Pfsense as VM in vSphere and VLANs (VLAN Routing)
-
Hi
I got pfsense 1.2.3 as VM Appliance and I want it to work as Firewall/Router within VLANsI am going to give several VMs in different VLANs the ability to connect to one PC (FTP)
I want pfsense connected at a Trunk port of a vSwitch, to recieve all VLANs.
The FTP will then be connected on a different interface and all VMs should have access to this FTP.TRUNK of vSwitch
VLAN 10
VLAN 20 –------> pfsense --------> FTP
VLAN 30
VLAN 40Is this possible with pfsense? Is there any supporting guide?
-
As long as devices can find out route to ftp, it should work
-
How can it be done?
I have tried for some time but I cannot (at first) get a ping connection between FTP and TestVM.
On my pfsense VM I got 4 Nics
em0 WAN - at the moment not used
em1 LAN - just for web configuration
em2 OPT1 named TRUNK - is connected to Trunk port of vSwitch and so provide all VLANs
em3 OPT2 named FTP (static) - FTP VM connected (static IP)For em2 I created new Virtual interface (vlan0 named V1000 with static IP) with same VLAN (ID 1000) where the TestVM is located in
I Created Rules at FTP interface and V1000 interface to pass all ICMP trafic
From FTP VM I can ping to FTP interface ip
From TestVM I can ping to V1000 interface ip
But cannot ping directly from TestVM (out of VLAN 1000) to FTP VM -
What rules do you have in place?
Can you ping the pfsense interface from either host?
Or access the web interface (port 80, 443) on either?I run a similar setup, only I don't trunk the pfsense box, I run multiple NICs into port groups on different VLANs which then extend to my physical switch.
-
Where the pinging stops?
do you have entered all needed vlans? -
I think now it works. ;D
On TestVM I enter V1000 interface ip as gateway, same for FTP VM and FTP interface
Then I created 2 rules for FTP interface
Proto - Source - Port - Dest - Port - Gateway
ICMP - FTP net - * - V1000 net - * - *
ICMP - FTP net - * - FTP NET - * - *and 3 for V1000 interface
ICMP - V1000 net - * - FTP net - * - *
ICMP - FTP net - * - V1000 net - * - *
ICMP - V1000 net - * - V1000 net - * - *Now I can ping from TestVM (VLAN1000) to FTP VM
Testet it also on second TestVM2 from VLAN1001 and it worked
Thanks so far