Pfsense + Windows 8.1 + Virtual Box

WisceBIat

@KOM:

Is this a lab or are you trying to run a firewall off of a Windows client OS?

Extremely unconventional setup of running PfSense in a VM on my Windows 8.1 Desktop, and this is not a lab.

The desktop has 2 NIC's. One is built into the motherboard and is used to connect wirelessly to the Internet through my RT-AC56R. The other was recently purchased off Ebay to serve as my firewall NIC because it has 2 ethernet ports built into it.

My local network looks like this now: Modem –-> RT-AC56R (DHCP, NAT, 192.168.1.0/24) ---> LAN
What I want to do is this : MODEM ----> Windows 8.1 running PfSense in Virtual Box ---> RT-AC56R (DHCP, NAT, 192.168.1.0/24)

KOM

Honestly, I have no idea why people keep wanting to do this.  Why not grab an El Cheapo PC from the nearest landfill and use that instead of hairpinning your connection through a virtual machine and exposing a Windows client directly to the Internet?

I also should have been more clear when I asked for network details.  What I was asking for are:

WAN IP address, subnet mask, gateway
LAN IP address, subnet mask
Client PC IP address, subnet mask

WisceBIat

My cheapo PC died a few months ago actually, and I just thought I would try things out like this for now. It's not ideal and would not be acceptable anywhere except for my home network.

Here is my WAN information given to me by the routing table in my router :

Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
96.21.125.1    *              255.255.255.255 UH    0      0        0 WAN
96.21.125.0    *              255.255.255.0  U    0      0        0 WAN
192.168.1.0    *              255.255.255.0  U    0      0        0 LAN
default        96.21.125.1    0.0.0.0        UG    0      0        0 WAN

LAN IP address, subnet mask: 192.168.1.0/24

Client PC IP address, subnet mask: My PC running Windows 8.1 and the Virtual Box VM: 192.168.1.69 - 255.255.255.0

KOM

OK, so WAN is 96.21.125.1.  Your LAN can't be .0 since that is reserved for the network address, so what is it's IP address (go to the console view in Virtualbox VM for pfSense and it will list the interfaces and their addresses).  I also forgot to ask you what you have set for your gateway on the Win8.1 box?

WisceBIat

Lan IP Address in Pfsense was giving me 192.168.1.1/24 and then I was able to login to the interface with that.

Here is a copy and paste from command prompt on my Windows 8.1 machine

Ethernet adapter Ethernet:

Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-V
  Physical Address. . . . . . . . . : BC-EE-7B-59-2D-EA
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::e010:d16c:407c:5c13%4(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : December 9, 2015 10:21:35 PM
  Lease Expires . . . . . . . . . . : December 11, 2015 10:21:35 AM
  Default Gateway . . . . . . . . . : 192.168.1.2
  DHCP Server . . . . . . . . . . . : 192.168.1.2
  DHCPv6 IAID . . . . . . . . . . . : 79490683
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9F-BD-5A-BC-EE-7B-59-2D-EA

DNS Servers . . . . . . . . . . . : 192.168.1.2
  NetBIOS over Tcpip. . . . . . . . : Enabled

KOM

Your Win81 client is set to use 192.168.1.2 for both gateway and DNS.  Do you have a router at that address handling DNS and acting as your gateway?  I suspect not, so you probably want to change that from .2 to .1 or your Win81 client won't have Internet access (I'm assuming you want pfSense to act as your general router/firewall?)

WisceBIat

@KOM:

Your Win81 client is set to use 192.168.1.2 for both gateway and DNS.  Do you have a router at that address handling DNS and acting as your gateway?

Yes, I do. It was initially 192.168.1.1, but I changed it to 192.168.1.2

I don't want pfsense to do anything except for inspect traffic. I want my router to do all that LAN stuff (DHCP, Nat, etc).

KOM

I don't want pfsense to do anything except for inspect traffic. I want my router to do all that LAN stuff (DHCP, Nat, etc).

This would have been good to know much earlier in this discussion.  I had assumed that you wanted pfSense as your router/firewall and you were going to use the Wifi router as an AP, which is the preferred way to do it instead of double-NAT.  I would recommend you rethink your approach and simplify it.

WisceBIat

Ok, I understand what you mean. I was more inclined to do the double NAT because I bought the router not too long ago and feel kind of sad not using it too it's fullest potential.

If I were to avoid double Nat then what would I have to do as setup?

KOM

While I have done a lot of work in both VMware and Virtualbox, I've never done this hack that you're trying to get going.  Change your Wifi router's mode to just be an access point.  I;m not sure at thuis point if you need a switch for the Wifi route or if you can plug it directly into your Win81 client LAN NIC.  It may work without a switch but a switch is cheap.  Then you need to change your Win81 client network settings so that it's pointing to pfSense LAN IP (192.168.1.1) for gateway and DNS.

WisceBIat

This is what I want to do, but I'm not sure to accomplish it, hence the question marks.

KOM

WAN is .3 now?  I thought it was .1…  Is your pfSense WAN set to DHCP or static, and what's its currently-assigned IP address??