Following pfsense hyper-v install guide - no connectivity
-
Hi,
I have tried setting up pfsense using the guide below but I'm not able to get it to work:
https://doc.pfsense.org/index.php/Virtualizing_pfSense_under_Hyper-V
I'm installing this on my hyper-v host which is running server 2012 core. It has 2 nic's, one on board wich I'm using for host connectivity (the host also runs as domain controller / DNS / DHCP). The other nic is an intel i350 with 2 ports, I'm using 1 port for LAN on pfsense and the other for WAN.
The guide says I need 2 virtual switches, 1 internal for the LAN, 1 external for the WAN with the checkbox "Allow management operating system to share this network adapter" disabled.
So I created both switches, connected LAN to the LAN interface on pfsense and WAN to the WAN interface. I set up an IP on the LAN virtual switch to have the same subnet as my physical LAN which is 172.28.57.x / 24. All my physical devices are on this subnet (including the hyper-v host machine on the 3rd nic). The wan side is on 192.168.2.x / 24. The LAN interface on pfsense is also set up to be in the same subnet as my physical computers 172.28.57.x / 24 WAN is on 192.168.2.x / 24. I'm aware of using an internal virtual switch type I will not be able to bind it to the physical LAN port on my i350 so I am really asking myself how this can be set up to work using an internal vm switch.
Following this guide I'm not able to get any connectivity from my physical LAN to pfsense and out to the internet but I can ping websites from pfsense (connectivity does work between VM's and the host machine). How can I set up hyper-v and pfsense using an internal vm switch to connect to my physical LAN ? Am I missing some kind of routing configuration in pfsense to make this work like described in the guide ?
My reason for trying to set it up using this guide is because I think the traffic going over my physical LAN is not all being handled by pfsense, I think some of the traffic is going around pfsense (in short its not isolated), I noticed this in the monitoring I have set up. Copying files from one computer to another isn't going through the firewall which is logical, while copying from VM to another VM is all going through pfsense and I would like to have the same results for traffic on my physical LAN aswell, I would like to have pfsense handle all traffic so I know what is going on in the network.
Maybe I need some kind of DMZ setup with pfsense to be able to isolate all traffic ?
interface:WAN -> Interface:PFSENSE(DMZ)
|-> Interface:VMLAN ?
|-> Interface:LAN ?If so, how would I set this up ?
Thanks in advance!
-
192.168.x.y range are non routable.
Having that on your WAN interface is bad.