Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to set up virtualized pfsense behind ddwrt

    Scheduled Pinned Locked Moved Virtualization
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theonlyjg61
      last edited by

      Basically I am trying to accomplish the following goals:

      • Set up a segregated network behind my pfsense that is logically separate from my main internal network.

      • Have WAN traffic passed from my ddwrt router to the pfsense so I can run snort, pfBlocker, etc and block malicious traffic to/from the network behind my pfsense

      • Not interfere or act with the connectivity of any devices not behind my pfsense.

      I want a wireless network that routes directly through my ddwrt router to the internet on a 192.168.x.x network. The wireless network will be served DHCP from the ddwrt. I want a separate network behind my virtualized pfsense box (running on esxi) that serves DHCP only to hosts behind the LAN interface on pfsense in the 10.0.0.X range. My ESXi server has 3 NICs all have their own virtual switch. One is acting as the WAN port for my virtual pfsense, one is the MGMT port for esx that is connected to my ddwrt router, and one is my LAN port that is connected to all of my VMs (including pfsense) via a virtual switch, as well as a physical switch connected to my desktop.

      I have an ISP supplied modem with one port, and as far as I know I get one dynamic IP from my ISP through DHCP. Basically what I want to do is create a separate network behind my pfsense box that can still see WAN traffic. I don't want my pfsense to interfere with (or even see) any traffic on devices connected through my wireless network. So far I have not been successful at this and my pfSense box is still seeing/acting on other 192.168.x.x traffic in my network. I have put the WAN IP of my pfsense box (192.168.1.111) in the DMZ mode of the ddwrt. I was hoping that might pass the external WAN Ip to this interface (I used to do this with an old ATT router) but no luck…

      I have attached a picture showing my current network layout. Is there anything I am doing incorrectly or any other setup I could do that would work better for my goals?
      12.PNG
      12.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Looks ok to me.

        1 Reply Last reply Reply Quote 0
        • T
          theonlyjg61
          last edited by

          That's what I thought too when I was drawing it out, but for some reason I am seeing request on the WAN port of my firewall from clients on my 192.168 network, and my firewall is blocking traffic from those devices.

          I'm thinking DDWRT's DMZ mode might not be what I think it is…I'll have to do some more research. I was really hoping to be able to set up SNORT on my WAN IP to detect external scans, etc.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            pfSense WAN is set to block private address space by default.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.