Huge W2008 R2 Server Hyper-V, 8 Nic, and no clue as to where to start pfSense
-
Hi,
I'm trying to replace a bunch of routers (Linksys, Trendset, Netgear) with pfSense. I have a 50mb/2mb ISP connection with 13 public static IPs, right now we are using only 1 static IP, but there's need to start using the other ones for web services, web servers, maybe VOIP, etc… I want to use Hyper-V as most of the servers and desktops are all virtual machines, so the plan is to create another VM and put pfSense there. This server has 8 nics. I look for a similar configuration, but could not find anything similar in the forums. To install pfSense, I will get the iso and boot from the virtual machine, no much concern here. What is confusing is how to set the NIC properly. Do I need two physical NIC to be assigned to the pfSense VM? Then how will the rest of the machines be routed from pfSense? Right now we have ISP Modem>Router>Switch>Server, with pfSense it will be something like ISP>Server>Switch?
Any help is VERY (and I mean A LOT) APPRECIATED...
Thanks,
Kharcoff -
What you need to assign really depends on your (virtual and physical) network setup. I'd expect you'd need to assign one for the WAN interface and then a (virtual) interface to the (virtual) LAN switch.
Do also read the VIP (Virtual IP) forum and the documentation Wiki.
-
create a VM for pfSense
assign two physical nics to the vm
create two virtual switches, one for WAN, one for LAN
install pfSense and assign WAN and LAN nics appropriatelyYou will make your pfSense the default gateway for your network
so you will have ISP Modem–-->[VM host WAN nic of VM–-->pfSense VM----->VM host LAN nic of VM]–--->Switch
-
Thanks!!
I did all the photonman suggested. But it doesn't work, I reach the point to assign Ips to the Interfaces (in my case de0 (WAN) and de1 (LAN)). I assign IPs from the ISP on the WAN (funny thing it only get the IP (72.xx.xx.xx) and the SubNet (28), it doesn;t ask for a gateway. For lan I assign 192.xx.xx.xx with SubNet (24) and enabld DHCP. All good. The auto assign 'a', does not work at all, nothing serious.
Now for the cabling, behind my server I have 8 NIC, so I connect ISP Modem to NIC that is assigned as WAN, and LAN NIC into the switch, as this is simulating a normal router as DHCP should assign IPs for the rest of the network.
Then I connect a Windows NIC (192.xx.xx.10 ) into the switch so that I can get IP assigned from the LAN Interface, but nothing happens, try to re-boot, invert interfaces, use another NIC in another VM and nothing. The windows machine doesn't get a valid IP at all and consequently I can not reach the web gui.Good thing that I've just purchased a netgate, but it seems that is not robust enough to get packages installed, so I'm still playing with the Hyper-V where I can assigned more CPU/Memory/Disk.
So any help will be great. Any any case, then you create your vm, did u select "allow management os to share this adapter" or not? Also are you using dynamic MAC addresses? Enabled virtual LAN Identification? Aside of this I have no idea on what can be wrong…
TIA
-
The virtual switches for your WAN and LAN nic's must NOT share the management network.
You need a separate vSwitch for each nic.
also your WAN nic has to have a default gateway…what do you mean you do not have one
Also, I would have DHCP served from another server on the LAN and not from the pfSense machine.
-
Quick update to others, I've played with the same Hyper-V machine, and the only thing that it was not working is the automatic start of the interfaces (both Wan and Lan). So everytime I boot pfSense I have to go to option 8 Shell and run the down and up on both interfaces:
ifconfig de0 down
ifconfig de0 up
ifconfig de1 down
ifconfig de1 upde0=WAN and de1 = LAN.
Now is running fine, with all speed from ISP, before I was getting my upload rates, but only half of download. Running version 2.0 Beta (also also imported the config from 1.23) with minor issue (WAN interface was set as LAN, just changed, re-booted and back to business).
Thanks for all help.
On top of pfSense what packages are you guys using? Snort, HAVP, Squid? Is pfSense out the box safer than any standard linksys?
-
good deal. glad you figured it out.
I have Squid and VM tools currently loaded.
thinking of Snort after everything is stabilized. -
Quick update to others, I've played with the same Hyper-V machine, and the only thing that it was not working is the automatic start of the interfaces (both Wan and Lan). So everytime I boot pfSense I have to go to option 8 Shell and run the down and up on both interfaces:
ifconfig de0 down
ifconfig de0 up
ifconfig de1 down
ifconfig de1 upIs easier to do this:
http://forum.pfsense.org/index.php/topic,30760.msg163707.html#msg163707
You probably don't need the dhclient de0 line, but I do as my cable modem give my public IP to the WAN interface via DHCP
