Pfsense + Windows 8.1 + Virtual Box

WisceBIat

Hello,

I'm having trouble with my initial PfSense setup using the following:

1. pfSense-LiveCD-2.2.5-RELEASE-amd64-20151104-1549
2. Windows 8.1
3. VirtualBox Graphical User Interface Version 5.0.10 r104061
4. RT-AC56R WIFI Router
5. Cable Modem provided by my ISP (Videotron)
6. Dual Port Intel NIC (D33682)

The setup is supposed to look like this:

MODEM –--> Windows 8.1 running PfSense in Virtual Box ---> RT-AC56R

The modem plugs into the first port on my DUAL port NIC, then goes through PFSense running in a VM and finally the traffic leaves out my second port and into my RT-AC56R router. All LAN traffic does not pass through the firewall, only traffic destined to the Internet and from the internet should go thorugh the firewall.

In Virtual Box I've got two network adapters setup in Bridged mode ( 1 for each port on my dual port NIC). PfSense boots up and sees EM0(WAN) and EM1(LAN).

After this I don't know what to do. I Managed to get into the WEB interface once, but it must have been luck because the page doesn't load anymore.

KOM

No idea about what you're really trying to do.  Is this a lab or are you trying to run a firewall off of a Windows client OS?  No idea about your network details, and those are usually key to figuring out a network issue.  You have two NICs bridged to LAN, but you're trying to make one a WAN.  Are these static or dynamic IP addresses assigned to each?

To access the WebGUI, you need a client on the same network as the pfSense LAN interface.

WisceBIat

@KOM:

Is this a lab or are you trying to run a firewall off of a Windows client OS?

Extremely unconventional setup of running PfSense in a VM on my Windows 8.1 Desktop, and this is not a lab.

The desktop has 2 NIC's. One is built into the motherboard and is used to connect wirelessly to the Internet through my RT-AC56R. The other was recently purchased off Ebay to serve as my firewall NIC because it has 2 ethernet ports built into it.

My local network looks like this now: Modem –-> RT-AC56R (DHCP, NAT, 192.168.1.0/24) ---> LAN
What I want to do is this : MODEM ----> Windows 8.1 running PfSense in Virtual Box ---> RT-AC56R (DHCP, NAT, 192.168.1.0/24)

KOM

Honestly, I have no idea why people keep wanting to do this.  Why not grab an El Cheapo PC from the nearest landfill and use that instead of hairpinning your connection through a virtual machine and exposing a Windows client directly to the Internet?

I also should have been more clear when I asked for network details.  What I was asking for are:

WAN IP address, subnet mask, gateway
LAN IP address, subnet mask
Client PC IP address, subnet mask

WisceBIat

My cheapo PC died a few months ago actually, and I just thought I would try things out like this for now. It's not ideal and would not be acceptable anywhere except for my home network.

Here is my WAN information given to me by the routing table in my router :

Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
96.21.125.1    *              255.255.255.255 UH    0      0        0 WAN
96.21.125.0    *              255.255.255.0  U    0      0        0 WAN
192.168.1.0    *              255.255.255.0  U    0      0        0 LAN
default        96.21.125.1    0.0.0.0        UG    0      0        0 WAN

LAN IP address, subnet mask: 192.168.1.0/24

Client PC IP address, subnet mask: My PC running Windows 8.1 and the Virtual Box VM: 192.168.1.69 - 255.255.255.0

KOM

OK, so WAN is 96.21.125.1.  Your LAN can't be .0 since that is reserved for the network address, so what is it's IP address (go to the console view in Virtualbox VM for pfSense and it will list the interfaces and their addresses).  I also forgot to ask you what you have set for your gateway on the Win8.1 box?

WisceBIat

Lan IP Address in Pfsense was giving me 192.168.1.1/24 and then I was able to login to the interface with that.

Here is a copy and paste from command prompt on my Windows 8.1 machine

Ethernet adapter Ethernet:

Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-V
  Physical Address. . . . . . . . . : BC-EE-7B-59-2D-EA
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::e010:d16c:407c:5c13%4(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : December 9, 2015 10:21:35 PM
  Lease Expires . . . . . . . . . . : December 11, 2015 10:21:35 AM
  Default Gateway . . . . . . . . . : 192.168.1.2
  DHCP Server . . . . . . . . . . . : 192.168.1.2
  DHCPv6 IAID . . . . . . . . . . . : 79490683
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9F-BD-5A-BC-EE-7B-59-2D-EA

DNS Servers . . . . . . . . . . . : 192.168.1.2
  NetBIOS over Tcpip. . . . . . . . : Enabled

KOM

Your Win81 client is set to use 192.168.1.2 for both gateway and DNS.  Do you have a router at that address handling DNS and acting as your gateway?  I suspect not, so you probably want to change that from .2 to .1 or your Win81 client won't have Internet access (I'm assuming you want pfSense to act as your general router/firewall?)

WisceBIat

@KOM:

Your Win81 client is set to use 192.168.1.2 for both gateway and DNS.  Do you have a router at that address handling DNS and acting as your gateway?

Yes, I do. It was initially 192.168.1.1, but I changed it to 192.168.1.2

I don't want pfsense to do anything except for inspect traffic. I want my router to do all that LAN stuff (DHCP, Nat, etc).

KOM

I don't want pfsense to do anything except for inspect traffic. I want my router to do all that LAN stuff (DHCP, Nat, etc).

This would have been good to know much earlier in this discussion.  I had assumed that you wanted pfSense as your router/firewall and you were going to use the Wifi router as an AP, which is the preferred way to do it instead of double-NAT.  I would recommend you rethink your approach and simplify it.

WisceBIat

Ok, I understand what you mean. I was more inclined to do the double NAT because I bought the router not too long ago and feel kind of sad not using it too it's fullest potential.

If I were to avoid double Nat then what would I have to do as setup?

KOM

While I have done a lot of work in both VMware and Virtualbox, I've never done this hack that you're trying to get going.  Change your Wifi router's mode to just be an access point.  I;m not sure at thuis point if you need a switch for the Wifi route or if you can plug it directly into your Win81 client LAN NIC.  It may work without a switch but a switch is cheap.  Then you need to change your Win81 client network settings so that it's pointing to pfSense LAN IP (192.168.1.1) for gateway and DNS.

WisceBIat

This is what I want to do, but I'm not sure to accomplish it, hence the question marks.

KOM

WAN is .3 now?  I thought it was .1…  Is your pfSense WAN set to DHCP or static, and what's its currently-assigned IP address??