  • studying for MSCA and i found this link

    2 VMS with server 2008r2 and pfsense

    i pretty much followed this guide to a T and its not working…. I can ping internet from pfsense, i can connect to the web application from each host, but from a host i cannot ping the wan interface,, or the other host that can do the same.  connected with limited.

    ISP wan

                            |              |
                            | Netgear|


                            vm1        vm2

    .11/24        .12/24

    i tried setting firewall and nat rules, i can't get dchp to work so i'm just doing everything static. i've also cloned the mac address of my router, nothing seems to work.

    so when i try "diagnose my connection" i get a DNS error the DNS server isn't responding", so maybe something is wrong with the DNS forwarder

    i can provide pics if needed but that link is exactly what i did, no gateway on lan in interfaces or routes(everything is "link#...em1" type stuff. i did change the gateway on wan to my netgear lan interface and that did not work either.

    any help would be much appreciated.

  • You can connect to what web application from which hosts? And what is "connected with limited" mean?

    So if I understand you correctly, you can ping the Netgear from the pfSense (you ought to if you can access the internet from the pfs), but your internal VMs can't get out to the internet. What DNS server settings are you using on the VM hosts? What firewall rules have you set up? I know you've said that DHCP doesn't work, but why would you need to if you just have two Windows 2008 servers running - they ought to be static anyway, assuming they're Active Directory enabled.

    I think it would be best if you gave a full breakdown of your firewall rules to start with. I seem to say this a lot lately, but screenshots - not a description written in text - would help.

  • right, definitely don't need dhcp on the lan.  i can get to the web interface from both hosts and, neither can ping each other or the wan interface. "limited connectivity" is the lan icon on my task bar.

    i think i found my problem. i didn't set the dns server to the lan interface of my netgear(where the pfsense got its address via dhcp). set that to and now i'm connected. i guess i assumed it would do that automatically cause that was its default gateway but apparently not.

    Thank you for the reply.

  • Good to hear you got it going. For the record, you ought not be able to ping the outside interface from inside the LAN anyway, at least not with the default firewall rules. The fact that your two internal hosts can't ping one another despite being on the same LAN is odd, but if it isn't causing you any problem then I guess it's all good.

