reply Quote 0
            • M Offline
              Metu69salemi
              last edited by

              Where the pinging stops?
              do you have entered all needed vlans?

              1 Reply Last reply Reply Quote 0
              • P Offline
                powerzumsel
                last edited by

                I think now it works.  ;D

                On TestVM I enter V1000 interface ip as gateway, same for FTP VM and FTP interface
                Then I created 2 rules for FTP interface
                Proto - Source - Port - Dest - Port - Gateway
                ICMP - FTP net - * - V1000 net - * - *
                ICMP - FTP net - * - FTP NET - * - *

                and 3 for V1000 interface
                ICMP - V1000 net - * -  FTP net - * - *
                ICMP - FTP net - * - V1000 net - * - *
                ICMP - V1000 net - * - V1000 net - * - *

                Now I can ping from TestVM (VLAN1000) to FTP VM

                Testet it also on second TestVM2 from VLAN1001 and it worked
                Thanks so far

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.