Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Create a DMZ in VirtualBox using two pf Sense instences

    Scheduled Pinned Locked Moved Documentation
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mayfair_50
      last edited by

      Hi all,
      I am trying to create a DMZ in VirtualBox using two instences of pf Sence. The problem I am having is two fold

      1: I cant get my internal pf to speak with my external pf.
      2: I cant get my internal LAN traffic to see my internal pf  WAN interface or external pf sence interfaces.

      My setup:

      External pfSense
      Adapter 1 is bridged to host NIC in VirtualBox this is WAN port (DHCP) ip: 10...*
      Adapter 2 is set to Internal in VirtualBox network name DMZ ip:192.168.20.1
      Internal pfSense
      Adapter 1 is set to Internal in VirtualBox network name DMZ ip:192.168.20.2 WAN in pf
      Adapter 2 is set to Internal in VirtualBox network name testnet ip:192.168.1.1 LAN in pf

      I can ping 192.168.20.1 from internal pfSense but cant ping the other way.
      I cant configure the external pfSense via brose because I cant ping/ reach it. 
      Both pfsense are running on freebsd

      I would like the 192.168.20 network to be my dmz. My goal is to put some other servers like snort in this network.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Without commenting on the architecture and reasons for it, your problem will be that Internal pfSense WAN will block traffic originating from outside it (i.e. trying to ping from external back to 192.168.20.2).
        At the VM console of Internal pfSense you can use the developer shell and enableallowallwan (its called something like that). Then you can get into the webGUI from upstream of WAN and sort out a more restricted set of rules for access to the Internal pfSense webGUI from upstream.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.