RDP to host server running PFsense on vmware causes a problem
-
So pfsense is routing traffic between these networks 192.168.2 and 192.168.10? Are they same network your using /16 mask?
-
Basically. 192.168.2.is.my.host's.IP, and is natted by vmware as wan interface for my pfsense. Pfsense LAN is the 192.168.10.segment
-
"192.168.2.is.my.host's.IP" You mean that is pfsense WAN IP? You would have a different IP in that same network for your vmkern..
Please draw your network.. My pfsense is on esxi, I have multiple wired and wireless segments and don't have any issues what so ever rdp between segments..
-
Basically. 192.168.2.is.my.host's.IP, and is natted by vmware as wan interface for my pfsense. YES that is my pfsense wan ip…
windows machine---> pfsense ----------->client pc with ip 192.168.10.97given by pfsense
192.168.2.2 wan is 192.168.2.2, lan is 192.168.10.1 -
2 devices can not have the same ip, not even in the VM world.
-
yeah how is that suppose to work?? windows machine 192.168.2.2 and pfsense 192.168.2.2 ????
-
im sorry… what i mean is, my host ip is 192.168.2.2 and is assigned by my dhcp server (router connected to my modem), then it is NATted to my vm pfsense with wan ip 192.168.2.4 and a lan ip of 192.168.10.1/24
im really sorry i wasnt thinking straight last time. here it is again
isp/ router--------Host pc--------->(vm) pfsense------------------>client pc
192.168.2.2 192.168.2.4 192.168.10.97what i did was, using the client pc, i RDP into my host pc (192.18.2.2)
-
So that VM is running on pfsense player? So your client machine and and host pc are on the same dumb switch and pfsense lan interface is also on the same dumb switch so you hvae a loop?
"then it is NATted to my vm pfsense with wan ip 192.168.2.4"
What is natted? Sure looks like 192.168.2.2 192.168.2.4 would be on the same NETWORK..Please draw your physical connections..
Yes client machine running through pfsense out of the box would be nattted to that 192.168.2.4 wan IP of pfsense.
-
i thot people would understand me right away so i'll try to draw it as good as i can…
__________
__________ __________ l dumb l
l l l wireless l-------------l switch l>>>>>>>> to other pc's
lISP modem l------- l l l__________l
l_________l l router l _______________
l_________-l-------- l host pc l
Lan:192.168.2.8 l____l lan:192.168.2.2 l
l l
l pfsense on l _________
l VMWARE l l bridged l WIFI
lnat:192.168.2.4 l----------l router l>>>>>>>>>>client pc with ip: 192.168.10.97
llan:192.168.10.1 l l_________l
l______________lSo i have internet on the client pc, after i log in to the captive portal. what i wanted to do was to allow that client windows pc constant access without having to go thru the portal so i tried to RDP to the Host pc, 192.168.2.2. expecting that once i get in, ill just open the broser and access my pfsense t allow the client's mac .
-
So your host pc does not have any bindings to that 2nd nic you have connected to your bridged router.. Your sure its bridged, so your just using a wifi router as AP? You have it connected to your host pc 2nd nic with one of its lan ports and have its dhcp turned off.
Or does your 2nd nic have an IP in the 192.168.10 network as well? How exactly do you have that bridged router connected to your host pc?
So what are the connections in vmware player to those nics in your host pc, are they bridged or natted? Normally vmware player tries to use natted connections where it creates its own networks.
If you don't want your wifi clients using the captive portal, then turn it off. Or setup you client pc with mac passthru on the captive portal, etc.
-
dude i don't mean to offend or what. but i dont know if you are actually reading my post or my english is that bad. ???
anyway my host has an ip of 192.168.2.2, pfsense is natted thru vmware, so it has a wan ip of 192.168.2.4,i configured its lan ip to 192.168.10.1/24, my bridged router of course has its DCHP turned off. pfsense hands out the right ip's, i can actually log in to its captive portal and browse the internet. the problem is when i RDP to my host. using the pc that is a client of pfsense so it has an ip of 192.168.10.97.
-
"anyway my host has an ip of 192.168.2.2, pfsense is natted thru vmware, so it has a wan ip of 192.168.2.4"
How do you expect that to work exactly if there is a NAT?? You can not put same network on both sides of a NAT
What version of player/workstation are you running.. I don't believe current versions of player allow you to edit the vmnets - but you can still pick between nat and bridged. See attached image
So here is the thing if you want pfsense wan to be same network as your normal network 192.168.2.0/24 then the nic in vmware player/workstation needs to be bridged to your interface on you host machine that is connected to this network.
Now how exactly is this 192.168.10 network attached to your host machine??? This is another virtual nic in your pfsense VM.. What are the settings on that nic.. What physical nic is it attached too, or is it also Natted?
How you would normally set this up is your host would have 2 physical nics.. Your pfsense vm wan nic would be bridged to the physical nic that is connected to a network that has internet access. Now your host machine can either have binding to this nic and IP on this interface.
Or it can have its binding and connection to the hosts 2nd nic and also bridged to the physical network.. This puts the HOST behind pfsense for internet access on pfsense LAN. But if your going to have the host in front of pfsense on its WAN network then there should be NO binding on the 2nd host nic for anything other than the vmware bridging protocol – see 2nd image
If you host has connections in both of your networks both 192.168.2 and 192.168.10 and your trying to connect to its 192.168.2.2 address from a box on connected to its 192.168.10 network.. Your going to have issues.. So it answers you back from its other interface and you have what amounts to a asymmetrical routing issue
Please post up your vmware settings for your pfsense VM like my first pic. Exactly what vmware product are you using player/workstation 10,11,12 ?? And please validate what physical nics your stuff is connected to on your HOST PC.. And an ipconfig /all from your host pc wouldn't hurt either.
