Pfsense + Windows 8.1 + Virtual Box



  • Hello,

    I'm having trouble with my initial PfSense setup using the following:

    1. pfSense-LiveCD-2.2.5-RELEASE-amd64-20151104-1549
    2. Windows 8.1
    3. VirtualBox Graphical User Interface Version 5.0.10 r104061
    4. RT-AC56R WIFI Router
    5. Cable Modem provided by my ISP (Videotron)
    6. Dual Port Intel NIC (D33682)

    The setup is supposed to look like this:

    MODEM –--> Windows 8.1 running PfSense in Virtual Box ---> RT-AC56R

    The modem plugs into the first port on my DUAL port NIC, then goes through PFSense running in a VM and finally the traffic leaves out my second port and into my RT-AC56R router. All LAN traffic does not pass through the firewall, only traffic destined to the Internet and from the internet should go thorugh the firewall.

    In Virtual Box I've got two network adapters setup in Bridged mode ( 1 for each port on my dual port NIC). PfSense boots up and sees EM0(WAN) and EM1(LAN).

    After this I don't know what to do. I Managed to get into the WEB interface once, but it must have been luck because the page doesn't load anymore.



  • No idea about what you're really trying to do.  Is this a lab or are you trying to run a firewall off of a Windows client OS?  No idea about your network details, and those are usually key to figuring out a network issue.  You have two NICs bridged to LAN, but you're trying to make one a WAN.  Are these static or dynamic IP addresses assigned to each?

    To access the WebGUI, you need a client on the same network as the pfSense LAN interface.



  • @KOM:

    Is this a lab or are you trying to run a firewall off of a Windows client OS?

    Extremely unconventional setup of running PfSense in a VM on my Windows 8.1 Desktop, and this is not a lab.

    The desktop has 2 NIC's. One is built into the motherboard and is used to connect wirelessly to the Internet through my RT-AC56R. The other was recently purchased off Ebay to serve as my firewall NIC because it has 2 ethernet ports built into it.

    My local network looks like this now: Modem –-> RT-AC56R (DHCP, NAT, 192.168.1.0/24) ---> LAN
    What I want to do is this : MODEM ----> Windows 8.1 running PfSense in Virtual Box ---> RT-AC56R (DHCP, NAT, 192.168.1.0/24)



  • Honestly, I have no idea why people keep wanting to do this.  Why not grab an El Cheapo PC from the nearest landfill and use that instead of hairpinning your connection through a virtual machine and exposing a Windows client directly to the Internet?

    I also should have been more clear when I asked for network details.  What I was asking for are:

    WAN IP address, subnet mask, gateway
    LAN IP address, subnet mask
    Client PC IP address, subnet mask



  • My cheapo PC died a few months ago actually, and I just thought I would try things out like this for now. It's not ideal and would not be acceptable anywhere except for my home network.

    Here is my WAN information given to me by the routing table in my router :

    Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
    96.21.125.1    *              255.255.255.255 UH    0      0        0 WAN
    96.21.125.0    *              255.255.255.0  U    0      0        0 WAN
    192.168.1.0    *              255.255.255.0  U    0      0        0 LAN
    default        96.21.125.1    0.0.0.0        UG    0      0        0 WAN

    LAN IP address, subnet mask: 192.168.1.0/24

    Client PC IP address, subnet mask: My PC running Windows 8.1 and the Virtual Box VM: 192.168.1.69 - 255.255.255.0



  • OK, so WAN is 96.21.125.1.  Your LAN can't be .0 since that is reserved for the network address, so what is it's IP address (go to the console view in Virtualbox VM for pfSense and it will list the interfaces and their addresses).  I also forgot to ask you what you have set for your gateway on the Win8.1 box?



  • Lan IP Address in Pfsense was giving me 192.168.1.1/24 and then I was able to login to the interface with that.

    Here is a copy and paste from command prompt on my Windows 8.1 machine

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-V
      Physical Address. . . . . . . . . : BC-EE-7B-59-2D-EA
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::e010:d16c:407c:5c13%4(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : December 9, 2015 10:21:35 PM
      Lease Expires . . . . . . . . . . : December 11, 2015 10:21:35 AM
      Default Gateway . . . . . . . . . : 192.168.1.2
      DHCP Server . . . . . . . . . . . : 192.168.1.2
      DHCPv6 IAID . . . . . . . . . . . : 79490683
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-9F-BD-5A-BC-EE-7B-59-2D-EA

    DNS Servers . . . . . . . . . . . : 192.168.1.2
      NetBIOS over Tcpip. . . . . . . . : Enabled



  • Your Win81 client is set to use 192.168.1.2 for both gateway and DNS.  Do you have a router at that address handling DNS and acting as your gateway?  I suspect not, so you probably want to change that from .2 to .1 or your Win81 client won't have Internet access (I'm assuming you want pfSense to act as your general router/firewall?)



  • @KOM:

    Your Win81 client is set to use 192.168.1.2 for both gateway and DNS.  Do you have a router at that address handling DNS and acting as your gateway?

    Yes, I do. It was initially 192.168.1.1, but I changed it to 192.168.1.2

    I don't want pfsense to do anything except for inspect traffic. I want my router to do all that LAN stuff (DHCP, Nat, etc).



  • I don't want pfsense to do anything except for inspect traffic. I want my router to do all that LAN stuff (DHCP, Nat, etc).

    This would have been good to know much earlier in this discussion.  I had assumed that you wanted pfSense as your router/firewall and you were going to use the Wifi router as an AP, which is the preferred way to do it instead of double-NAT.  I would recommend you rethink your approach and simplify it.



  • Ok, I understand what you mean. I was more inclined to do the double NAT because I bought the router not too long ago and feel kind of sad not using it too it's fullest potential.

    If I were to avoid double Nat then what would I have to do as setup?



  • While I have done a lot of work in both VMware and Virtualbox, I've never done this hack that you're trying to get going.  Change your Wifi router's mode to just be an access point.  I;m not sure at thuis point if you need a switch for the Wifi route or if you can plug it directly into your Win81 client LAN NIC.  It may work without a switch but a switch is cheap.  Then you need to change your Win81 client network settings so that it's pointing to pfSense LAN IP (192.168.1.1) for gateway and DNS.



  • This is what I want to do, but I'm not sure to accomplish it, hence the question marks.



  • WAN is .3 now?  I thought it was .1…  Is your pfSense WAN set to DHCP or static, and what's its currently-assigned IP address??


Log in to reply