How to tell pfSense (in VirtualBox) to feed the web directly to another VM?

  • I read sometimes ago a blog that showed how to secure a computer using pfSense in VirtualBox. I followed it and it works very well.

    Now I want to go a little further by installing a linux distro in another VM to surf the Web and castrate Windows (the Host) with SquidGuard so it will only have access to Windows Update. The only way I found to do it is by putting the Network Adapter of the linux VM to NAT but I also found that the VM pass by the Host to access the web wich defeat the goal of this method.

    How can I set VirtualBox and pfSense to feed the Web to Linux directly?

    My actual Setup:
    Modem -> pfSense (vm1 bridged) -> Windows 7 (Host bridged with "Microsoft Loopback Adapter")

    The part I want to add:
    Modem -> pfSense (vm1 bridged) -> Linux (vm2)

  • Hmmmmm…  Why don't you just wipe your drive, install LINUX as your primary OS and configure it to be protected by pfsense same as how you had windows?  Save on the overhead?

  • That's actually exactly what I don't want to end up doing. I thought about that but it's just not practical. Since I have a powerfull system, I want to exploit it to the max and virtualisation is the best way to do it. I also want to try out several linux distro to find my fit and learn this system. I do a lot of gaming too and windows in a VM is not the way to go.

    Honestly I thought feeding the web throught two VM was a simple thing. It's just that I'm a noob in all this. Is there no easy solution?

  • I did this a couple of weeks ago.  I was testing to see how I could replace my standard Netgear router with a pfsense router so Squid and Squidguard could be used.  Here is how it was set up

    PFsense Router
    NIC1 - Bridged
    NIC2 - Internal

    Linux Guest
    NIC1 - Internal

    Build the systems,  for NIC1 on the Pfsense, you might need to force it to a static IP, and for NIC2 that will definitely be static. Also set up DHCP on the router and when it runs it will be serving up IP addresss

    The Linux Guest can be build as you want and configured for DHCP, it should pick up the address and will be served.  Now all of the traffic from the Linux guest will be going through the pfSense.  Granted there is no firewall protection on the host because it has its own IP address that is exposed to the network, but the guests are locked behind the pfSense

  • I tried your idea but now Linux, Manjaro by the way, doesn't receive traffic at all. Here is how my two VMs are configured:

    VM1 - pfSense:
    NIC1 : Bridged to my physical NIC
    NIC2 : Bridged to "Microsoft Loopback Adapter", The adapter used by Windows (The Host)
    NIC3 : Internal

    VM2 - Manjaro:
    NIC1 - Internal

    My configuration of pfSense:

    WAN : DHCP (I guess I don't have much choice here?)
    LAN : Enabled Static IPv4
    DHCP Server : Enabled To With DNSAdvantage as DNS Servers

  • I read the chapter 6 of the VirtualBox Manual and played with the different network configuation. I found that in Internal Networking, my Linux VM would report "The Network Connection has been disconnected". In Host-Only, the connexion does establish itself in the VM but the web is not accessible and the Host (Windows) lose the connexion too. Maybe there is a conflict between the Bridge and the Host-Only network adapter.

    From the documentation of VirtualBox :
    "Internal Networking is similar to bridged networking in that the VM can directly communicate with the outside world. However, the "outside world" is limited to other VMs on the same host which connect to the same internal network."

    Since my pfSense VM does access the internet, does the rule still apply?
    smcclos - You say you did a setup like this, how did you proceed exactly?

    Thank in advance.

Log in to reply