need help on pfsense setup on virtualbox

bengregory · Dec 8, 2022, 11:15 AM

Hi

I need help on pfsense setup on Virtualbox, I'm new on this networking thing and I try to learn from the net. I'm not sure if I'm doing this right but this is what I setup so far,

What worked so far

I can access LAN pfSense GUI 172.17.16.15 in PC 1,2,3,4
I can access WAN pfSense GUI 192.168.0.106 only in PC 1-2 but not in 3-4
PC 1,2,3,4 can browse internet and can ping each other

is my virtualbox setting correct ? What I would like to do is all my devices including pc 3-4 in network go through Virtualbox PFSense Firewall

How do I do this correctly ? thank you

NollipfSense · Dec 8, 2022, 12:50 PM

@bengregory See bellow: you should set the virtual machine to bridge adapter which will be it's WAN to pfSense (192.168.0.106/24) and for your LAN, you'll that in bridge on the virtualBox, then when you launch pfSeense, you get to the console and sett LAN IP (#2) to the an address within the WAN network example 192.168.0.211/24. no DCHP...that's how you'lll administer by the Web-GUI of the first VM and repeat for the second VM.

stephenw10 · Dec 8, 2022, 6:21 PM

You don't want to use 'host only' for those VMs. They should be using 'internal network' as should the pfSense LAN. 'Host Only' is for connecting to the machine hosting VBox, the hypervisor.

Routing all traffic from PCs 3 and 4 through pfSense will require static routing for them and custom outbound NAT rules to avoid asymmetric routing.
Really they should be in a separate subnet. So connected to the VBox host via a different NIC or VLAN.

Steve

bengregory · Dec 8, 2022, 11:01 PM

@nollipfsense i tried to set both of my virtualbox network adapter to bridge mode and now internet is down

bengregory · Dec 9, 2022, 3:04 PM

@stephenw10 I have changed my virtualbox setting

adapter 1 to bridge mode and adapter 2 to internal network

now i can't access gui from pc3 and 4 and can't ping pfsense and can only access the pfsense gui from pc in the virtualbox

where should i do the static routing and custom outbound NAT rules..is it in pfsense or my local router ?

stephenw10 · Dec 9, 2022, 3:04 PM

@bengregory said in need help on pfsense setup on virtualbox:

now i can't access gui from pc3 and 4 and can't ping pfsense and can only access the pfsense gui from pc in the virtualbox

That's good. That's what I expect to happen unless you have added firewall rules to allow it on WAN and routes to the LAN subnet so PCs 3/4 know how to reach it.
They should be able to access the pfSense GUI on the WAN IP if the WAN firewall rules are passing that.

Anything you do to make PCs 3 & 4 send their traffic via pfSense is going to be a hack with that network topology. You should have them on a separate layer 2 segment.

However to do that you would need to set the pfSense WAN as the default gateway on PCs 3 & 4 dircetly. Then you need firewall rules in pfSense to allow traffic from them into the WAN. And you need a custom outbound NAT rule in pfSense to NAT traffic from the WAN subnet to the WAN address. Otherwise you will have asymmetric routing. This would be a really horrible setup!

Steve