Need help in taking pfSense for test drive in VirtualBox

securityconcerned

I have good reasons to believe my computer is infected with viruses, and these perpetrators also seem to be on my network at various times. So I was thinking of putting a pfSense firewall on my network. I got an old Core 2 Duo for pfSense system. I'm in the process of buying other parts.

Before I set it up on a dedicated system, I wanted to take pfSense for a test drive in VirtualBox, I downloaded the latest pfSense from it's website. I created a virtual machine with two network cards, one in bridged mode connected to my host's WiFi adapter(WAN), and another in host-only mode(VirtualBox LAN). The pfSense machine is able to get IP's from my main network and VB's LAN network but I'm unable to access web interface of pfSense from my host.

Other virtual machine is able to access pfSense's web interface when their networks are set to host-only mode. But they are not getting internet access.

What am I doing wrong? How can I correct this?

On my network how many NICs would I need? Motherboard will have 1 Ethernet port, I'm planning on adding another NIC with 1 port. Will this be sufficient for my needs? Will 1 pfSense system be able to hand two WANs? How many NIC's would I need. My motherboard only has 1 1x PCI slot, if I buy a 2 port NIC, will it be sufficient to connect two WANs?

ebedtang

@securityconcerned
Try to use one bridge adapter to ethernet, one Nat and one host only. Mine is working with that setup in virtualbox. Actually host adapter is not needed, if you don't want your vm to communicate with host.

But i still can not set it up that way on kvm.

Gertjan

@securityconcerned said in Need help in taking pfSense for test drive in VirtualBox:

my computer is infected with viruses, and these perpetrators also seem to be on my network at various times. So I was thinking of putting a pfSense firewall on my network.

Look outside. We are in the year 2020.
Most, if not all processes communicate with each other using something like TLS.
This is even more valid if these processes have sensible information to hide, like, for example, viruses.
So, never ever pfSense can find out what is coming in and out of your network **.

There is only one way out. Stop downloading any executables, probably even pay-ware, free ware for sure.
Remember : if there is no price (no $) then the product is YOU.
There are two major solutions for this. Stop clicking. And your done. This will even save your mouse buttons.
Far less better, but it might work : check out all the videos from, for example, https://www.youtube.com/user/ThePCSecurity - you'll see an relatively up to date tests among 'the best' which you will re qualify as the "most commercial known". And again, if you pay nothing, you will have the quality worth you paid for. Knowing that 0 / "something" is .... known as zero.

It's not very hard to learn where to look for when it comes to viruses and family. And when done, no more need to use anti-virus scanners and stuff like that (I'm using none).

Don't get me wrong, but I concerned about your concept of security ;)

** actually, I should say : pfSense could do some inspection work for you. The real issue is : a huge knowledge about SSL/TLS, certificates, proxies will be needed. People that can pull this one of .... never do so because they do not have the need for it : these guys saw a virus somewhere in the last decade, the day they were learning.
An exception to the rule might be an email server, something like postfix, which doesn't belong at all on a device that is a firewall router like pfSense. This kind of server unpacks your mail, and stores them in clear text, which makes scanning possible before the user can see and/or download it into the mail client.
There is no such solution as "install XYZ ito pfSense, set this and ckick there" and all my traffic is scanned, and blocked if needed.