Virtualbox - Pfsense Seamless Mode - Howto



  • Hi,

    My question maybe trivial to some, but I cannot believe I have come this far (I'm not even on diapers)

    Main Goal: Protect 4 family laptops (Win7) with Virtualbox - pfSense, this may seem like an overkill but after my daughter's laptop was hacked I'm wearing a aluminiun foil hat ever since… I'm learning as I move along.

    So far i have been experimenting with my laptop using the Loopback Adapter as a gateway, pfsense is running nicelly protecting my laptop as follow:

    • The wireless NIC on Win7 has been castrated to denied access to the internet (All protocol bindings removed)
    • Pfsense running on Virtualbox with the Wireless NIC as RED (DHCP) and the Lookback Adapter as GREEN.
    • Before I implement this on the other laptos I want to be able to run Pfsense in "Seamless Mode", I want to be able to run pfsense automatically when Win7 starts up, all without user intervention running in the background. (I'm stack at this point)

    This is my first post in this forum and I realize that this question may belong to a Vitualbox forum, I wander is if someone here has done it and share how is done.

    Cheers



  • Can you afford an old used dual core computer of ebay for $100 or less?



  • ??



  • I guess that was a complex question?

    I stand-alone pfsense computer is so nice to have.  If you can get an older computer with dual cores and 2 - 4GB of ram and a couple intel GB nics, you will be so glad you did.



  • Hi keji,

    Thanks for the reply, for a moment I thought that you were trying to sell an old PC.

    Unfortunately your suggestion doesn't work for me, as my kids move around with their laptops going to Uni or traveling, a virtual appliance running seamlessly is the best way to protect the laptops all the time.

    It seems like I will need Guest Additions for Pfsense installed, I have been looking without luck, it appears that a package "ports" is needed, this package is not installed by default on pfsense as I undertand, I can only assume this is for a reason and I'm questioning if what I'm trying to do will break the integrity of the firewall. Having the firewall running seamlessly would be very nice but is proven very hard for me to pass this point, I may have to give up seamless mode and show the family how to run it with a few clicks, I was hoping that someone here would have the answer.



  • This is just to update and report that my request for help as RESOLVED.

    I found a very detailed "HOW TO" that doesn't need Guest Additions or the installation of additional packages to achieve what I wanted, instead it uses a utility called VmService and VB scrip that runs at startup using the Local Group Policy, this takes care of starting psSense and saving the VM before shutdown,  my only deviation from the guide is that I used port 3010 to vRDP to pfsense.

    My next step is to add and configure snort.

    Here is the link to the HOW TO guide… really great !!!

    http://timita.org/wordpress/2011/07/29/protect-your-windows-laptop-with-pfsense-and-virtualbox-part-1-preamble/

    Cheers



  • Cool.  I've not ever used virtual box for that.  Sounds good.



  • A few weeks ago I used that same guide to configure my own virtual pf but I ran into some problems. My client PC's cannot connect to my switch.  So I scoured the virtual box and pf docs and the internet. I found out that you can do without the MS loopback. Just use the Virtual Box host only adapter (same function as loopback but it has 100mbps connection cap). But I cant comment on the seamless mode :-)



  • Hi emcel,

    I'm just starting to scratch the surface and learning about this stuff and I maybe wrong on this but I believe there is a difference in this particular setup when you use the loopback adapter.

    In our scenario, the wireless NIC in my laptop is a layer 3 device, and the Loopback Adapter is layer 2, the two virtual NICs from virtualbox, one is bridged to a layer 3 device and the other to a layer 2. Your setup is different but I don't fully understand the implications in terms of paranoid security.

    I suspect that in your case it didn't  work because you had the loopback adapter facing the outside world. (to your switch)

    When I installed the looppback adapter I set it up as follow:
    IP 192.168.100.2
    SM 255.255.255.0
    GW 192.168.100.1 (Later used this ip to configure pfsense (LAN em0)
    In Virtualbox this is bridged to Adapter 2