Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense as VM in vSphere and VLANs (VLAN Routing)

    Firewalling
    3
    6
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      powerzumsel
      last edited by

      Hi
      I got pfsense 1.2.3 as VM Appliance and I want it to work as Firewall/Router within VLANs

      I am going to give several VMs in different VLANs the ability to connect to one PC (FTP)
      I want pfsense connected at a Trunk port of a vSwitch, to recieve all VLANs.
      The FTP will then be connected on a different interface and all VMs should have access to this FTP.

      TRUNK of vSwitch
         VLAN 10
         VLAN 20     –------>   pfsense  --------> FTP    
         VLAN 30
         VLAN 40

      Is this possible with pfsense? Is there any supporting guide?
      pfsense.PNG
      pfsense.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        As long as devices can find out route to ftp, it should work

        1 Reply Last reply Reply Quote 0
        • P
          powerzumsel
          last edited by

          How can it be done?

          I have tried for some time but I cannot (at first) get a ping connection between FTP and TestVM.
          On my pfsense VM I got 4 Nics
          em0 WAN                            - at the moment not used
          em1 LAN                            - just for web configuration
          em2 OPT1 named TRUNK        - is connected to Trunk port of vSwitch and so provide all VLANs
          em3 OPT2 named FTP (static) - FTP VM connected (static IP)

          For em2 I created new Virtual interface (vlan0  named V1000 with static IP) with same VLAN (ID 1000) where the TestVM is located in
          I Created Rules at FTP interface and V1000 interface to pass all ICMP trafic
          From FTP VM I can ping to FTP interface ip
          From TestVM I can ping to V1000 interface ip
          But cannot ping directly from TestVM (out of VLAN 1000) to FTP VM

          1 Reply Last reply Reply Quote 0
          • T
            triskelion
            last edited by

            What rules do you have in place?
            Can you ping the pfsense interface from either host?
            Or access the web interface (port 80, 443) on either?

            I run a similar setup, only I don't trunk the pfsense box, I run multiple NICs into port groups on different VLANs which then extend to my physical switch.

            1 Reply Last reply Reply Quote 0
            • M
              Metu69salemi
              last edited by

              Where the pinging stops?
              do you have entered all needed vlans?

              1 Reply Last reply Reply Quote 0
              • P
                powerzumsel
                last edited by

                I think now it works.  ;D

                On TestVM I enter V1000 interface ip as gateway, same for FTP VM and FTP interface
                Then I created 2 rules for FTP interface
                Proto - Source - Port - Dest - Port - Gateway
                ICMP - FTP net - * - V1000 net - * - *
                ICMP - FTP net - * - FTP NET - * - *

                and 3 for V1000 interface
                ICMP - V1000 net - * -  FTP net - * - *
                ICMP - FTP net - * - V1000 net - * - *
                ICMP - V1000 net - * - V1000 net - * - *

                Now I can ping from TestVM (VLAN1000) to FTP VM

                Testet it also on second TestVM2 from VLAN1001 and it worked
                Thanks so far

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.