2012 Hyper-V with pfsense for VM's + local physical network
-
Hello!
I'm hoping to get some guidance here, as I'm stuck! I have pfsense up and running and another VM on the same system able to use the internet through it perfectly, but I can't figure out how to also be able to connect to the physical network for other devices to connect through pfsense to the internet.
I am putting together a home server + freenas setup, with the goal of all traffic having to go through pfsense.
I'm not using VLAN's at all.
Currently on the Hyper-V host I am running a win81 image + pfsense 2.2-RC (amd64) built on Jan 13, 2015
Hardware:
Hyper-V host that pfsense is running on:
Desktop PC with Intel based mobo w/i7 CPU & 12gb ram
Win Server 2012
Broadcom PCI-express 2 port gigabit NIC
Port 1 - connected to WAN
Port 2 - connected to 5 port gigabit switch (LAN)Separate physical PC running FreeNAS 9.3 connected to physical 5 port switch
Currently the VM for PFsense is configured with 3x network cards, Broadcom port 1 (external), broadcom port 2 (external), and an 'internal' one
Broadcom port 1 is assigned as WAN in pfsense
Internal is assigned as LAN (192.168.0.1/24)
Broadcom port 2 is assigned as LAN2 (192.168.0.2/24)I have an DHCP server setup on both LAN and LAN2, serving 192.168.0.10-49 on LAN, and 192.168.0.50-99 on LAN2
On the firewall rules I duplicated the rules from LAN for LAN2 (ipv4 + ipv6 source LAN2 net to anything allowed)
The Physical PC (freeNAS) connected to the switch is being assigned an IP - 192.168.0.52 (yay!) but not able to ping anything, and I can't ping or access it from the win81 VM on the hyper-v host (192.168.0.5 static mapping).
I tried following some other posts here on setting up bridges or interface groups, and both just seem to break everything. Luckily I took a snapshot in hyper-v of the basic functional config :)
-
Additionally, if this seems to be a limitation of hyper-v as the VM host please post! I'm open to moving this config over to something else like esxi/xenserver/etc if that's what it takes.
-
1. Change your addressing so that your LANs don't overlap. LAN1 = 192.168.0.0/24, LAN2 = 192.168.1.0/24.
2. Make sure that you have firewall rules that allow the LANs to talk to each other. By default, LAN has an Allow All rule, but OPT1 does not. You have to add it yourself.
-
Had #2, but #1 fixed it.
Thanks!