Help on how to setup pfsense as a wireless AP/FW/router in virtual box
-
Hi kejianshi,
Thanks again for this. This full size computer used to be my linux server for printing, mail, ftp, ldap, simple routing (as a dual stack (IPv6/IPV4) router connected with a switch), web, cloud storage and media center but I re-purposed it in favor of a lower power mini ITX setup. So I am really just experimenting and trying to push things a bit of how far things can go.
I wanted to pursue this route because I felt it is a flexible/easily scalable implementation. I used to have routers running DD-WRT and hacked them to do all/some of the above but I ended up with many special purpose network devices and it became very cumbersome to manage. It also became more expensive from a hardware and learning point of view as I found myself having to learn many different slightly different systems. Performance also suffered because none of these boxes can give me real time data encryption quite like a current generation desktop cpu running say linux when moving large files through SATA or USB3.0 connected hard drives.
As such, I want to replace as many physical devices using VMs as possible. I understand keeping pfsense (router) separate is superior because my network will not go down along with my computer but at this point I am willing to make the trade off. The VMs make it very easy to backup and restore.
Back on topic, to answer your question, I intend to connect less than 10 devices (including TVs, game consoles, etc) to this setup, if I get it to work without breaking things too much.
I feel I am getting quite close. pfsense is already talking to the two physical NICs and the virtual network. The problem really is with wlan0 which is "translated" by virtualbox as just another wired NIC to pfsense, and pfsense has already managed to assign IPs to machines that are connected to this interface (bridged or unbridged). I feel that I am just missing something obvious to get internet working due to inexperience… haha.. As I have time, I will continue to experiment with it and try to learn a bit more about virtual machines and pfsense.
Failing everything, one option is to buy a simple wireless switch to connect to my LAN facing NIC. I need to get more ports anyway. I will also look at v-sphere. I know nothing about it at this point.
BTW, would you have any good suggestions if I want to learn how to analyze and trouble shoot network problems as a beginner? Should I learn how to analyze packets to trouble shoot things such as this?
-
Ohhhh.
Ummmmm…. Google? -
"I will also look at v-sphere."
So this box id going to be your VM host? Then yeah I would run esxi (vsphere) over virtualbox for sure!!
As to your wifi issue - just get a wireless router and use it as AP, any wireless router will do… Don't you have one laying around? What did you do for your router before?
I run my whole network off a VM pfsense on esxi box.. Router on vm for your physical network works great, there is little reason not to do it if you ask me.. And would be the 1st thing I would visualize not the last ;)
The LAN nic on my isxi host is connected to my physical switches, and both real and vms have access to the internet through pfsense vm. I also have wlan on its own segment where pfsense is firewall between wlan segment and lan and internet and even a dmz segment that is vm access only through pfsense.
-
Minus the difference of opinion about virtual vs physical firewall, if you are already running pfsense in vsphere to manage both virtual and physical clients, you would probably be the perfect person to walk hching through it.
I MIGHT even consider doing it at 1 location because no one is there to fix anything if something should break so I do have an interest in running the least amount of hardware possible. (Its the middle of nowhere)
-
Sure happy to walk you through it
Here is a basic diagram of how it would be setup in the most basic mode - 2 nics in your physical host. 1 to your internet (wan) other to physical lan (lan).
You could clearly get fancier with it - break out your vmkern port group to its own phy nic. More nics in the host could allow you to breakout your wlan to its own physical segment, dmz or other firewalled segments.
Or you could also use vlans to run your different segments between vm and phy over just 1 physical nic. Inside the host you could add as many vswitches or portgroups to breakout vlans, etc.
Other pic is my current vswitches in my esxi host. See how pfsense is tied to wan, lan, wlan and dmz.
-
So much more sane than virtual box.
-
Virtualbox is more for running a VM on your PC to test something, etc. I would not use it for setup like this. Its great if you want to fire up another copy of windows or linux to test something or run some questionable code or visit a questionable site, etc.
You could set it up to work sure - but its much easier in something like esxi, which is FREE as well.
-
I do plan to set up pretty much exactly what you have laid out here in at least one place. Eventually. Perhaps after a stable release of 2.1 when I will be forced to visit that place again.
-
Oh so your waiting for 2.1 to release before you setup the VM environment.
Not sure what sort of access you have to this location. But if make sure you can access the esxi host.. You could set it up now and then just update to 2.1 final.. If any issues you could correct remotely, etc.
-
No physical access except by long plane ride.
