Installing pfSense on virtualbox at home network.
-
Thanks for the answer but i was hoping for some technical detail. For example what settings do i need to make on my router in order to redirect packets to the firewall (gateway??? natting rules???). Also since the firewall is gonna be using my wirelless card were should it send the packets so i can receive them on the host pc (the Laptop's Lan card perhaps?)? Also tell me some things about gateways, natting rules, patting rules, to help me understand the terms better. I have a small knowledge however it is only theoretical.
Edit:
Ok let me keep my progress updated. I have created two interface for pfSense. A LAN and A WAN. The LAN will be used to connect to vm to the host and the WAN will connect the firewall to the router. i bridged the 2 interface using pfSense's web interface and i now have access to the internet from pfSense. How would i configure my host to pass traffic through pfSense and not directly. And how would i do that for the router? -
Setting it up as a bridge complicates things for you - I would advise that you don't do that until you're confident with the virtual environment.
Basic terms such as gateway etc are covered in basic networking guides and the pfSense documentation. This forum isn't the ideal place for learning the basics of how networks work. Indeed, I'd suggest that learning all of this in a virtual environment may make things harder for you.
If you've followed that entire guide you'd already have your networking correctly configured. That it isn't suggests you need to work through that guide again.
-
I support Cry Havok's advice. If you have a spare PC you could fairly easily install pfSense on it and configure without the complications of the virtual environment. Once you understand what you are working with a bit better it should be easier to deal with the complications of the virtual environment.
I have often found Wikipedia (http://en.wikipedia.org) a good source for explanation of technical terms.
Is there any more to your home network than the router and laptop?
-
No thats pretty much it a router and a laptop. I know things about gateways and firewalls settings but this is the first time i am trying to set up my sth like this myself. I have a question the adapter VirtualBox Host-Only Network which was created automatically connects the host to the vm ? I don't have a spare PC on my home so this is the only deployment i can follow.
-
Questions about how Virtual Box behaves may be best directed to their community.
That said, yes, Host-Only is direct connection between the host (your laptop) and the VM.
-
Here's what I think will work. Start with a fresh pfSense VirtualBox guest. Give it two Intel Pro/1000 MT Desktop NICs, one for WAN and one for LAN. In VirtualBox network setup, attach WAN to Bridged Adapter and LAN to Host-only Adapter. pfSense should grab an IP from your router for LAN, and your laptop should connect to WAN. I don't think that you'll need to mess with pfSense's default routing or firewall rules.
If that doesn't work, I'll try it here.
-
I don't have a lot of time to post right now, but I do have my pfsense running through Virtualbox with no problems whatsoever.
My setup is 2 physical interfaces in bridge mode using AMD PCNet-PCI II type. I've tried all four types and these work best. If the only computer to connect to pfsense is your laptop, then I don't see why your LAN interface can't be host only.
My modem is in bridge mode and and the WAN interface is set to PPPoE. I'm not sure if you can do this with your wireless router, but if you can then it will make things simpler as pfsense will perform NAT and will get your public IP address instead of an internal one from the router. If you don't use it this way, then I'm fairly sure you will want to disable the NAT on your router or you will NAT on NAT
This will also mean that your router will not be connected to the internet when pfsense is not running, but from your post, the laptop is the only thing connected to the internet so that shouldn't be an issue.
-
Sorry for the absence…i will try all of these things...hopefully it will be that simple. I will update this thread if i have any progress.
-
So i solved the issue i set as the default gateway of the vbox adapter the LAN interface of the firewall. I dont know why this worked. I can now access the Internet through the firewall. However i cannot access the router from my host(laptop) but I can access it from the vbox. I believe a Natting rule is required. By access the router i mean its web interface or even ping. Any help with that?
-
How about a diagram of your virtual network, showing the IP addresses and netmasks. It'll help us work out what may be going on.
-
I will try to make one tomorrow and post it. Got to go to sleep now. Working early tomorrow. Tx for the help so far.
-
So i solved the issue i set as the default gateway of the vbox adapter the LAN interface of the firewall. I dont know why this worked. I can now access the Internet through the firewall. However i cannot access the router from my host(laptop) but I can access it from the vbox. I believe a Natting rule is required. By access the router i mean its web interface or even ping. Any help with that?
In VirtualBox network setup, attach the pfSense LAN adapter to host-only. The host will then see the router through pfSense.
-
I know this is an old thread, but in case anyone else is looking for information on the topic I will add what I have experienced.
I ran pfSense in a VirtualBox VM for a couple of years with no problems and then it quit working. What I discovered recently was that two problems coincided. First, I had set up the host using bridging from bridg-utils and then used bridged adapters from the guest. This was overly complicated and I confess that I never fully understood the configuration that worked.
The second problem was that my ISP changed (quietly without notice) to limit my connection to only one IP at a time and set that IP on a different subnet than the DHCP server. This caused the host to grab the IP address on boot and then pfSense in the guest could not get one.
I believe globexgr is correct in the recommended configuration. That would be to set the host to grab the IP from the ISP and then do a "host-only" connection from the guest VM red interface to that host net.
Then I would do a bridged output from the Guest to a static IP on the host Green interface. Alternately the host "green" adapter could be set with another IP net address and the guest could host-only into that net.
All in all the best advice I have seen is Draw The Network Diagram including the virtual parts. That is what I intend to do before I dive back into the current firewall and see if the new setup solves both problems above.
One caution to all this, however, it is my understanding that if you use a pure bridged connection from Guest to Host then you bypass the Host TCP Stack. If your VM is a firewall that would be safer than using host-only. But everything I have read says that I am not able to do that because a bridged VM adapter cannot work on a "single IP" type connection like my ISP implemented :-(
Hope this is useful to someone.
