Pfsense Virtualbox implementation



  • Greetings good people.
    I'm a newbie who is in the attempt of learning the greatest pfsense firewall. To start with I put up home network under oracle virtual box environment. I installed Pfsense-2.X.amd_64_LIVE_CD version as a Vbox guest.Following is the approach I have taken in order to set up my home n/w

    –Virtualbox n/w adapter setup.

    a) a bridged adapter on adapter 1 (Meant for the WAN interface)

    b) a Network-only adapter on adapter 2 (Meant for internal n/w -172.25.95.X/24)

    Installed "Pfsense-2.X_amd_64_live_cd" version and the LAN/WAN interfaces have been configured as follows.

    (WAN)em0 --> 192.168.1.254/24
    (LAN) em1 --> 172.25.95.1/24
    

    –my LAN n/w
    For now I have 1 host(RHEL6), but will be adding more once I get this sorted out :)
     ```
    Host- box1.mydomain.rock
      IP  - 172.25.95.10
      GW - 172.25.95.1

    
    NOTES:
    

    a. WEB GUI can be accessed from my desktop (192.168.1.14) as https://192.168.1.254

    b. Lan host 172.25.95.10 can ping 172.25.95.1(Lan gw of pfsense)

    c. Lan host 172.25.95.10 can ping 192.168.1 .254 (WAN gw of pfsense)

    
    -Now I want to have 172.25.95.10 to be able to access a host on WAN n/w possibly (192.168.1.14 -virtualbox host machine)
    
    Please refer to the attachment lan.png & wan.png images that describes the way I have assigned LAN and WAN rules.
    
    Questions:
    1\. Have I created the right virtual box adapters for my test lab? Or should they be different (Perhaps a Host-only adapter?)
    
    2\. Do I need a NAT rule in order to have a lan host to communicate with a host on the WAN? (Told you Im a newbie :) )
    
    3\. Should I mention my DSL routers IP (192.168.1.1) as the gateway of WAN interface?
    
    Please gentlemen help me out. My very long journey with pfsense that I'm just about to begin, is solely depending on your response.
    
    Many thanks in advance.
    
    /Dee


  • There was a problem earlier with the attachments hence reattaching em.






  • The bottom rule on both LAN and WAN are redundant and not needed. You already have any to any on LAN and WAN.

    I've always done my vbox testing with a VM (Win7/Linux/other) attached to the LAN of the pfSense VM. It seems the proper way to test things and doesn't need any extra messing around.



  • Thank you Mr Fragg. Well how would you suggest that I should go about putting up my environment according to the way you've suggested? Problem here is my DSL router and the Virtualbox host resides on 192.168.1.0/24 n/w. So I beleive that I have no options but to set up my n/w as mentioned above. I know that guiding someone new like me likely to take a bit of your time but If you could help me out I'm ready to start from the scratch.

    By the way do I need a nat rule by any chance to get this going?

    /Dee



  • @vanhalen:

    Questions:
    1. Have I created the right virtual box adapters for my test lab? Or should they be different (Perhaps a Host-only adapter?)

    2. Do I need a NAT rule in order to have a lan host to communicate with a host on the WAN? (Told you Im a newbie :) )

    3. Should I mention my DSL routers IP (192.168.1.1) as the gateway of WAN interface?

    1. Emulated em is better than some other emulations.

    2. No, unless you have turned off the default pfSense NAT from LAN to WAN. (I presume you mean "host on the internet" rather than "host directly connected to adapter 1 in VirtualBox.

    3. Yes, if you want to go through the DSL router to the internet. If your router includes a DHCP server you could make the pfSense WAN interface of type DHCP to get IP address, DNS server address(es) and default gateway through DHCP saving you the bother of configuring that information.



  • Thank you very much Mr Wal. Let me be clear on what you have mentioned.

    1. I believe my adapter configuration of pfsense guest is good?

    2. Im not sure about this Sir. All I could say is I did not touch the NAT section of the firewall. Let me confirm this once I go home. Well I tried to ping 192.168.1.14(which is my host machine where vbx has been installed.) from the lan host 172.25.95.10. Also at the same time I tried pinging my dsl router (192.168.1.1) from the lan host, still the no luck  :(

    3. Cool. I got the point. N No I dont have a DHCP server running in my router or anywhere in my wan n/w(192.168.1.0/24).

    Please respond sir.

    /Dee



  • @vanhalen:

    1. I believe my adapter configuration of pfsense guest is good?

    Should be fine.

    @vanhalen:

    2. Im not sure about this Sir. All I could say is I did not touch the NAT section of the firewall. Let me confirm this once I go home. Well I tried to ping 192.168.1.14(which is my host machine where vbx has been installed.) from the lan host 172.25.95.10. Also at the same time I tried pinging my dsl router (192.168.1.1) from the lan host, still the no luck  :(

    What is the default gateway of host 172.25.95.10? I suspect it should be the IP address of the pfSense LAN interface.



  • Yes it is sir. default gateway is 172.25.95.1.

    Thanks.



  • What response do you get when you issue the shell commands```
    ping -c 5 192.168.1.1
    ping -c 5 192.168.1.14



  • My setup is:

    pfSense VM with 2 adapters one bridged to physical NIC on host and another one connected to internal network "pfsense".

    pfSense VM #2 with 2 adapters one bridged to physical NIC on host and another one connected to internal network "pfsense".

    Win7 VM with 1 adapter connected to same internal network "pfsense".

    All NIC's have promiscuous mode allowed so that I can use VLAN's for CARP between the two pfSense VM's. For virtual adapter type I use virtio-net (http://doc.pfsense.org/index.php/VirtIO_Driver_Support) for pfSense as it's supported in 2.1 and supposedly easier to virtualize than "real" network adapters.


Locked