Wrong network configuration - pfSense.

  • All I want is to try out pfSense with bridged connection on my desktop.
    Network configuration is making this  impossible.
    What is wrong?

    My data:

    • uname -a
    Linux debian8 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 GNU/Linux
    • dpkg -l | grep virtualbox
    ii  virtualbox-5.1                        5.1.14-112924~Debian~jessie          amd64        Oracle VM VirtualBox
    • Downloaded and installed:
    - Guests Additions
    - Extensions.
    • Architecture - lscpu
    Architecture:          x86_64
    CPU op-mode(s):        32-bit, 64-bit
    Byte Order:            Little Endian
    CPU(s):                8
    On-line CPU(s) list:   0-7
    Thread(s) per core:    2
    Core(s) per socket:    4
    Socket(s):             1
    NUMA node(s):          1
    Vendor ID:             AuthenticAMD
    CPU family:            21
    Model:                 2
    Model name:            AMD FX(tm)-8320 Eight-Core Processor
    Stepping:              0
    CPU MHz:               1400.000
    CPU max MHz:           3500.0000
    CPU min MHz:           1400.0000
    BogoMIPS:              7023.81
    Virtualization:        AMD-V
    L1d cache:             16K
    L1i cache:             64K
    L2 cache:              2048K
    L3 cache:              8192K
    NUMA node0 CPU(s):     0-7
    • Motherboard - dmidecode -t 2
    # dmidecode 2.12
    SMBIOS 2.7 present.
    Handle 0x0002, DMI type 2, 15 bytes
    Base Board Information
    	Manufacturer: ASUSTeK COMPUTER INC.
    	Product Name: M5A99X EVO R2.0
    	Version: Rev 1.xx
    	Serial Number: 130511776701058
    	Asset Tag: To be filled by O.E.M.
    		Board is a hosting board
    		Board is replaceable
    	Location In Chassis: To be filled by O.E.M.
    	Chassis Handle: 0x0003
    	Type: Motherboard
    	Contained Object Handles: 0
    • BIOS - dmidecode -t bios -q
    dmidecode -t bios -q
    BIOS Information
    	Vendor: American Megatrends Inc.
    	Version: 1708
    	Release Date: 04/10/2013
    	Address: 0xF0000
    	Runtime Size: 64 kB
    	ROM Size: 8192 kB
    		PCI is supported
    		BIOS is upgradeable
    		BIOS shadowing is allowed
    		Boot from CD is supported
    		Selectable boot is supported
    		BIOS ROM is socketed
    		EDD is supported
    		5.25"/1.2 MB floppy services are supported (int 13h)
    		3.5"/720 kB floppy services are supported (int 13h)
    		3.5"/2.88 MB floppy services are supported (int 13h)
    		Print screen service is supported (int 5h)
    		8042 keyboard services are supported (int 9h)
    		Serial services are supported (int 14h)
    		Printer services are supported (int 17h)
    		ACPI is supported
    		USB legacy is supported
    		BIOS boot specification is supported
    		Targeted content distribution is supported
    		UEFI is supported
    	BIOS Revision: 4.6
    • Virtualisation:
        - Flags - svm.
    grep -E "(vmx|svm)" /proc/cpuinfo --color=always
    flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm topoext perfctr_core perfctr_nb arat cpb hw_pstate npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold vmmcall bmi1

    - AMD-v mode in UEFI BIOS – enabled.
      - VB virtualisation - In VirtualBox click -> Settings -> System -> Acceleration enabled.
    Networking: Standard ADSL connection with ISP modem.
    1/ - Host

    - netstat -nr
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface         UG        0 0          0 eth0   U         0 0          0 eth0
    - ifconfig -a
    eth0      Link encap:Ethernet  HWaddr 60:a4:4c:64:a8:bd  
              inet addr:  Bcast:  Mask:
              inet6 addr: 2a02:8084:81:2980:62a4:4cff:fe64:a8bd/64 Scope:Global
              inet6 addr: fe80::62a4:4cff:fe64:a8bd/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:9120 errors:0 dropped:0 overruns:0 frame:0
              TX packets:8267 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:5410974 (5.1 MiB)  TX bytes:1328897 (1.2 MiB)
    lo        Link encap:Local Loopback  
              inet addr:  Mask:
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:35 errors:0 dropped:0 overruns:0 frame:0
              TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
                  RX bytes:4613 (4.5 KiB)  TX bytes:4613 (4.5 KiB)

    2 / - VB Virtual machine

    • Networks:
          - vboxnet0:
              - Adapter, Ipv4 address:
              - DHCP server:
                  Lower Address Bound:
                Upper Addres Bound:
    • Adapters:
                            - bridged adapter
                            - eth0
                            - Intel PRO/1000  MT Desktop (82540EM)
                            - Cable connected
                            - enabled.
                            - Host-only
                            - vboxnet0
                            - Intel PRO/1000  MT Desktop (82540EM)
                            - Cable connected
                            - enabled
      3/- “Guest” pfSense.
    • Assigned interfaces:                  Assigned IP address:
                                - WAN – em0                              - v4/DHCP4
                                - LAN  -  em1                              -  (static)
    • Ping google.ie.                http://imgur.com/a/9tRxg
    • Access webConfigurator: http://imgur.com/a/MSzvE
    • Outcome:                          http://imgur.com/a/HqXLt

    What is wrong, how could I sort it out and get access to the webConfigurator?

    Mark. ???

  • LAYER 8 Global Moderator

    Well looks like the wan is your network 192.168.0/24 that your PC is on - so enable gui on wan.. Why would you set pfsense lan to ??  Pretty sure 192.168.56 is vb host only network.. So yeah only other vms on that same host only network would be able to get to that network..

    do you want to use pfsense as the box that is running vb firewall??  Or for your whole network?

    This thread should be in the virtualization section!!  I would ask a mod to move - nevermind I will report it for you.

  • @johnpoz

    Well looks like the wan is your network 192.168.0/24 that your PC is on - so enable gui on wan

    Done, does not work.

    Why would you set pfsense lan to

    pfSense configurator suggestion - http://imgur.com/a/MSzvE

    do you want to use pfsense as the box that is running vb firewall??  Or for your whole network?

    Whole network.

  • LAYER 8 Global Moderator

    Your lan got that via dhcp.. That is not something lan is normal gotten from anyway because normally you run dhcpd on pfsense, etc. etc.. and it needs to be static.

    If you want to run this for your whole network then do this..  Your box needs 2 interfaces min or smart switch and vlans but then gets way more complicated.

    Interface your going to connect to your internet - wan, would be bridge in VB.  Your Lan side interface in PC would be bridged in VB.
    In your PC that is running vb you would not have any binding to the wan nic.
    Your PC would have an IP on the lan side bridge interface in vb..

    Your pfsense vm in vb would have virt nic connected to your phy wan interface that is bridged and get your public IP from your ISP or if behind nat some rfc1918 from your gateway/router from your ISP.  Your lan side network or lan interface in vb would be some different network that is bridged to your lan side PC interface.  This would be connected to your phy switching setup.  All other devices would be connected here, wireless AP would be connected here.

    Your PC would have IP on this network..  This is what it would use for internet access.

    There you go realistic this takes 5 minutes to setup..

  • http://2we26u4fam7n16rz3a44uhbe1bq2.wpengine.netdna-cdn.com/wp-content/uploads/030415_0147_SettingUpaP1.png
    My router -
    My host  -
    VM-VB :

    • Networks:
        - NatNetwork -
        - Host-nly (vboxnet0) -
                          DHCP        -
                          - lower        -
                          - upper      -
    • Adapters:
        - Ad1 - eth0 - bridged
        - Ad2 - intnet - internal
    • interface em0 (WAN) -DHCP4:
    • interface em1 (LAN)  -
      Typing in browser the webConfiguration window does not open.
      How would you setup the ip addressing?

  • LAYER 8 Global Moderator

    My router -
    My host  -

    Well your host is on the pfsense WAN.. As I showed in the my setup your PC running vm IP should be on the interface that is bridged to pfsense lan and your network - can not be connected to your routers network.  Do this your going to need another switch.  Can not just have 1 router as your only connection.

  • I am still working on configuration filtering firewall with 2 interfaces for entire network (Host with Debian Jessie - in this case) with virtual pfSense.
    Despite the fact that you explained the configuration, I made many different efforts to resolve this issue, I still do not have access to pfSense webConfigurator.
    I,am really not proud of me, but if I could ask you for favor.
    I still have to make the some mistake, and loose only my time.
    Please, send me working config, so I could learn from it, and avoid my mistakes.
    If I could ask…

    Ps.Similar situation: https://i.stack.imgur.com/UPzpu.png

  • LAYER 8 Global Moderator

    Dude do you have another switch?  You can not setup your whole network to be behind pfsense if you only have 1 switch that is your router…

    Exactly - this same drawing I already gave you.. But in that case they don't put any IP on the host.. If you want the host behind then enp3s0 there would be a 192.168.1.x IP..

  • I will buy smart switch, this week.
    My idea was to defend Host only with virtual pfSense, but it seems to be unrealistic.

  • LAYER 8 Global Moderator

    If all you want to do is protect the machine that is running VB and pfsense - you can do that sure.

    Your host machine can use the IP that is your host only network.  Ie the 192.168.56 address that is the lan IP of your pfsense..

    edit.. Here I downloaded VB took all of 2 minutes to move my machine behind pfsense..

    So installed pfsense as vm with its wan on my normal network (behind your router) mine is 192.168.9/24.. I then put pfsense vm lan on the host only network on VB..

    See fist attached image. vbnetwork  So you can see the pfsense wan got a IP from my network (ie your router) from dhcp.

    I then set the VB host only interface on my machine to be on this 192.168.56 network.. So gave it and set it to use pfsense lan IP in my case as the gateway and dns.

    You can then see I can ping this from my host running VB and I can access pfsense lan web gui and run the wizard..

    Once I run through the wizard you see I am on the pfsense dashboard via the IP..

    I then turn off my IP On my physical interface.. Last attachment you can see I only have the IP on my host machine.  And when I traceroute to the internet you can see it hits my pfsense VM lan IP, then it hits what wold be your router, in my case that is pfsense running as vm on a esxi host.

    So there you go step by step instructions - all of 2 minutes to setup.  Actually posting this from behind my pfsense running on vb on my host..

  • This means in practice:

    My router -
    My host  -

    VM VB - adapters,
          - Ad1 - eth0  - bridged
          - Ad2 - vbox0 -host-only
    VM pfSense,
          - interface em0(WAN)  - DHCPv4 - IPaddress:
          - interface em1(LAN)  -  static      - IPaddress:
    Please correct me if wrong.
    You are Great !
    It works.
    I have pfSense webconfigurator.
    Now when I understand it seems simple and easy.
    Thanks to your fantastic help and patience ;)

  • LAYER 8 Global Moderator


    You are Great !
    It works.
    I have pfSense webconfigurator.
    Now when I understand it seems simple and easy.
    Thanks to your fantastic help and patience ;)

    You are welcome ;)  Yes once you understand it very simple and easy ;)