Basic functions of fresh install (vm)
-
So I am a noob to this which may become abundantly clear.
Please bear that in mind that you may be fluent in what these settings should be, this is my first time.I am trying to complete a course which sets up a basic VM Network between 2 servers, a Win10 machine, Ubuntu machine which are all on a private network and the PFSense is shown both networks and thus bridges the gap between the two networks and allows the other machines to access the net and also to configure PFSense via their browser.
So, I installed the machines on Hyper-V and had an issue with the Default switch conflict, wasted a day getting this to work and after reboot it didn't anymore so I made the switch to Virtualbox and recreated the machines as they would not import.
On the instructions and video for the lab on the course none of the machines are allocated a static IP address, pointed to a default gateway or dns address. They are all vanilla.
After creating the machines PFSense is installed and the networks added to the machine are External (definitely working, can access the web from other machines and can ping google) and Internal network, (all machines using the same Network name).
Other than telling PFSense which network is Wan and which is Lan there is no other setup of PFSense, I am able to ping google so this would be the correct choices for Wan and Lan.On the course you are then to go to windows 10 which now has an internet connection (MINE DOES NOT) and then go to 192.168.1.1 to configure PFSense (CANNOT REACH SITE).
If I turn off the firewall on the windows 10 machine then I am able to ping it from another vm but unable to ping it from PFSense (not even sure if I should be able to?).
There seems to be an issue with the PFSense doing what i'm expecting it to do 'OOTB'
Google comes up with various things such as setting static ip's and turning on dhcp on internal network via the host CMD prompt to enable the vm's ping each other.
The only bit of useful information I found was initially I was unable to ping google from PFSense and that was due to needing to use a specific network adapter option in virtualbox.The FREE course is here There is a downloadable .PDF in the course notes which will be quicker to scroll through than watch the video.
I'd appreciate some input as to why this doesn't work as per the lab video course and how to make this work as it should.
It could be a known Virtualbox issue or setting that i'm not aware of?
Thanks
-
For virtual lab installs, you want to create your pfSense with a bridged adapter for WAN and an internal one (intnet, for virtualbox) for LAN. Install pfSense first. Put your client VMs on intnet and they should see pfSense. That course takes forever to get to installing DHCP on the DC, so plan out your LAN beforehand and then give your Win10 client a static IP address, mask, gateway and DNS that will allow it to talk to pfSense LAN address. Then you can configure pfSense. Later, when you have configured DHCP on the DC, you can revert your Win10 client back to DHCP.
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
https://www.youtube.com/watch?v=bU_OYWzjJms
-
What IP address does the Windows 10 VM have?
Is it set to pull an IP from pfSense via DHCP?
If so and it is not then the Windows10 VM and the pfSense LAN interface are probably not in the same virtual network segment.
Steve
-
Thanks for your replies guys,
PFSense adapter 1 is set as a Bridged adapter with the wireless card (working, I can ping 8.8.8.8 from PFSense and access the web when using this on all the other machines)
Windows 10 machine (I assume you mean the vm version) has an Apipa address of 169.254.. prior to running PFSense as expected and then changes to 192.168.1.102 gateway shows as 192.168.1.1 (plucking from memory as it's not turned on at the moment, matches PFSense lan address) I think DNS shows as the same.
Is it set to pull an IP from pfSense via DHCP?
I have not made any changes to anything, when I run PFSense the windows 10 machine registers the new network and asks if it is a private / public network and seemingly it sees it as changes the IP address. -
If the Windows 10 VM is pulling an IP fro pfSense in the LAN subnet it should be able to connect to the pfSense webgui.
If it's not using the default pfSense LAN you would need to add firewall rules to allow it.
You have a diagram of how you think these things are connected?
Steve
-
@stephenw10 said in Basic functions of fresh install (vm):
If the Windows 10 VM is pulling an IP fro pfSense in the LAN subnet it should be able to connect to the pfSense webgui.
If it's not using the default pfSense LAN you would need to add firewall rules to allow it.
You have a diagram of how you think these things are connected?
Steve
Hi Steve,
Here is a screenshot of the .PDf guide 'map'
Please not that i think this is the 'end product' map.
Although in this guide, no static IP addresses, gateway or dns settings are manually set.
They are all automatically assigned.Is it possible that my home router still running at 192.168.1.254 may be a conflict issue?
Thanks
-
Yes, if the pfSense VM WAN is bridged so it gets an IP in the same subnet.
You cannot have to same subnet on WAN and LAN. Change one of them.
Steve
-
Thanks Steve, not long had the router so was meaning to change it from default.
I shall report back later.... :) -
Damn, thought i might've been onto something then :(
Settings on my Plusnet router:
-
Yeah if the upstream device is using 192.168.1.254/24 on it's LAN pfSense cannot use it's default IP, 192.168.1.1/24.
Change the pfSense LAN subnet to something else. 192.168.100.1/24 for example.
Steve
-
I don’t have an option to change settings on my home router.
So because it has claimed 192.168.1.254 that’s what’s caused my issue?I will try changing it on pfsense when I get home from work.
-
@Dewitts68 said in Basic functions of fresh install (vm):
So because it has claimed 192.168.1.254 that’s what’s caused my issue?
Yes. 192.168.1.254 and 192.168.1.1 are inside the same /24 subnet. You can't have the same subnet on two interfaces in pfSense (or any router).
Steve
-
Well.... it’s alive!!!
Switched my lan to 10.10.10.1
I guessed the other settings, I would have consulted some tutorial if I couldn’t wing it.Appreciate your help Stephen.
Maybe this can be added to an FAQ post made as a sticky topic for us noobs? -
Noobs don't read those things ;)
If you think you can have wan and lan on the same network - you shouldn't be touching a router/firewall in the first place to be honest.
That is like the warning on your coffee that says its hot ;)
Do not put your penis in the paper shredder ;)Is this sort of info really needed to be stated?
-
-
I'm not sure, I think @johnpoz may have been certified in the womb!
But, yes, basic info should be documented and it is:
https://docs.netgate.com/pfsense/en/latest/book/config/index.htmlIf the default LAN subnet conflicts with the WAN subnet, the LAN subnet must be changed before connecting it to the rest of the network.
Also well worth reading is this:
https://docs.netgate.com/pfsense/en/latest/book/network/index.htmlLoads of good info there if you are just learning about routers etc.
Steve
-
No all of my info is learned, just like everyone else - my point is its sub 100 level info..
If you understand what an IP address is an and a network and what a router is - how do you think you can have the same network on 2 different interfaces and route between them..
Just like I don't have to tell you not to put your freaking dick in a shredder.. Did you read a doc that told you not to do that - or is is common sense ;)
Or that when you order a "coffee" that its going to be freaking hot.. JFC!! If you are to the point that you have figured out that you want to run your own router distro you should understand that you can not route between 2 networks that are the same..
I am more than happy to explain basic info to you - do you want to start at the basics of what an IP is.. My point was that anyone that has gotten to the level that they have want to run their own routing distro should know these basics - shouldn't have to be spelled out in a FAQ that you can not route between 2 networks that are the same ;)
When you get to kindergarten they expect you to know some basics.. Same should go for when you attempt to download a routing distro and route and firewall with it.. You should know what a firewall does, and what a router does - etc.. They expect you to know your ABCs when you get to kindergarten ;)
Do we need to teach you that B is after A?