Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense CE 2.6.0 and vmware fusion lan/wan configuration

    Scheduled Pinned Locked Moved
    Virtualization
    2
    5
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • beerguzzleB
      beerguzzle
      last edited by

      My setup: vmware Fusion 12.2.3 on a Mac mini (OS 12.3). I installed CE 2.6.0 as a virtual host in order to look over the software before purchasing a netgate device. After installation, the networks came up as:

      WAN (wan) -> em0 -> v4/DHCP4: 172.16.20.138/24
      LAN (lan) -> em1 -> v4: 192.168.1.1/24

      After turning on sshd, I could not connect to the lan via ssh or https. I read previous posts about needing dhcp turned on in the lan, so I went through option 2 numerous times trying to make 192.168.1.x work with dhcp. Nope. Then I found a post about looking at the bridge networks set up by vmware. So "ifconfig -a" on my Mac showed two bridge networks:

      bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      options=3<RXCSUM,TXCSUM>
      ether f2:18:98:8e:75:64
      inet 192.168.198.1 netmask 0xffffff00 broadcast 192.168.198.255
      inet6 fe80::f018:98ff:fe8e:7564%bridge100 prefixlen 64 scopeid 0x12
      Configuration:
      id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
      maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
      root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
      ipfilter disabled flags 0x0
      member: vmenet0 flags=3<LEARNING,DISCOVER>
      ifmaxaddr 0 port 17 priority 0 path cost 0
      nd6 options=201<PERFORMNUD,DAD>
      media: autoselect
      status: active

      and

      bridge101: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
      options=3<RXCSUM,TXCSUM>
      ether f2:18:98:8e:75:65
      inet 172.16.20.1 netmask 0xffffff00 broadcast 172.16.20.255
      inet6 fe80::f018:98ff:fe8e:7565%bridge101 prefixlen 64 scopeid 0x14
      Configuration:
      id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
      maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
      root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
      ipfilter disabled flags 0x0
      member: vmenet1 flags=3<LEARNING,DISCOVER>
      ifmaxaddr 0 port 19 priority 0 path cost 0
      member: vmenet2 flags=3<LEARNING,DISCOVER>
      ifmaxaddr 0 port 21 priority 0 path cost 0
      member: vmenet3 flags=3<LEARNING,DISCOVER>
      ifmaxaddr 0 port 22 priority 0 path cost 0
      member: vmenet4 flags=3<LEARNING,DISCOVER>
      ifmaxaddr 0 port 23 priority 0 path cost 0
      nd6 options=201<PERFORMNUD,DAD>
      media: autoselect
      status: active

      I tried using the 192.168.198.x network for the LAN, setting up a dhcp pool, etc. No luck getting in via ssh or https.

      So then I set up the lan in network 172.16.20.x so I ended up with the configuration:

      WAN (wan) -> em0 -> v4/DHCP4: 172.16.20.138/24
      LAN (lan) -> em1 -> v4: 172.16.20.10/24

      where my lan dhcp pool goes from 10 to 20. Voila, I can connect to 172.16.20.10. But this seems soooo wrong to have both lan and wan on the same network with possibly overlapping dhcp pools. How can I tell what the dhcp pools are? Any ideas why the bridge network 192.168.198.x does not work?

      Netgate 1100 and Netgate 2100, latest pfsense+ version

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @beerguzzle
        last edited by

        @beerguzzle In Fusion what are your network assignments? I haven't used Fusion in a long while (still holding out for ARM support for my M1's) but I remember that you can define the device types there similar to that of Workstation and ESXi.

        Are you VLAN tagging? Using multiple ETH devices? How about doing Wireshark PCAPs on the interface(s) on the Mac?

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        beerguzzleB 1 Reply Last reply Reply Quote 0
        • beerguzzleB
          beerguzzle @rcoleman-netgate
          last edited by

          @rcoleman-netgate My goal here is to get familiar with the web interface before plunking down money for a netgate gizmo, so there are no other (virtual) hosts connected to either side of the virtual pfsense host. On the Mac, no VLAN tags, nothing non-standard. In vmware, both networks are set to "shared with Mac" which doesn't tell me much. I suppose it is time to fiddle with the vmware settings for each network, look at what changes in ifconfig, poke at traffic with Wireshark. Fusion is not very descriptive about its network device settings. But having both LAN and WAN on 172.16.20.x is a train wreck, right?

          Netgate 1100 and Netgate 2100, latest pfsense+ version

          R 1 Reply Last reply Reply Quote 0
          • R
            rcoleman-netgate Netgate @beerguzzle
            last edited by

            @beerguzzle That is why you're having issues...

            You need a second NIC of some sort to at least keep things from getting in your way.

            I think you're hurting your learning attempt at this point.

            Without VLANs or dedicated interfaces your DHCP Will be conflicting/fighting with your main internet connection and that will cause you trouble down the road.

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            beerguzzleB 1 Reply Last reply Reply Quote 0
            • beerguzzleB
              beerguzzle @rcoleman-netgate
              last edited by

              @rcoleman-netgate Dear Readers, This issue is now solved for me. Here's an explanation for future vmware fusion folks...

              I redid option 2 again for the LAN interface, noting that the bridge100 interface on in the MacOS offered up the 192.168.198.0/24 network (see above, your bridge networks may be different). I entered in for option 2:

              new LAN ipv4 address: 192.168.198.10 (198.1 will not work)
              subnet mask: /24 (class C to match the bridge100 interface)
              enable DHCP server
              start address of range: the IP number you used above, eg 192.168.198.10
              end address of range: some higher number in the 4th octet, eg 192.168.198.200
              yes or no to the http setting

              Important in VMware! After redoing the LAN interface, then go into the vmware configuration for the LAN network interface (compare the MAC address via the pfSense shell to your interface). ==> Change the interface setting from "Share with my Mac" to "Private to my Mac". Let vmware make the changes.

              At this point, your pfSense network setup should look like:

              WAN (wan) -> em0 -> v4/DHCP4: 172.16.20.138/24
              LAN (lan) -> em1 -> v4: 192.168.198.10/24

              and you should be able to ssh or https to IP number 192.168.198.10 to login or see the pfSense webpage.

              Netgate 1100 and Netgate 2100, latest pfsense+ version

              1 Reply Last reply Reply Quote 1
              • First post
                Last post