pfsense vm no traffic on lan for other VMs

viragomann

@assadj said in pfsense vm no traffic on lan for other VMs:

i thought it may cause problems as i was having an issue trying to join a vm to domain but it couldnt llocate the dc

That's exactly the point.
For a separated home lab, the NAT should be no problem. But if you want your VMs behind the virtualized pfSense to talk with your LAN, you need another setup. In this case you should set up a transit network between you physical and virtualized pfSense, separated from your LAN. This could be a VLAN using the same Hardware as your LAN. Then you have to add a static route to the phys pfSense for the network behind the virtual pfSense.

On the pfSense VM you can deactivate the outbound NAT and add a rule for the lab to the physical instead (hybrid mode).

AssadJ

@viragomann so are you saying i should setup a vlan on my physical pfsense, the dc is in proxmox behind the pfsense vm so the win 10 vm should be able to see the dc and join it even if outbound nat is set no?

viragomann

@assadj
So the DC and the VM you want to join are both VMs and reside in the some network segment?
I was talking about communication between devices in front and behind the pfSense VM.
These cannot talk together, because the device in front might not have a route the the network behind the pfSense VM.

With a transit network you simply set the routes on the router and the devices have only to use their default route to communicate with the other network and the world.

KOM

@assadj If the dc and win10 vms are on the same network then pfSense is not involved at all. In that Windows domain config, it's usually best to let the dc handle DNS and DHCP. You probably have pfSense set to do that.

As for outbound NAT, hybrid is what I use. However, we don't know what you have done for rules etc so maybe its best to restore a default pfSense config and move forward from there now that you know outbound NAT rules are not your problem.

AssadJ

@kom so the vms and pfsense vm are setup with bridge for wan to my private home network and a seperate lan which pfsense vm is managing for the vm in proxmox. yes i have set dhcp and dns to be pfsense should i turn both off on pfsense vm?

KOM

@assadj I would. While you can get it working wit pfSense handling those, it seems to cause fewer problems if you let Windows do it when in an AD environment.

AssadJ

@kom how can i turn off dns from pfsense, do i just disable dns resolver? and how can i allow dns to be provided by the dc. sorry just a noob asking loads of questions.

KOM

@assadj You don't need to turn it off, you just need your clients to not use it for DNS. Turn off the pfSense DHCP server, turn on & configure the Windows AD DHCP and DNS.

AssadJ

@kom ok great thanks

KOM

@assadj You can tell Windows DNS servers to forward to pfSense so you can still take advantage of packages like pfBlocker.

AssadJ

@kom ok great yeah ive set a dns forwarder for my windows dns server.