Need help Install Pfsense on VMWare workstation 11 win7 newbie here



  • Hi, I need to help installing pfsense on vmware workstation 11. Someone told me that I need to configure the 2 lan port first  before installing.

    My Structure is:

    Fiber optic box –-> Router with disabled DHCP ---> PC(Where I installed vmware that I will use to install pfsense) ----> switch ---> users

    I'm planning to use pfsense for dhcp and a firewall for wifi APs.

    PC specs:

    Processor: i3
    RAM: 8GB
    LAN CARD: Intel gigabit 4 ports

    Thanks



  • Yes, you will need two virtual ethernet adapter for your pfsense. 1 will be the WAN port coming from the router and the other will be the LAN port going into your switch.

    Then depending on how you get your public IP from the optic box, you put your virtual ethernet adapter to bridge mode for your wan connection. Then for your LAN port you setup a lan segment for pfsense to serve dhcp.



  • Can you tell me how to setup this lan segment? I'm getting my ip from the router that is connected to fiber optic box via static ip, so I manually put an IP to my PC to be able to connect to the internet.


  • LAYER 8 Global Moderator

    Does this pc have 2 ethernet cards?  Why are you trying to install it under vmware workstation?  Why do you not get rid of the router in front if it?  Install pfsense onto the pc hardware directly.

    Why do you have that routers dhcp server off?



  • Agree. Get rid of the router if you want to use pfsense.

    1. put a cable from your optic to your win7 Intel port 1.
    2. Do a network pass through and bridge vmnet0 to intel port 1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1020359
    3. Repeat step 2 and bridge vmnet1 to intel port 2.
    4. Add vmnet0 and vmnet1 into pfsense as network adapters.
    5. Use vmnet0 was wan interface and vmnet1 as LAN interface.
    6. Connect cable from intel port 2 to switch.
    7. Enable dhcp on LAN interface.

    Tada. Now it is all working. But you won't get any internet on your win7 as it is just doing a pass through on both network adapter. What next is you either put a cable from your switch to Intel port 3. But the wiser option would be to create another virtual adapter and bridge win7 and pfsense together.

    The last time I installed pfsense in workstation is a long time ago. So I can only give you the concepts and not the exact steps.



  • @johnpoz:

    Does this pc have 2 ethernet cards?  Why are you trying to install it under vmware workstation?  Why do you not get rid of the router in front if it?  Install pfsense onto the pc hardware directly.

    Why do you have that routers dhcp server off?

    I have 1 ethernet cards with 4 ports on it.

    Because I'm lacking 1 PC so I need to install it on vmware. I need to install another server also in the PC using vmware.

    Our main goal is just use pfsense only for wifi access points. Below is our main network structure…

    Fiber Optic Box ----> Router(192.168.0.70) ----> DNS/DHCP(192.168.1.1) and ISA server (192.168.1.150) ----> Users (192.168.1.2 - 192.168.1.149 static) and WiFi access points (192.168.1.151 - 192.168.1.240 DHCP)

    The reason why router have different IP because boss and IT department is bypassing ISA server to have maximum internet speed and no restrictions. So our IP on our PC are 192.168.0.1 up. In this setting we are having problems dhcp due to increasing number of user connecting to wifi. In short we are out of free IP to put on DHCP. That is why I want to create pfsense, for DHCP and Firewall of WiFi access points. I am planning to replace the router later, but I need to familiarize pfsense first so I'm starting on wifi. We cannot afford any downtime if I made a mistake on configuration on pfsense. That is why I can't get rid of router at the mean time and the router dhcp is off.



  • @BaNZ:

    Agree. Get rid of the router if you want to use pfsense.

    1. put a cable from your optic to your win7 Intel port 1.
    2. Do a network pass through and bridge vmnet0 to intel port 1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1020359
    3. Repeat step 2 and bridge vmnet1 to intel port 2.
    4. Add vmnet0 and vmnet1 into pfsense as network adapters.
    5. Use vmnet0 was wan interface and vmnet1 as LAN interface.
    6. Connect cable from intel port 2 to switch.
    7. Enable dhcp on LAN interface.

    Tada. Now it is all working. But you won't get any internet on your win7 as it is just doing a pass through on both network adapter. What next is you either put a cable from your switch to Intel port 3. But the wiser option would be to create another virtual adapter and bridge win7 and pfsense together.

    The last time I installed pfsense in workstation is a long time ago. So I can only give you the concepts and not the exact steps.

    Do you think I can still do this even if I didn't get rid of the router? I'll just put a static IP on wan so wan can get internet from router.



  • @yuizen:

    I have 1 ethernet cards with 4 ports on it.

    Because I'm lacking 1 PC so I need to install it on vmware. I need to install another server also in the PC using vmware.

    Our main goal is just use pfsense only for wifi access points. Below is our main network structure…

    Fiber Optic Box ----> Router(192.168.0.70) ----> DNS/DHCP(192.168.1.1) and ISA server (192.168.1.150) ----> Users (192.168.1.2 - 192.168.1.149 static) and WiFi access points (192.168.1.151 - 192.168.1.240 DHCP)

    The reason why router have different IP because boss and IT department is bypassing ISA server to have maximum internet speed and no restrictions. So our IP on our PC are 192.168.0.1 up. In this setting we are having problems dhcp due to increasing number of user connecting to wifi. In short we are out of free IP to put on DHCP. That is why I want to create pfsense, for DHCP and Firewall of WiFi access points. I am planning to replace the router later, but I need to familiarize pfsense first so I'm starting on wifi. We cannot afford any downtime if I made a mistake on configuration on pfsense. That is why I can't get rid of router at the mean time and the router dhcp is off.

    I might be wrong but based on your questions I don't think you understand your networks well enough to be doing this. Especially if you don't want any down time.

    The easy way is to give yourself a bigger IP range via supernetting for your WiFI AP. http://www.techrepublic.com/article/expand-your-network-by-supernetting-ip-addresses/

    Or just put it on a different subnet.

    Then you create a virtual pfsense lab in vmware and start learning it! You can replicate your network in it and once you're confident enough. Then you can do the rollout.


  • LAYER 8 Global Moderator

    "Because I'm lacking 1 PC so I need to install it on vmware"

    Ok get another PC, or use esxi..  I just don't get why anyone would install such a system to a PC copy of virtual software..  Do you plan on using this PC while its routing all the traffic of your network?  You plan on surfing reddit, working on spreadsheets, email, etc??

    I am all for leveraging hardware for multiple VMs, I run pfsense on esxi with multiple other VMs doing other things like storage/nas box, linux box, observium, cacti, wireless controller for unifi APs, etc.

    How are you thinking your going to put your wan of pfsense on 192.168.1.0/24 network while your AP users are also on this 192.168.1.0/24 network from what I take of your diagram.  Im with Banz I don't think you understand networking enough not to take it down while you figure it out.

    Why don't you just put in pfsense and have multiple segments for the different access times, your not ias users, your normal usrs were only your proxy (How old is this isa - thought that died years ago) and then your wifi segment.



  • Well first of all, the network structure here was already here before I get in. I was also confused. So what I am trying to do is slowly fixing it. Slowly because I can only test everything after working hours. I want to start by fixing the WiFi DHCP. So I can remove the old DHCP server. Afterwards when I'm a bit familiar with pfsense I'll add dns server and remove our old dns/isa server.

    I was saying I can't afford any downtime because this is a company and I if I screw up 200+ people will lose internet and they are the kind of people that wouldn't understand.

    Also I can't get another PC at the moment. That is why I decided to use VMWare workstation so I can create 2 virtual PC. Is ESXI same as VMWare?

    Also, I'm kinda new to networking. Although I understand some of it but not all.



  • UPDATE:

    I made it work. Follow this instructions by BaNZ

    1. put a cable from your optic to your win7 Intel port 1.
    2. Do a network pass through and bridge vmnet0 to intel port 1. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1020359
    3. Repeat step 2 and bridge vmnet1 to intel port 2.
    4. Add vmnet0 and vmnet1 into pfsense as network adapters.
    5. Use vmnet0 was wan interface and vmnet1 as LAN interface.
    6. Connect cable from intel port 2 to switch.
    7. Enable dhcp on LAN interface.

    My setup now is:

    Router(192.168.0.70)DHCP Disabled –--> Pfsense WAN(VMnet0): Static IP 192.168.0.1/24 and LAN(VMnet1) DHCP enabled: Static IP 192.168.2.1/24 ----> WiFi Access points

    I don't know if it's correct but it's distributing IP's 192.168.2.10 - 192.168.2.245/24. Also I tried the limiter it worked.



  • Oh no….. I was under the assumption that you're using it for your home environment. But you shouldn't do this in your office production environment.

    Running it on windows 7 workstation is just crazy. Every time you reboot the machine, you lose all your wifi. Unless you never patch your windows 7 machine. Which would be even crazier.

    Are you doing this in a test environment? I hope you haven't deployed this out live. I would honestly stop if you're making these changes to your live system.

    You can also give yourself some breathing space by increasing the dhcp range to 192.168.1.254 if they are not in use. Then reduce the lease time on the dhcp to like a day. Then play around with it in a virtual lab, make sure you got all your routing and firewall correctly before putting it on a live system.



  • @BaNZ:

    Oh no….. I was under the assumption that you're using it for your home environment. But you shouldn't do this in your office production environment.

    Running it on windows 7 workstation is just crazy. Every time you reboot the machine, you lose all your wifi. Unless you never patch your windows 7 machine. Which would be even crazier.

    Are you doing this in a test environment? I hope you haven't deployed this out live. I would honestly stop if you're making these changes to your live system.

    You can also give yourself some breathing space by increasing the dhcp range to 192.168.1.254 if they are not in use. Then reduce the lease time on the dhcp to like a day. Then play around with it in a virtual lab, make sure you got all your routing and firewall correctly before putting it on a live system.

    I'm just testing it at the mean time. I'm not using the windows 7 workstation for any other purposes and patching it would not be a problem I can patch it during off hours. I intend to use it just for the virtual servers. Is it really bad to use win 7 + VMware workstation? for virtual server and pfsense? if so can you recommend other options? Please note that I only have 1 PC available at the mean time so I need pfsense and another server to be virtual.

    By reduce you mean… take a day of my lease time or make it a day? My current now is 9 hours, because our office hours are just 8 hours a day.



  • @yuizen:

    I'm just testing it at the mean time. I'm not using the windows 7 workstation for any other purposes and patching it would not be a problem I can patch it during off hours. I intend to use it just for the virtual servers. Is it really bad to use win 7 + VMware workstation? for virtual server and pfsense? if so can you recommend other options? Please note that I only have 1 PC available at the mean time so I need pfsense and another server to be virtual.

    Use Vmware ESxi, if your hardware supports it. You wipe Win7 and put esxi on it. Then within that esx you can create your pfsense, servers or even windows 7 on it. What hardware are you running win7 on? A desktop PC?

    Esx is for commercial and workstation is for home users. evaluation esxi is free for 60 days. After that you just get popup each time you start it up. I've been using the free evaluation for years.

    vmware workstation is a great product, but not ideal if you're using it for this purpose. Each month you have to manually everything just to patch it. I guess if you're not using it for anything and if it isn't on the network then you don't have to patch it. With my esxi, the only time I ever had to take it down is when I need to upgrade the hardware.

    Win7 vanilla probably uses around 2gb of memory. Whereas esxi uses roughly a few hundred mb. This will leave you with a lot of memory to host other virtual servers.


  • LAYER 8 Global Moderator

    You can get esxi FREE, you don't have to run the eval lic..  I just update mine to 6 the other day.  Its FREE and is well suited for home or even smb use.  If your really going to use it in production and want stuff like vmotion, etc.. Then you have to pay.  I have lots of different vms running 24/7/365.  I would highly recommend it over workstation.. Workstation is meant for like developers to run a different copy of some os to work/play with - its not meant as production sort of deployment of vms.

    example - here are my current vms, the ones running are the ones I have running all the time.  Its really great for playing with pfsense as well since you can take a snapshot and bing bang zoom go back to before you dis something or ran a update if playing with the development versions.  And if you use the same mac on your vms you can boot other router distros without loosing a step in connection to your modem, etc.  You will notice have multiple segments connected to the pfsense vm, etc. etc..  esxi is light years ahead of workstation for doing production work like what it sounds like your wanting to do.

    Mine is running on older N40L hp microsever that I got for like 200$, bumped it to 8GB of ram added some disks for my storage VM, added a dual and single nic for a total of 4 and it just rocks as lab/home setup - SSD makes it sing for bootup of vms, etc.  If was going rebuilding it would of gotten the quad port nic, for a total of 5 but this really works out great for home/shoe string budgets.

    What hardware are you working with for this PC?




  • Thank you guys. I will now go for esxi. Just 1 question about my settings, is ok besides from I'm not using esxi?



  • @johnpoz:

    You can get esxi FREE, you don't have to run the eval lic..  I just update mine to 6 the other day.  Its FREE and is well suited for home or even smb use.  If your really going to use it in production and want stuff like vmotion, etc.. Then you have to pay.  I have lots of different vms running 24/7/365.  I would highly recommend it over workstation.. Workstation is meant for like developers to run a different copy of some os to work/play with - its not meant as production sort of deployment of vms.

    example - here are my current vms, the ones running are the ones I have running all the time.  Its really great for playing with pfsense as well since you can take a snapshot and bing bang zoom go back to before you dis something or ran a update if playing with the development versions.  And if you use the same mac on your vms you can boot other router distros without loosing a step in connection to your modem, etc.  You will notice have multiple segments connected to the pfsense vm, etc. etc..  esxi is light years ahead of workstation for doing production work like what it sounds like your wanting to do.

    Mine is running on older N40L hp microsever that I got for like 200$, bumped it to 8GB of ram added some disks for my storage VM, added a dual and single nic for a total of 4 and it just rocks as lab/home setup - SSD makes it sing for bootup of vms, etc.  If was going rebuilding it would of gotten the quad port nic, for a total of 5 but this really works out great for home/shoe string budgets.

    What hardware are you working with for this PC?

    Is ESXI also VMware vSphere Hypervisor?


  • LAYER 8 Global Moderator

    Yes vsphere is esxi


Log in to reply