Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Before I get started

    General pfSense Questions
    sandbox lab
    3
    3
    389
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ekisner last edited by

      Hi folks, just wanted to start with a quick question. Potentially save myself some time. Not asking for a how-to, I'm sure all that's in the docs and I do know how to read.. mostly just a "yea pfSense can do this and you aren't going to get 3/4 of the way through before you hit a wall and end up wasting your afternoon".

      We're a VMWare shop, and I want to create clones of production VMs into an isolated environment for upgrade tests.

      Basically exactly the same thing as a Veeam SureBackup (for those of you who know what that is) but much longer term; Veeam SB will end the moment any VM in the job is backed up again, and I'll need this to run for probably about a month. Plus if the job is otherwise terminated, the changes are all nuked and that would be most unfortunate to have to redo the changes we're wanting to test.

      I need:

      • Routing between different VLANs... each being an interface in pfSense with an IP of the production default gateway addresses which are in turn connected to a vSwitch that has no physical interfaces into the rest of the network
      • A WAN link into the production network so that we can access the test environment as per next bullet
      • Some means of NAT access... say for example, production 10.0.0.1 having a static NAT entry for 10.10.0.1. Ergo from my workstation, if I hit 10.10.0.1, it goes to pfsense which translates it to 10.0.0.1. I'm fine with manually entering all of the NATs in if that matters.

      Actual use case (fake addresses ofc):

      • SharePoint WFE servers on vlan 100, addresses 10.0.0.1 and 10.0.0.2 (/24)
      • SharePoint App servers on vlan 101, addresses 10.0.1.1 and 10.0.1.2 (/24)
      • Load balancer on vlan 102, addresses 10.0.2.1/24
      • pfsense interfaces for vlans 100-102 addresses 10.0.X.254 (/24)
      • pfsense WAN interface 10.10.0.0/16 natting to vlans.. say 10.10.0.1 to 10.0.0.1 or 10.10.1.1 to 10.0.1.1
      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        yes

        1 Reply Last reply Reply Quote 1
        • ?
          A Former User last edited by

          To expand on @heper: Yes, pfSense will do this.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post