Pfsense as VM in vSphere and VLANs (VLAN Routing)



  • Hi
    I got pfsense 1.2.3 as VM Appliance and I want it to work as Firewall/Router within VLANs

    I am going to give several VMs in different VLANs the ability to connect to one PC (FTP)
    I want pfsense connected at a Trunk port of a vSwitch, to recieve all VLANs.
    The FTP will then be connected on a different interface and all VMs should have access to this FTP.

    TRUNK of vSwitch
       VLAN 10
       VLAN 20     –------>   pfsense  --------> FTP    
       VLAN 30
       VLAN 40

    Is this possible with pfsense? Is there any supporting guide?



  • As long as devices can find out route to ftp, it should work



  • How can it be done?

    I have tried for some time but I cannot (at first) get a ping connection between FTP and TestVM.
    On my pfsense VM I got 4 Nics
    em0 WAN                            - at the moment not used
    em1 LAN                            - just for web configuration
    em2 OPT1 named TRUNK        - is connected to Trunk port of vSwitch and so provide all VLANs
    em3 OPT2 named FTP (static) - FTP VM connected (static IP)

    For em2 I created new Virtual interface (vlan0  named V1000 with static IP) with same VLAN (ID 1000) where the TestVM is located in
    I Created Rules at FTP interface and V1000 interface to pass all ICMP trafic
    From FTP VM I can ping to FTP interface ip
    From TestVM I can ping to V1000 interface ip
    But cannot ping directly from TestVM (out of VLAN 1000) to FTP VM



  • What rules do you have in place?
    Can you ping the pfsense interface from either host?
    Or access the web interface (port 80, 443) on either?

    I run a similar setup, only I don't trunk the pfsense box, I run multiple NICs into port groups on different VLANs which then extend to my physical switch.



  • Where the pinging stops?
    do you have entered all needed vlans?



  • I think now it works.  ;D

    On TestVM I enter V1000 interface ip as gateway, same for FTP VM and FTP interface
    Then I created 2 rules for FTP interface
    Proto - Source - Port - Dest - Port - Gateway
    ICMP - FTP net - * - V1000 net - * - *
    ICMP - FTP net - * - FTP NET - * - *

    and 3 for V1000 interface
    ICMP - V1000 net - * -  FTP net - * - *
    ICMP - FTP net - * - V1000 net - * - *
    ICMP - V1000 net - * - V1000 net - * - *

    Now I can ping from TestVM (VLAN1000) to FTP VM

    Testet it also on second TestVM2 from VLAN1001 and it worked
    Thanks so far


Locked