Pfsense with 3 NICS
-
Here is my dmz firewall rules showing ! locals as dest
-
To be fair you do need a physical NIC on vSwitch1 if you have physical machines that need to connect to that subnet.
If however you are only getting general internet connectivity with that in place then it sounds like the VMs on vSwitch1 are using some external route and not the pfSense VM for there gateway.
Steve
-
From what I have been able to make out of this thread.. He only wants vms on this esxi host to connect through pfsense (vm) to the real network via pfsense wan connection. If that is the case then the only vswitch that needs connectivity to the physical world is vswitch that pfsense wan is connected too.
Think of the physical nic you connect to a vswitch as just normal uplink you use in real switches. If you have machines on switch1 and machines on switch2 how do you connect them.. You run a wire between the switches.
This is really all that connecting a physical nic in esxi to a vswitch does - it connects that vswitch to the real world switch the wire from that nic runs too.
Your vmkern portgroup would need a physical connection or you would not be able to manage the esxi host box. From your other drawings this is the same vswitch you have pfsense wan connected too. Your other lan and dmz segment vswitches only need physical connectivity if you as stated by stephen you have real world machines on those segments.
-
Why when I remove the Physical NIC from the VSwitch 2 /3 the connectivity drops down ?
P.S. Removed the BS bridge yet, or still feel like wasting more of our time with that nonsense?
-
If you would let one of us teamviewer in we could have this fixed in like 3 minutes.. And we are on page 4 ;)
-
i will have a physical computers that will be a member of the domain controller that is running on the ESXI and need to have the access to the LAN 1 subnet over the WAN
Like Physique computer on the room will need to have access to 192.168.4.0/24 and need to use the PFSENSE as it gateway.He does say 'over the WAN' here but I discounted that because he implies that real machines need to be in the 192.168.4.X subet which is LAN1/vSwitch1.
Steve
-
But he stated this as well
"LAN 1 and LAN 2 are not attached to Physical NIC, "I if he even knows what he wants, I think it is getting lost in translation.. Maybe he would have better luck with someone that speaks his native language?
-
But he stated this as well
"LAN 1 and LAN 2 are not attached to Physical NIC, "I if he even knows what he wants, I think it is getting lost in translation.. Maybe he would have better luck with someone that speaks his native language?
if i remove the physical NIC from vSwitch 1,
my Physical Machines in the office will be able to communicat with LAN 1 ( 192.168.4.1 ) even it doesn't have Physique NIC ?when you say remove the bridgen ? which one you mean?
on the interfaces there is no bridgen.
attached is a screenshot of my bridgen
-
if i remove the physical NIC from vSwitch 1, my Physical Machines in the office will be able to communicat with LAN 1 ( 192.168.4.1 ) even it doesn't have Physique NIC ?
No. You need a physical NIC on vSwitch1 to allow that. We just needed confirmation that was what you're trying to do.
on the interfaces there is no bridgen.
Ok, so you removed it already? In your much earlier out put of 'ifconfig' it showed a bridge.
Steve
-
"my Physical Machines in the office will be able to communicat with LAN 1 ( 192.168.4.1 ) even it doesn't have Physique NIC ?"
And these physical machines are on 192.168.4.0/24 or are they on the wan that your pfsense is connected too 192.168.2.0/24 I think?
-
Ah, very good question. Yes, you mentioed via WAN earlier, did you mean that?
Steve
-
"my Physical Machines in the office will be able to communicat with LAN 1 ( 192.168.4.1 ) even it doesn't have Physique NIC ?"
And these physical machines are on 192.168.4.0/24 or are they on the wan that your pfsense is connected too 192.168.2.0/24 I think?
the physical Machines are using PFsense as Gateway,
on the WAN side I have just the ESXI and the ISP Modem,
all other machines are connecting to the internet through the PFSENSE( Virtual or Physiques)
all my network is going through the Pfsense.Steve yes this exactly what I want :).
thank you so much
-
Well then are you working.. If you removed the bridge and have firewall rules correct, change your lan2 pfsense IP to be .1 vs .0 you should be up and running.
-
Well then are you working.. If you removed the bridge and have firewall rules correct, change your lan2 pfsense IP to be .1 vs .0 you should be up and running.
this what I did and it working thank you so much for your help.
to do this my PFSENSE LAN1 required a Physique NIC ? right
as showed on my screenshot the Vswitch 1 has attached Physique NIC.my question is , is it possible to have Pfsense ( I mean LAN1 ) accessible to the physique machines even Vswitch 1 doesn't have a Physique NIC ?
-
Only if those machines are somehow routed through the pfSense WAN with appropriate firewall and port forwarding rules.
No, is probably the answer. If you wish to have physical machines connected to LAN1 and using pfSense as their gateway to the internet you need to have a physical NIC connected to vSwitch1 to get that real traffic into the virtual network.Steve
-
If they are connected to LAN, then they will so long as the rules exist. They will be on LAN subnet and accessing LAN1 resources either by IP of configured DNS name. They have do go through pfSense as a route to get to LAN1 resources. There will not be a direct path.
-
John Steve, and all
thank you so much for your help and help me get to know the product.
really guys appreciate it.
I own you a drink guys :) -
I would say a couple of them, stiff ones!! Or some really good craft IPA's at a min. If you were in the area I would take you up on it, but since not take a look at my signature.
-
all who does helps in this topic,
i appreciate your effort and time to have a look at this with me,
Thank you so much guys !John i looked to your signature, will work on it this week.
-
So it all working as you expected?
Good to hear. :)I would say a couple of them, stiff ones!!
;)
Steve
