Create a DMZ in VirtualBox using two pf Sense instences



  • Hi all,
    I am trying to create a DMZ in VirtualBox using two instences of pf Sence. The problem I am having is two fold

    1: I cant get my internal pf to speak with my external pf.
    2: I cant get my internal LAN traffic to see my internal pf  WAN interface or external pf sence interfaces.

    My setup:

    External pfSense
    Adapter 1 is bridged to host NIC in VirtualBox this is WAN port (DHCP) ip: 10...*
    Adapter 2 is set to Internal in VirtualBox network name DMZ ip:192.168.20.1
    Internal pfSense
    Adapter 1 is set to Internal in VirtualBox network name DMZ ip:192.168.20.2 WAN in pf
    Adapter 2 is set to Internal in VirtualBox network name testnet ip:192.168.1.1 LAN in pf

    I can ping 192.168.20.1 from internal pfSense but cant ping the other way.
    I cant configure the external pfSense via brose because I cant ping/ reach it. 
    Both pfsense are running on freebsd

    I would like the 192.168.20 network to be my dmz. My goal is to put some other servers like snort in this network.



  • Without commenting on the architecture and reasons for it, your problem will be that Internal pfSense WAN will block traffic originating from outside it (i.e. trying to ping from external back to 192.168.20.2).
    At the VM console of Internal pfSense you can use the developer shell and enableallowallwan (its called something like that). Then you can get into the webGUI from upstream of WAN and sort out a more restricted set of rules for access to the Internal pfSense webGUI from upstream.


Log in to reply