Leaving secuirty holes with HyperV?



  • I virtualized a pfSense inside of HyperV behind my router. pfSense gives my server its own LAN IP (10.10.10.2), even while the router infront gives its own(192.168.1.2). Does this mean I've missed a step and left my server vulnerable to the internet if I take the primary router (192.168.1.1) away and go from:
    Modem --> pfSense in HyperV?

    Not sure if I've configured it in a proper way...



  • You should assign two interface to your pfSense Hyper VM :
    A n interface you call "WAN" which should be an real physical interface bound to the VM. The host OS, Windows, should NOT use this interface at all. This interface should be connected to your ISP Router. Your pfSense WAN (DHCP) IP will be something like 192.168.1.x where x is not 1.

    Create another interface - virtual this time - called LAN, which, if could be bound to a actual second physical network interface so you can "expose" this LAN network to other LAN type devices using a real switch.
    If you do not have a second NIC, only the host OS Windows could / should be bound to the virtual LAN interface. The LAN should be set up as - why not - 10.10.10.1 (not .2 - that not logic - gateways have .1 or .254, not some IP in the middle of the range, that's more then awkward)).
    Your Windows host will acquire an 10.10.10.x, where x lies somewhere in your pfSense DHCP server pool you've set up.


Log in to reply