Wrong network configuration - pfSense.
-
All I want is to try out pfSense with bridged connection on my desktop.
Network configuration is making this impossible.
What is wrong?My data:
- uname -a
Linux debian8 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 GNU/Linux- dpkg -l | grep virtualbox
ii virtualbox-5.1 5.1.14-112924~Debian~jessie amd64 Oracle VM VirtualBox- Downloaded and installed:
pfSense-CE-2.3.3-RELEASE-amd64.iso - Guests Additions - Extensions.- Architecture - lscpu
Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 8 On-line CPU(s) list: 0-7 Thread(s) per core: 2 Core(s) per socket: 4 Socket(s): 1 NUMA node(s): 1 Vendor ID: AuthenticAMD CPU family: 21 Model: 2 Model name: AMD FX(tm)-8320 Eight-Core Processor Stepping: 0 CPU MHz: 1400.000 CPU max MHz: 3500.0000 CPU min MHz: 1400.0000 BogoMIPS: 7023.81 Virtualization: AMD-V L1d cache: 16K L1i cache: 64K L2 cache: 2048K L3 cache: 8192K NUMA node0 CPU(s): 0-7- Motherboard - dmidecode -t 2
# dmidecode 2.12 SMBIOS 2.7 present. Handle 0x0002, DMI type 2, 15 bytes Base Board Information Manufacturer: ASUSTeK COMPUTER INC. Product Name: M5A99X EVO R2.0 Version: Rev 1.xx Serial Number: 130511776701058 Asset Tag: To be filled by O.E.M. Features: Board is a hosting board Board is replaceable Location In Chassis: To be filled by O.E.M. Chassis Handle: 0x0003 Type: Motherboard Contained Object Handles: 0- BIOS - dmidecode -t bios -q
dmidecode -t bios -q BIOS Information Vendor: American Megatrends Inc. Version: 1708 Release Date: 04/10/2013 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 8192 kB Characteristics: PCI is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported BIOS ROM is socketed EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 4.6- Virtualisation:
- Flags - svm.
grep -E "(vmx|svm)" /proc/cpuinfo --color=always flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce nodeid_msr tbm topoext perfctr_core perfctr_nb arat cpb hw_pstate npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold vmmcall bmi1- AMD-v mode in UEFI BIOS – enabled.
- VB virtualisation - In VirtualBox click -> Settings -> System -> Acceleration enabled.
Networking: Standard ADSL connection with ISP modem.
1/ - Host- netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 - ifconfig -a eth0 Link encap:Ethernet HWaddr 60:a4:4c:64:a8:bd inet addr:192.168.0.182 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: 2a02:8084:81:2980:62a4:4cff:fe64:a8bd/64 Scope:Global inet6 addr: fe80::62a4:4cff:fe64:a8bd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9120 errors:0 dropped:0 overruns:0 frame:0 TX packets:8267 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5410974 (5.1 MiB) TX bytes:1328897 (1.2 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:35 errors:0 dropped:0 overruns:0 frame:0 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 RX bytes:4613 (4.5 KiB) TX bytes:4613 (4.5 KiB)2 / - VB Virtual machine
- Networks:
- vboxnet0:
- Adapter, Ipv4 address: 192.168.56.1
Mask: 255.255.255.0
- DHCP server: 192.168.56.2
Mask: 255.255.255.0
Lower Address Bound: 192.168.56.21
Upper Addres Bound: 192.168.56.24 - Adapters:
;Adapter1,
- bridged adapter
- eth0
- Intel PRO/1000 MT Desktop (82540EM)
- Cable connected
- enabled.
;Adapter2,
- Host-only
- vboxnet0
- Intel PRO/1000 MT Desktop (82540EM)
- Cable connected
- enabled
3/- “Guest” pfSense. - Assigned interfaces: Assigned IP address:
- WAN – em0 - v4/DHCP4 192.168.0.47/24
- LAN - em1 - (static) 192.168.56.1/24 - Ping google.ie. http://imgur.com/a/9tRxg
- Access webConfigurator: http://imgur.com/a/MSzvE
- Outcome: http://imgur.com/a/HqXLt
What is wrong, how could I sort it out and get access to the webConfigurator?
Regards.
Mark. ??? -
Well looks like the wan is your network 192.168.0/24 that your PC is on - so enable gui on wan.. Why would you set pfsense lan to 192.168.56.1 ?? Pretty sure 192.168.56 is vb host only network.. So yeah only other vms on that same host only network would be able to get to that network..
do you want to use pfsense as the box that is running vb firewall?? Or for your whole network?
This thread should be in the virtualization section!! I would ask a mod to move - nevermind I will report it for you.
-
Well looks like the wan is your network 192.168.0/24 that your PC is on - so enable gui on wan
Done, does not work.
Why would you set pfsense lan to 192.168.56.1
pfSense configurator suggestion - http://imgur.com/a/MSzvE
do you want to use pfsense as the box that is running vb firewall?? Or for your whole network?
Whole network.
-
Your lan got that via dhcp.. That is not something lan is normal gotten from anyway because normally you run dhcpd on pfsense, etc. etc.. and it needs to be static.
If you want to run this for your whole network then do this.. Your box needs 2 interfaces min or smart switch and vlans but then gets way more complicated.
Interface your going to connect to your internet - wan, would be bridge in VB. Your Lan side interface in PC would be bridged in VB.
In your PC that is running vb you would not have any binding to the wan nic.
Your PC would have an IP on the lan side bridge interface in vb..Your pfsense vm in vb would have virt nic connected to your phy wan interface that is bridged and get your public IP from your ISP or if behind nat some rfc1918 from your gateway/router from your ISP. Your lan side network or lan interface in vb would be some different network that is bridged to your lan side PC interface. This would be connected to your phy switching setup. All other devices would be connected here, wireless AP would be connected here.
Your PC would have IP on this network.. This is what it would use for internet access.
There you go realistic this takes 5 minutes to setup..
-
http://2we26u4fam7n16rz3a44uhbe1bq2.wpengine.netdna-cdn.com/wp-content/uploads/030415_0147_SettingUpaP1.png
My router - 192.168.0.1
My host - 192.168.0.182
VM-VB :- Networks:
- NatNetwork - 192.168.0.0
- Host-nly (vboxnet0) - 10.0.2.0/24
DHCP - 10.0.2.1
- lower - 10.0.2.0
- upper - 10.0.2.20 - Adapters:
- Ad1 - eth0 - bridged
- Ad2 - intnet - internal
pfSense: - interface em0 (WAN) -DHCP4: 192.168.0.48
- interface em1 (LAN) - 10.0.2.15
Typing 10.0.2.15 in browser the webConfiguration window does not open.
http://imgur.com/a/02Jyw
http://imgur.com/a/lYsOI
How would you setup the ip addressing?
- Networks:
-
My router - 192.168.0.1
My host - 192.168.0.182Well your host is on the pfsense WAN.. As I showed in the my setup your PC running vm IP should be on the interface that is bridged to pfsense lan and your network - can not be connected to your routers network. Do this your going to need another switch. Can not just have 1 router as your only connection.
-
I am still working on configuration filtering firewall with 2 interfaces for entire network (Host with Debian Jessie - in this case) with virtual pfSense.
Despite the fact that you explained the configuration, I made many different efforts to resolve this issue, I still do not have access to pfSense webConfigurator.
I,am really not proud of me, but if I could ask you for favor.
I still have to make the some mistake, and loose only my time.
Please, send me working config, so I could learn from it, and avoid my mistakes.
If I could ask…Ps.Similar situation: https://i.stack.imgur.com/UPzpu.png
-
Dude do you have another switch? You can not setup your whole network to be behind pfsense if you only have 1 switch that is your router…
Exactly - this same drawing I already gave you.. But in that case they don't put any IP on the host.. If you want the host behind then enp3s0 there would be a 192.168.1.x IP..
-
I will buy smart switch, this week.
My idea was to defend Host only with virtual pfSense, but it seems to be unrealistic. -
If all you want to do is protect the machine that is running VB and pfsense - you can do that sure.
Your host machine can use the IP that is your host only network. Ie the 192.168.56 address that is the lan IP of your pfsense..
edit.. Here I downloaded VB took all of 2 minutes to move my machine behind pfsense..
So installed pfsense as vm with its wan on my normal network (behind your router) mine is 192.168.9/24.. I then put pfsense vm lan on the host only network on VB..
See fist attached image. vbnetwork So you can see the pfsense wan got a IP from my network (ie your router) 192.168.9.214 from dhcp.
I then set the VB host only interface on my machine to be on this 192.168.56 network.. So gave it 192.168.56.99 and set it to use pfsense lan IP 192.168.56.100 in my case as the gateway and dns.
You can then see I can ping this from my host running VB and I can access pfsense lan web gui and run the wizard..
Once I run through the wizard you see I am on the pfsense dashboard via the 192.168.56.100 IP..
I then turn off my IP On my physical interface.. Last attachment you can see I only have the 192.168.56.99 IP on my host machine. And when I traceroute to the internet you can see it hits my pfsense VM lan IP 192.168.56.100, then it hits what wold be your router 192.168.9.253, in my case that is pfsense running as vm on a esxi host.
So there you go step by step instructions - all of 2 minutes to setup. Actually posting this from behind my pfsense running on vb on my host..
-
This means in practice:
My router - 192.168.0.1
My host - 192.168.0.182VM VB - adapters,
- Ad1 - eth0 - bridged
- Ad2 - vbox0 -host-only
VM pfSense,
- interface em0(WAN) - DHCPv4 - IPaddress: 192.168.0.150
- interface em1(LAN) - static - IPaddress: 192.168.56.10
Please correct me if wrong.
@johnpoz
You are Great !
It works.
I have pfSense webconfigurator.
Now when I understand it seems simple and easy.
Thanks to your fantastic help and patience ;) -
