Help needed configuring pfsense WAN interface in virtualbox

  • I'm trying to set up a very simple, 3 system network using static IPs inside of virtual box so I can play with firewall settings.  I'm using a ubuntu image, pfsense image, and a kali image.  I'd like the network to look like this:


    Hopefully my network diagram makes sense.  I want the ubuntu system to be on the lan interface behind pfsense, and kali to be the outside box.

    In virtual box, all these images are on internal networks.  Ubuntu and the LAN interface are on intnet, and kali and the WAN interface are on intnet2.

    Settings so far look like this:

    em0 (pfsense adapter 1, LAN interface, intnet):

    em1 (pfsense adapter 2, WAN interface, intnet2):

    Ubuntu (intnet):

    Kali (intnet2):

    I know the IP addresses are all in the same subnet, but I figured it wouldn't matter since I'm using 2 different internal networks.  Am I wrong?  I've also played with either leaving the WAN's upstream gateway blank, or setting it to the address of the kali box.  Do I need to worry about setting that up since there's only 1 external machine?

    As it stands right now, I can ping back and fourth between Ubuntu and the LAN interface, but I can't get the WAN and kali to talk to each other.  I've googled around and looked at some tutorials, but none of them really helped.  Can anyone help me figure out why pfsense won't talk to the kali box?  Is there more information that I need to provide?  Any help would be greatly appreciated.

  • Create your pfSense instance with WAN NIC being bridged to LAN and LAN NIC being internal intnet1.

    For your Ubuntu client, make his NIC internal intnet1
    For your Kali client, make his NIC bridged to your LAN.

    If you want to play with a DMZ, create another NIC on pfSense, internal intnet2 and another client also on intnet2.

    Looking at your IP assignments, you can't have your WAN and LAN on the same network which they currently are.  That will never work.  Your WAN is going to be bridged to LAN so he should have an IP address in the same network as your real LAN.

    Make your life easier and use clearly different subnets, like for WAN and for LAN.

    Like this:

Log in to reply