• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Before I get started

Scheduled Pinned Locked Moved General pfSense Questions
sandboxlab
3 Posts 3 Posters 797 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    ekisner
    last edited by Sep 21, 2018, 7:43 PM

    Hi folks, just wanted to start with a quick question. Potentially save myself some time. Not asking for a how-to, I'm sure all that's in the docs and I do know how to read.. mostly just a "yea pfSense can do this and you aren't going to get 3/4 of the way through before you hit a wall and end up wasting your afternoon".

    We're a VMWare shop, and I want to create clones of production VMs into an isolated environment for upgrade tests.

    Basically exactly the same thing as a Veeam SureBackup (for those of you who know what that is) but much longer term; Veeam SB will end the moment any VM in the job is backed up again, and I'll need this to run for probably about a month. Plus if the job is otherwise terminated, the changes are all nuked and that would be most unfortunate to have to redo the changes we're wanting to test.

    I need:

    • Routing between different VLANs... each being an interface in pfSense with an IP of the production default gateway addresses which are in turn connected to a vSwitch that has no physical interfaces into the rest of the network
    • A WAN link into the production network so that we can access the test environment as per next bullet
    • Some means of NAT access... say for example, production 10.0.0.1 having a static NAT entry for 10.10.0.1. Ergo from my workstation, if I hit 10.10.0.1, it goes to pfsense which translates it to 10.0.0.1. I'm fine with manually entering all of the NATs in if that matters.

    Actual use case (fake addresses ofc):

    • SharePoint WFE servers on vlan 100, addresses 10.0.0.1 and 10.0.0.2 (/24)
    • SharePoint App servers on vlan 101, addresses 10.0.1.1 and 10.0.1.2 (/24)
    • Load balancer on vlan 102, addresses 10.0.2.1/24
    • pfsense interfaces for vlans 100-102 addresses 10.0.X.254 (/24)
    • pfsense WAN interface 10.10.0.0/16 natting to vlans.. say 10.10.0.1 to 10.0.0.1 or 10.10.1.1 to 10.0.1.1
    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by Sep 21, 2018, 9:44 PM

      yes

      1 Reply Last reply Reply Quote 1
      • ?
        A Former User
        last edited by Sep 22, 2018, 7:58 PM

        To expand on @heper: Yes, pfSense will do this.

        1 Reply Last reply Reply Quote 1
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received