VMachine behind Pfsense Rule



  • I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic.
    (WAN) em0–-->vswitch0-----Pfsense
    (LAN)  em1---->vswitch1-----Pfsense

    VM1-----vswitch1
          VM2-----vswitch1
          VM3-----vswitch1
          VM4-----vswitch1

    I want to Protect my 4 Virtual Machines whcih are behind Pfsense.
    All 4 Virtual Machines having Public IP Address .

    Pfsense (Wan) ----- 202.61.42.15

    VM1 ---202.61.42.18
    VM2 ---202.61.42.19
    VM3 ---202.61.42.20
    VM4 ---202.61.42.21

    I want to protect these VM through Pfsense.

    I donot want NAT or Port Forwarding.

    Can any body help me in configuring or designing this.



  • sorry, that's a little beyond me right now…  I'm sure someone out there will know..

    I was just able to install pfsense on Virtual Box using one NIC and three VLAN's...

    Works Great!!



  • @mali:

    I have installed Pfsense on Vmware esx server 4 with 2 Physical Nic.
    (WAN) em0–-->vswitch0-----Pfsense
    (LAN)  em1---->vswitch1-----Pfsense

    VM1-----vswitch1
          VM2-----vswitch1
          VM3-----vswitch1
          VM4-----vswitch1

    I want to Protect my 4 Virtual Machines whcih are behind Pfsense.
    All 4 Virtual Machines having Public IP Address .

    Pfsense (Wan) ----- 202.61.42.15

    VM1 ---202.61.42.18
    VM2 ---202.61.42.19
    VM3 ---202.61.42.20
    VM4 ---202.61.42.21

    I want to protect these VM through Pfsense.

    I donot want NAT or Port Forwarding.

    Can any body help me in configuring or designing this.

    Not sure if you figured it out yet, but I will answer your question in case anyone else searches for this :)

    There are 2 scenarios:
    1: Using pfsense as a router/firewall with NAT (internal IP's behind pfsense)
    2: Using pfsense as a transparent firewall (external IP's behind pfsense)

    You are talking about scenario #2. For both scenarios, the VM and vSwitch configuration is actually the same. The exception of how you setup pfSense.

    First of all, you will need to configure pfsense as a transparent firewall, which includes bridging the LAN interface with the WAN. There is a good tutorial on how to do this located at http://pfsense.trendchiller.com/transparent_firewall.pdf

    On the ESX server you will need to create the following:
    vSwitch-1 (connected to a physical NIC)
    vSwitch-2 (not connected to any physical NIC)

    For vSwitch-1, connect the pfsense WAN interface
    For vSwitch-2, connect the pfsense LAN side interface

    Put all your VM's on vSwitch-2.

    You may need to configure the actual vSwitches to be in "Promiscuous Mode" - you do this inside ESX in the "Configuration" tab via the VI Client.

    Now add all your firewall rules accordingly. That's it!

    Hope this helps.

    -Sean


Locked