When should i set premiscuous mode or not set premiscuous mode for both LAN and WAN interface when configuring virtualbox for PFsense installation???
hello, i have follow different tutorials on how to setup a virtualbox environment for the installation of pFSense with the LAN and WAN interface.
In some tutorials, premiscuous mode is set to deny for both LAN and WAN interfaces while in other tutorials, premiscuous mode is set to Allow VMs for both LAN and WAN interfaces........
Actually i read that "In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety."
Pls, i am not still clear with the explanation.???
promiscuous mode is set to Allow VMs for any interfaces on my virtualbox
This mode is used for packet sniffing so for example suricata/snort or other tools like wireshark need it
you can always change it later if you need to sniff packet from outside the virtualbox
KOM last edited by
You don't need to enable promiscuous mode just to run pfSense in a virtual environment. I can't think of many cases where you would need it at all.
At the hypervisor level, running in promiscuous mode allows the VM to see traffic not destined for its MAC address. The most common use cases for this are:
- HA - It's required for CARP to function
- L2 Bridging - Otherwise traffic for non-firewall hosts will be dropped as they have different MAC addresses.
It's not necessary for packet captures or an IDS. That's promiscuous mode of the interface at the OS level, not in the hypervisor.