Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Linking multiple subnets with pfsense and VMware Workstation (RESOLVED)

    Scheduled Pinned Locked Moved Virtualization
    11 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz

      If you only have 1 interface in pfsense, then the anti lock out goes there to allow you to access the gui, if you add another interface "lan" then no you can not access from wan any more.. The antilock out will be on the lan interface.

      There is nothing to do for multiple vlans to talk to each other once connected to pfsense, other than make sure you firewall rules allow. LAN will be the only interface that has default any any, when you fire up a new interface there will be no rules.

      Your going to have to call out what interface is what in pfsense if you want help.. And what your doing on your workstation as far as bridged to your physical network or just a vm network doesn't mean anything in the context of pfsense and doesn't matter.

      If your having a problem with vm A talking to vm B on some other interface - its more than likely in your vm networking setup.. As long as you actually created rules on the new interfaces you added.. Do a simple sniff is pfsense seeing the traffic on your other lan interfaces? Do your vms get an IP from dhcp running on pfsense?

      Moving this to virtual section - this isn't multi wan routing..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • I
        Instantazn
        last edited by

        Hi John,
        Thank you for the quick reply and sorry I posted in the wrong section. I did not know about the anti-lockout on pfsense. It makes sense now that it can only be accessed on one interface. Currently my setup does not have any VLANs, I am just trying to route traffic as follows: 172.16.16.0/24 <=> 172.16.17.0/24 so far it seems to only be going from 172.16.16.0 to 172.16.17.0, but not the other way around.

        When it comes to sniffing, I am not too familiar with packet sniffers such as Wireshark, nor do I know how to use them. My VMs are not running from DHCP and I am manually assigning an IP to each device. Each device is a domain controller in each subnet with a few other servers, but the DCs are my main concern right now. Here is a picture of my interfaces on my pfsense server (Leaving IPs since it is all internal):

        2f6151e9-123f-472c-9d47-fa71b308327b-image.png
        Virtual Network:
        426f2624-0245-47c3-8b6c-d7cfdff89734-image.png
        Pfsense Server VM settings:
        1b04ffbb-1020-4b18-b2c5-27097e6496b4-image.png

        If I left anything out, do let me know. Also, I am not as adept in networking, so please bare with me, and thank you so much for sharing your information to me.

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Please post screens of your firewall rules for the two custom interfaces.

          1 Reply Last reply Reply Quote 0
          • I
            Instantazn
            last edited by

            Hi Kom,
            It seems you and John may be spot on here about the firewall rules. Here are my screenshots below:

            661dd88b-a885-4aa4-8ed3-590fd3382e9b-image.png
            1f47ea3c-bf03-44d3-ae7d-eb80cc415be9-image.png

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              You need to add the same rules that you see on LAN to LAN2, other than the lockout rule.

              1 Reply Last reply Reply Quote 0
              • I
                Instantazn
                last edited by

                Thanks, I will give that a shot soon. Is there a way to be able to reach the pfsense router via web gui from the LAN2 interface instead of just the LAN1 interface?

                1 Reply Last reply Reply Quote 0
                • I
                  Instantazn
                  last edited by

                  Hi Kom,
                  Looks like it worked even with anti-lockout configured on LAN1. Strange but it works, so thank you! Now I can continue to create a trust between my two active directory domains.

                  24768377-bcb1-4521-80cc-0dbe09e9a671-image.png
                  c909e55b-b99b-4aa1-993a-3d025c91f9b4-image.png

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    @johnpoz did mention that only the first LAN gets default rules, and that all other OPT interfaces have no rules by default and must be manually added or nothing can talk.

                    Glad you got it going. Get to work! 😆

                    1 Reply Last reply Reply Quote 0
                    • I
                      Instantazn
                      last edited by

                      @johnpoz and @KOM Yes he did and thank you both for the very quick and informative assistance. This honestly slowed me down for a while and now I can continue to grind for the other projects I am doing for my virtual lab. I am a newbie to pfsense or firewalls in general, but is there a way I can close this thread out as solved?

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by KOM

                        You could edit the post title which is in your first post and prepend it with [SOLVED] or [RESOLVED], depending on your preference.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.