Adding NICs to Hyper-V process?
I am super excited to get pfsense up and running.
Currently, I've got a Hyper-V install up and running that can pull down an IP from my ISP and give an IP to the LAN connection, which is great. From the LAN machine, I can access the pfsense Admin GUI.
Next, I want to add the remaining NICs on the hyper-v machine to the pfsense VM. My idea was to add them the same way I added the LAN connection (external in virtual switch manager, etc) and have pfsense just recognize them as LAN2, LAN3, etc.
However, they come in as OPT1, OPT2, which is fine, but when I connect a network device to the NIC pfsense calls OPT1, it never gets an IP address. I've fiddled around with some DHCP settings for OPT1 and the firewall rules… but I am thus far not being successful.
Is there documentation anywhere for what I'm trying to do? I want to use this pfsense VM as my router, so it'll have a total of 7 or so NICs, plus one for the WAN. Is this possible? Is there a step-by-step somewhere of exactly what I need to do in order to accomplish this?
ikkuranus last edited by
Forgive me for the basic questions.
Are you using a switch in between opt1's physical nic and the device(s)? if no, are you then using a crossover cable?
You may rename the interfaces to whatever you want from the interfaces tab.
Thanks for the reply.
To answer your questions– I think no for both.
My goal is to have a regular, consumer-like router which is a VM of Pfsense. My goal is to be able to just plug a given device (NAS, laptop, xbox, network printer) into the ports on the host machine where I'm running that pfsense vm, and have them be able to see each other and get to the internet, basically the same way that a regular router works.
I think I should be bridging some connections with the LAN connection... so however many OPT1,2,3s I have, I think they should all go in a single bridge, and then have that bridge be assigned to LAN.
How I do that... I'm not currently sure. I don't have much of a handle on the firewall rules, and I'm using the LAN connection via ethernet on my laptop to do the administration... so anytime I assign the bridge I create to LAN, I immediately can no longer access the 192.168.1.1 administration page via that ethernet port.
Do you think if I configured the firewall rules correctly before I assign that bridge to LAN, I'd still be able to access it after assigning the bridge to LAN?
Also, do you know if there is a step by step guide anywhere of what I'm trying to do that I could follow? Every guide I'm finding online appears to be slightly different from what I'm trying to accomplish, and enough so that I run into a problem completing it with my setup.
Many thanks for taking the time to chime in.
Keljian last edited by
Let's start by saying that PFsense is a firewall/router, not a switch. It can be used as a bridge but that increases CPU/memory requirements and it isn't particularly fast or good at that. I've noticed a very substantial decrease in requirements letting PFsense just do routing/UTM duties vs that and using it as a bridge.
You're much better off with a $15 switch than using pfsense as a switch. Plus since you're running a hypervisor, you'd be much better load balancing the ports between PFsense and the other VMs you're using :)
If you are dead set on setting up a bridge, this thread will help:
Setting up a bridge also requires a reset at a certain point in the setup, which is probably where you're getting stuck.
Thanks for that post– it appears to be exactly what I want to accomplish.
Currently, I'm able to follow it up until step 5:
"5. Assign BRIDGE0 to LAN Network Port:
(IMPORTANT - I lost connectivity to the web interface even after switching my ethernet cable to a bridge interface. I was only able to get back in after rebooting pfSense)
Go to Interfaces > (assign) and change the LAN assignment to BRIDGE0. Save and reconnect your ethernet cable to one of the bridge interfaces. It should come back up, however you will want to make sure you have access to the pfSense box before doing this. You could end up locked out!"
I appear to be locked out of the web-gui when I try this.
I'm running this in a Server 2012 R2 Hyper-V VM-- so I try rebooting (per the instructions from that guide) via the command prompt of the VM (option 5, I think), but after moving my ethernet cable to one of the ports in Bridge0, I'm not able to re-access the web-gui. I have two ports in the bridge at this point, and neither allows me to reconnect to the web-gui. I also tried rebooting the machine running Hyper-V, but it doesn't work either. I am also unable to access the web-gui when I move the ethernet port back to the original LAN NIC.
I've gone back through this guide twice at this point-- has perhaps something changed since his version of pfsense at the time of write up? I'm running on 2.2.4 I think, that guide references 2.0.2.
I am starting his guide with a brand new install of pfsense each time (via reset to factory settings in the command prompt). Do you think I need to edit something in the firewall rules for the two NICs I'm putting in Bridge0? Perhaps something in the DHCP server settings maybe?
When I assign Bridge0 to the LAN connection in the web-gui and hit Save, I can see in the command prompt of the Hyper-V admin area that LAN becomes LAN ->bridge0 -> v4: 192.168.1.1/24.
So I assume I should be moving my ethernet cable over to OPT1 or OPT2 (which are what make bridge0) and then going to 192.168.1.1 in my browser and then be good to go. However, when I do that, the browser(Safari at the moment, as well as Firefox) has a little progress bar that goes about 1/8 of the total distance it would go to complete and then just stops. I see a generic message from the browser about not being able to open the page, same as if it weren't connected to any network at all.
Any ideas? I really appreciate the help.
Keljian last edited by
1. Try rebooting after setting up the bridge, it may solve the issue (did for me)
2. Start the bridge on the interfaces (OPT1/2) first and test it there, before bridging in LAN
Sure you don't want to get an external switch?
Thanks for the input Keljian.
Another helpful user recommended I try enabling MAC address spoofing in the NICs within Hyper-V… as soon as I did that I was immediately able to connect to the admin GUI on those NICs.