Problem with pfSense and LAN on VirtualBox



  • I am booting the pfSense 1.2.1 Live CD on a VirtualBox 2.1.0 VM (Windows XP host). The VM has two NICs, both attached to the host adapter. I am just trying to give pfSense a test drive.

    pfSense boots fine and I see all the prompts I expect to see. Both NICs show up as pcn0 and pcn1. I tell pfSense to use pcn0 as the LAN interface and pcn1 as the WAN interface. I configure a proper static IP address for the LAN interface. The main pfSense menu shows up fine.

    The problem I have is that I don't seem to have network connectivity on the LAN (haven't tried anything with the WAN yet). I shell out from the pfSense menu and confirm the network settings look correct (via ifconfig). From the same shell I try to ping other hosts on my network, but get nothing. I try to open the pfSense web interface from other hosts on my network, but get nothing.

    Note that I boot a Knoppix CD in the same VM and have no issues with network connectivity from either NIC, so as far as I can tell both VM NICs are set up properly.

    Any ideas? Thanks!



  • I am assuming this is a VM ware instance?  Are these virtual nic's or physical adapters?  Need a little more information.
    RC



  • pfSense is running on a Sun VirtualBox 2.1.0 virtual machine (http://www.virtualbox.org).  The host OS (running VirtualBox) is Windows XP.  The host PC has two NICs but one is disabled (only one is connected to my physical network).  The virtual machine has two virtual NICs, both configured to be connected to the single enabled host adapter (effectively bridged with the host adapter).  The virtual NICs are both PCnet-FAST III (Am79C973) models, which I chose simply because they seemed to be the default when I created the VM.

    Both pfSense and Knoppix are booted by mouting ISO images to the VM's virtual CD drive.

    Note that both my internal subnet (10.10.10.0/24) and my "DMZ" (10.10.20.0) run over the same physical LAN.  When pfSense boots I assign the LAN interface with address 10.10.10.10 (I have confirmed that this address is not already in use).  My intention is to assigned the WAN interface an address of 10.10.20.10, but haven't got that far.  After assigning the LAN address I am unable to ping or hit the pfSense web browser.

    Refer to attached images for VM NIC configuration and pfSense ifconfig output.

    Thanks








  • I quickly looked at virtual box.  I think if you want to get PF-sense to run I would add at least 2 additional interfaces.  One for the WAN and one for the LAN.  using you switch connect both to a switch and I think that should get it up and running for you.

    I try to do some additional reading to see if I can help any further.
    RC



  • I did some digging and it looks like it will work.  You need to pick up two adapters:

    • AMD PCNet PCI II
    • AMD PCNet FAST III (the default)
    • Intel PRO/1000 MT Desktop
    • Intel PRO/1000 T Server

    I would try to get two of the Intel Pro adapters(best compatibility with PF-Sense).  Here is what I think you can do (This is based on a quick read of the documentation.)

    **Option 1 Managed Devices
                                                                     ________(PC (Dedicated connection NIC2 PORT2 VLAN1 - WAN(PF-Sense))
                                                                    /
    WAN –-----(MODEM)---------(SWITCH PORT1 VLAN1)
                                                                 (VLAN2)----------(PC Host Workstation NIC 1 PORT 3 VLAN2 - LAN)
                                                                         \                    _Virtual Machine (PF-Sense)
                                                                          \                    _Virtual Machine (Unix)
                                                                           
                                                                            _
    (PC (Dedicated connection NIC3 Port 4 VLAN2 - LAN(PF-Sense)))

    **Option 2 Unmanaged Devices
                                                                      (PC (Dedicated connection NIC2 PORT2 VLAN1 - WAN(PF-Sense))
                                                                     /
    WAN –-----(MODEM)---------(SWITCH 1 (PORT1)   
                                           (SWITCH 2)------------------(PC Host Workstation NIC 1 PORT 2 - LAN)
                                                          \                                  _Virtual Machine (PF-Sense)
                                                           \                                  _Virtual Machine (Unix)
                                                           
                                                             _
    __(PC (Dedicated connection NIC3 Port 1 - LAN (PF-Sense))

    **Option 3 PF-Sense Directly Connected to Modem

    (PC (Dedicated connection NIC2 WAN(PF-Sense))
                                          /
    WAN –-----(MODEM)-------/ 
                                          (SWITCH 1)------------------(PC Host Workstation NIC 1 PORT 2 - LAN)
                                                          \                                  _Virtual Machine (PF-Sense)
                                                          \                                  _Virtual Machine (Unix)
                                                           
                                                            _
    __(PC (Dedicated connection NIC3 Port 1 - LAN (PF-Sense))

    This is a software virtualization solution instead of Hardware virtualization.

    I have updated my post to shown three possible implementations Option 1 - 3.  Option 1 is with a managed switch and Option 2 is just two let's just say 4 port generic switches (I skip names here).  Option 3 replaces Switch 1 with a direct connection to the dedicated NIC in the workstation that is assigned to PF-Sense.)  This should get you up and running and give you some room to do some serious Virtual Machine testing.  I see if I can help you if you want to try to get it to work.  If need be, I got a couple NIC's I can dump in to a test PC and see if we can get it up and running.

    I am using a purpose built XEN box that supports AMD-V.  I reduced my server count from 7 servers down to 1 physical server virtualization in my efforts.

    RC******



  • I had the same problem and solved it by switching to Intel Pro/1000 T-Server network adapters.

    Apparently it's a bug in FreeBSD, see http://eligere.wordpress.com/2008/03/05/virtualbox-156-freebsd-70-and-pcnet-fast-iii-problem/

    Unfortunately, I figured it out after messing around for quite some time.
    Perhaps a notice should be added to the download page, since it's pretty common to try it under a VM.

    Edit: I'm using VirtualBox 2.0.6


Locked