Want to implement a virtual router as a gateway between VMs and the outside worl



  • I have never used pfsense and I want to implement a virtual router as a gateway between VMs and the outside world.
    Can someone please provide some basic setup instructions?

    I have two HP servers with ESXi and plan to setup Windows Server 2012 DC,DNS,DHCP VM and a couple more VMs.
    I want to keep using my local AT&T ISP router DNS,DHCP for my wifi and laptops.

    Do i create a VM and install pfsense? configure a NIC on each server?



  • @virtualchi:

    I have never used pfsense and I want to implement a virtual router as a gateway between VMs and the outside world.
    Can someone please provide some basic setup instructions?

    I have two HP servers with ESXi and plan to setup Windows Server 2012 DC,DNS,DHCP VM and a couple more VMs.
    I want to keep using my local AT&T ISP router DNS,DHCP for my wifi and laptops.

    Do i create a VM and install pfsense? configure a NIC on each server?

    Disable whatever your ISP gave you if you have only 1 WAN IP. If you have more than one WAN IP, continue.

    To make pfSense work properly, you will have to assign 2 interfaces: one for the outside, one for the inside. Using your hypervisor software you will need to create two separate switches or bridges or whatever your GUI names it. Connect the 'inside' interface to one of those switches and the 'outside' interface to the other. Connect all VM's to the inside switch, connect the physical ethernet port to the outside switch. If you want the servers to work together, connect a different ethernet port to the inside switch and plug it in to the 'inside' ethernet port on the other server which should have the same setup with the 'inside' switch.

    Then connect the outside ethernet connections to whatever media your ISP gave you, in case of fiber most likely a NT unit with media converter, in case of DSL a modem, which you should put in bridge mode or have secondary IP's on it's LAN side ports.

    If you insist on double-NATting your network, you can leave the modem as-is, but you will run in to trouble with double port forwarding and maybe limited NAT and state tables on the provider CPE.

    There are a shit ton of tutorials on how to set this up by the way, the thing you want is about as common as it gets.



  • I appreciate the help. Just a little confused with steps 4 and 5.

    1.I setup two Nics. A WAN and LAN.
    2.I created two vswitches in my ESXi.
    3. Connect all my VMs to my WAN
    4. Connect the physical port to the outside switch ? ethernet cables are connected to my two vswitched.
    I have an unmanaged 5port switch connected to AT&T home router and server two nics connected to 5 port unmanaged switch.

    5. if you want the servers to work together, connect a different ethernet port to the inside switch and plug it in to the 'inside' ethernet port on the other server which should have the same setup with the 'inside' switch? Do i create a seperate switch with vms and nic?






  • 2 vSwitches, one for WAN, one for LAN.  Connect WAN switch NIC to your cable modem.  Connect LAN switch NIC to your external LAN switch.  Connect LAN clients to LAN switch.  Done.



  • Biggsy - I went thru the guide and I think I have completed the setup.

    KOM - I tried your steps.

    Connect the WAN switch physical NIC to AT&T router.

    Connect the LAN switch NIC to external unmanaged switch. My PC is connected to this unmanaged switch and lost internet connectivity. I have vSphere client on my PC.

    I apologize if I don't know what I am doing. I am new to PFsense and have a basic networking background.

    Can you please let me know if my PFsense setup is complete?
    I logged in pgsense 192.168.1.1 and left all the defaults.
    I want to setup a VM with Windows Server 2012R2 VM DHCP, DNS.

    My physical connections are like this:
    AT&T router cable is connected to 1 port on the unmanaged switch
    MY PC Ethernet cables is connected to unmanaged switch
    My Server two physical nics are connected to unmanaged switch.

    Thank you very much






  • Your WAN and LAN can't be on the same network.  You have them both at 192.168.1.x.  Change your LAN to something else like 10.0.0.1 or 192.168.2.1 etc.



  • @virtualchi:

    My physical connections are like this:
    AT&T router cable is connected to 1 port on the unmanaged switch
    MY PC Ethernet cables is connected to unmanaged switch
    My Server two physical nics are connected to unmanaged switch.

    Is there only one unmanaged switch?  If so, your physical network is all wrong.

    Can you provide a diagram?



  • Please see attached screen-shot diagram.

    I think my setup should be diagram B.
    PFSense will handout IP addresses to DHCP clients.

    I did try diagram B and DHCP didn't handout IP address to my PC. I left all the defaults in PFsense. Is there anything else to do?

    thanks for the help. I know this is probably very basic stuff.




  • Your current setup will never work.  Configure it like Setup B and you should be fine. Make sure WAN and LAN are on different networks.  Make sure your WAN IP address is on the ATT router's network.



  • unfortunately I am still having issues.

    I cannot get PFsense DHCP to release IP address to my clients.

    What I've done.
    My WAN interface is pointing to my AT&T router. I configured the correct EM interface is okay in PFsense. Same for LAN interface.
    LAN interface is pointing to unmanaged switch.
    PFsense configured as defaults.
    ipconfig/release ipconfig/renew on my desktop and no luck.

    I was not able to disable NAT and activate bridge mode on my AT&T router. Probably need to call AT&T. Could this be my issue?


  • LAYER 8 Global Moderator

    Doesn't matter if your wan was unplugged in pfsense - that has NOTHING to do with clients on lan side getting IP addresses..  If you can get an IP then either dhcp server not running on pfsense, or you have a connectivity issue.

    So What IP did you put on pfsense lan?  Put a static on your client in that network - can it ping pfsense.. If not then how would it get an IP from a dhcp server?

    Why do you have a 2nd vmkern port group with APIPA address on it? On a vswitch that doesn't even have a physical nic attached?

    What is that 2k12 vm going to talk to?  There is no leg of pfsense in the vswitch either..

    You sure you have the correct nics connected, and the correct vnics in pfsense connected to the right vswitches?  Look at the macs of your pfsense vnics and make sure you have your lan in your lan vswitch and your wan in your wan vswitch, etc.

    If your on the wan side of pfsense then your never going to get a dhcp address from pfsense, etc.


Log in to reply