Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense in Hyper-V and Isolated VMs

    Scheduled Pinned Locked Moved
    Virtualization
    2
    6
    831
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AntaresFR
      last edited by AntaresFR

      Hi all,
      I m new with pfsense and tried to achieve something i wanted, isolated some VMs of one of my Hyper-V host from the rest of the home LAN.
      Vms are in Hyper-V and pfSense is in Hyper-V too.
      WAN link is a dedicated physical port on the host.
      LAN link is a internal vswitch
      OPT1 link is an external vswitch linked to a physical switch to my Home Lan.
      After some lurking in this forum, i managed to do what i wanted and it works very well.
      I attached a picture to explain what i have actually.

      PfSense.png

      I'm not sure i did it the correct/best way but it works. I'm able to access what i want in isolated subnet with firewall rules and all works as expected (DNS, DHCP, SMB and SSH)

      Now i have a dream :D. I want to put if possible this isolated subnet on the same subnet than the Home Lan (192.168.0.0/23) and not on another subnet (192.168.5.0/24) to avoid routing.
      I tried many things but didn't manage to do it. I tried to bridge OPT1 and LAN but i loose access to the Webgui and wasn't able to get it back.

      If anyone can give me some advice to achieve that or things to enhance.

      Merry Christmass for everyone and thank you to read me, even if you don't reply =)

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @AntaresFR
        last edited by

        @antaresfr You just use the same external LAN-vSwitch in Hyper-V, there would be no need for a second "LAN" from pfSense.

        A 1 Reply Last reply Reply Quote 0
        • A
          AntaresFR @Bob.Dig
          last edited by AntaresFR

          @bob-dig I did that because on my isolated VM i put the internal vswitch (LAN in pfsense) as network card.
          If i put the external vswitch as network card in VMs, trafic will not pass trough pfsense but directly from " isolated VMs" to physical switch and the home Subnet. Or maybe i'm wrong.

          Bob.DigB 1 Reply Last reply Reply Quote 0
          • Bob.DigB
            Bob.Dig LAYER 8 @AntaresFR
            last edited by Bob.Dig

            @antaresfr But you said before you don't want routing. If you want filtering, you want routing. 😉

            A 1 Reply Last reply Reply Quote 0
            • A
              AntaresFR @Bob.Dig
              last edited by AntaresFR

              @bob-dig Ah yes i see, so if i do routing, is it possible to keep filtering between this OPT1 and LAN interface and keep them on the same subnet.
              I thought i have to use bridge to do that but i didn't manage to make it working.
              I thought i could bridge OPT1 and LAN, and give 192.168.0.10/23 to the bridge for example. But it did'nt worked as expected :D

              1 Reply Last reply Reply Quote 0
              • A
                AntaresFR
                last edited by

                I moved all my OPT1 network to pfsense, i use it as my new gateway in place of a synology router and I must admit i'm really happy with this set-up. With this pfsense virtualized on a simple i3-8100, a 2vcore VM with 2gb of ram, i'm able to run speedtest at 930Mpbs download and 610Mbps upload from computers in OPT1, not bad on a 1Gb/600Mb ISP connection :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post