Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    WAN Bridge and VLAN for virtual machine

    NAT
    2
    2
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mzbroch last edited by

      Hi,

      I wanted to ask for an advice. Is there any chance/possibility to bridge WAN interface and create VLAN to give one of VMs WAN address from /28 network.
      I was trying to find anything in google, but probably query wasn't specific enough.

      my configuration:
      pfSense SG-8860
      WAN: /28
      LAN: 10.9.0.0/24

      Thanks,
      Mik

      1 Reply Last reply Reply Quote 0
      • I
        isolatedvirus last edited by

        Absolutely!

        One way to accomplish this is through VLAN tagging your WAN. If youre running PFSense in VM, this becomes easier to accomplish since you tag the incoming ISP connection (ex: vlan 100) and simply add VM's to this vlan in the network section in vmware, or if using KVM through the dropdown selection for your NIC addition.

        A bit of fair warning though, passing unfiltered internet to a VM tends to put it at risk of attack, so you'd have to be more vigilant on maintaining the VM in question. Just wanted to make sure you're aware of the risk.

        The other option is to perform a 1:1 NAT, then allow through firewall rules the specific protocols/ports through to your server. This method isn't "worse" than the first one, it just has different cons.

        Option1: Con is security.
        Option2: Con is overhead. 1:1 NAT + Firewall rules would have to be parsed for every connection coming in. This isnt going to be a detriment, but without me known the specifics I can't say for sure if its going to be an issue in your environment. I will say however, that this con doesn't apply to 99% of use cases, because the amount of traffic being passed isn't immense.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy