Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    When should i set premiscuous mode or not set premiscuous mode for both LAN and WAN interface when configuring virtualbox for PFsense installation???

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 4 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oldrik
      last edited by

      hello, i have follow different tutorials on how to setup a virtualbox environment for the installation of pFSense with the LAN and WAN interface.
      In some tutorials, premiscuous mode is set to deny for both LAN and WAN interfaces while in other tutorials, premiscuous mode is set to Allow VMs for both LAN and WAN interfaces........
      Actually i read that "In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety."
      Pls, i am not still clear with the explanation.???

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        promiscuous mode is set to Allow VMs for any interfaces on my virtualbox
        This mode is used for packet sniffing so for example suricata/snort or other tools like wireshark need it
        you can always change it later if you need to sniff packet from outside the virtualbox

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • KOMK
          KOM
          last edited by

          You don't need to enable promiscuous mode just to run pfSense in a virtual environment. I can't think of many cases where you would need it at all.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            At the hypervisor level, running in promiscuous mode allows the VM to see traffic not destined for its MAC address. The most common use cases for this are:

            1. HA - It's required for CARP to function
            2. L2 Bridging - Otherwise traffic for non-firewall hosts will be dropped as they have different MAC addresses.

            It's not necessary for packet captures or an IDS. That's promiscuous mode of the interface at the OS level, not in the hypervisor.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.