Installing pfSense on virtualbox at home network.

  • Hi everybody,

    i am looking for help. I want to install pfSense on my home network. I already searched the forum a little bit but did not find real answers to my problem so i created this topic.

    I will provide a small description of what i have done so far. I have a laptop that i use to connect to the Internet and all my traffic passes from a small router that my ISP gave me (laptop -> router using the wireless card). So its like this Laptop -> Router -> Internet. I have already installed pfSense on virtual box using this guide I can connect from the host(my laptop) to pfSense's web interface but i do not seem to be able to connect to the internet. What i want to achieve is Laptop -> pfSense -> Router -> Internet. I know the information i provided is not nearly enough so ask me anything you need to know. I am fearly new to this but i think i can make it with your guidance.

    tx in advance

  • I suggest you draw a network diagram including both virtual and physical machines and interfaces. Use the diagram to help you work out how traffic will get from a particular source to a particular destination. In some cases the link will be a piece of wire, in other cases it will be a link you have specified in your virtual environment.

    When I last tried pfSense on VirtualBox (some months ago) I found it didn't work well with the default virtual NIC (an emulation of an AMD NIC). I forget the details; it might have been nothing showed up on a packet trace when there should have been ping transmits. I switched to an emulated Intel NIC and all was well.

    You can use the traceroute (tracert in Windows) utility to verify traffic travels the path you expect. The pfSense tcpdump utility or packet capture in the web GUI can be used to verify traffic gets to a particular interface.

  • Thanks for the answer but i was hoping for some technical detail. For example what settings do i need to make on my router in order to redirect packets to the firewall (gateway??? natting rules???). Also since the firewall is gonna be using my wirelless card were should it send the packets so i can receive them on the host pc (the Laptop's Lan card perhaps?)? Also tell me some things about gateways, natting rules, patting rules, to help me understand the terms better. I have a small knowledge however it is only theoretical.

    Ok let me keep my progress updated. I have created two interface for pfSense. A LAN and A WAN. The LAN will be used to connect to vm to the host and the WAN will connect the firewall to the router. i bridged the 2 interface using pfSense's web interface and i now have access to the internet from pfSense. How would i configure my host to pass traffic through pfSense and not directly. And how would i do that for the router?

  • Setting it up as a bridge complicates things for you - I would advise that you don't do that until you're confident with the virtual environment.

    Basic terms such as gateway etc are covered in basic networking guides and the pfSense documentation. This forum isn't the ideal place for learning the basics of how networks work. Indeed, I'd suggest that learning all of this in a virtual environment may make things harder for you.

    If you've followed that entire guide you'd already have your networking correctly configured. That it isn't suggests you need to work through that guide again.

  • I support Cry Havok's advice. If you have a spare PC you could fairly easily install pfSense  on it and configure without the complications of the virtual environment. Once you understand what you are working with a bit better it should be easier to deal with the complications of the virtual environment.

    I have often found Wikipedia ( a good source for explanation of technical terms.

    Is there any more to your home network than the router and laptop?

  • No thats pretty much it a router and a laptop. I know things about gateways and firewalls settings but this is the first time i am trying to set up my sth like this myself. I have a question the adapter VirtualBox Host-Only Network which was created automatically connects the host to the vm ? I don't have a spare PC on my home so this is the only deployment i can follow.

  • Questions about how Virtual Box behaves may be best directed to their community.

    That said, yes, Host-Only is direct connection between the host (your laptop) and the VM.

  • Here's what I think will work.  Start with a fresh pfSense VirtualBox guest.  Give it two Intel Pro/1000 MT Desktop NICs, one for WAN and one for LAN.  In VirtualBox network setup, attach WAN to Bridged Adapter and LAN to Host-only Adapter.  pfSense should grab an IP from your router for LAN, and your laptop should connect to WAN.  I don't think that you'll need to mess with pfSense's default routing or firewall rules.

    If that doesn't work, I'll try it here.

  • I don't have a lot of time to post right now, but I do have my pfsense running through Virtualbox with no problems whatsoever.

    My setup is 2 physical interfaces in bridge mode using AMD PCNet-PCI II type.  I've tried all four types and these work best.  If the only computer to connect to pfsense is your laptop, then I don't see why your LAN interface can't be host only.

    My modem is in bridge mode and and the WAN interface is set to PPPoE.  I'm not sure if you can do this with your wireless router, but if you can then it will make things simpler as pfsense will perform NAT and will get your public IP address instead of an internal one from the router.  If you don't use it this way, then I'm fairly sure you will want to disable the NAT on your router or you will NAT on NAT

    This will also mean that your router will not be connected to the internet when pfsense is not running, but from your post, the laptop is the only thing connected to the internet so that shouldn't be an issue.

  • Sorry for the absence…i will try all of these things...hopefully it will be that simple. I will update this thread if i have any progress.

  • So i solved the issue i set as the default gateway of the vbox adapter the LAN interface of the firewall. I dont know why this worked. I can now access the Internet through the firewall. However i cannot access the router from my host(laptop) but I can access it from the vbox. I believe a Natting rule is required. By access the router i mean its web interface or even ping. Any help with that?

  • How about a diagram of your virtual network, showing the IP addresses and netmasks. It'll help us work out what may be going on.

  • I will try to make one tomorrow and post it. Got to go to sleep now. Working early tomorrow. Tx for the help so far.

  • @globexgr:

    So i solved the issue i set as the default gateway of the vbox adapter the LAN interface of the firewall. I dont know why this worked. I can now access the Internet through the firewall. However i cannot access the router from my host(laptop) but I can access it from the vbox. I believe a Natting rule is required. By access the router i mean its web interface or even ping. Any help with that?

    In VirtualBox network setup, attach the pfSense LAN adapter to host-only.  The host will then see the router through pfSense.

  • I know this is an old thread, but in case anyone else is looking for information on the topic I will add what I have experienced.

    I ran pfSense in a VirtualBox VM for a couple of years with no problems and then it quit working.  What I discovered recently was that two problems coincided.  First, I had set up the host using bridging from bridg-utils and then used bridged adapters from the guest.  This was overly complicated and I confess that I never fully understood the configuration that worked.

    The second problem was that my ISP changed (quietly without notice) to limit my connection to only one IP at a time and set that IP on a different subnet than the DHCP server.  This caused the host to grab the IP address on boot and then pfSense in the guest could not get one.

    I believe globexgr is correct in the recommended configuration.  That would be to set the host to grab the IP from the ISP and then do a "host-only" connection from the guest VM red interface to that host net.

    Then I would do a bridged output from the Guest to a static IP on the host Green interface.  Alternately the host "green" adapter could be set with another IP net address and the guest could host-only into that net.

    All in all the best advice I have seen is Draw The Network Diagram including the virtual parts.  That is what I intend to do before I dive back into the current firewall and see if the new setup solves both problems above.

    One caution to all this, however, it is my understanding that if you use a pure bridged connection from Guest to Host then you bypass the Host TCP Stack.  If your VM is a firewall that would be safer than using host-only.  But everything I have read says that I am not able to do that because a bridged VM adapter cannot work on a "single IP" type connection like my ISP implemented :-(

    Hope this is useful to someone.

Log in to reply