Help the Newbie :(



  • Hi Here's my setUP

    1 Host (WinSvr2012R2 OS) >> 2VirtualMachines > HyperV

    *VM1 DNS/DHCP/ActiveDirectory Servers >> IPAddress 192.168.1.2

    *VM2 EXCHANGE SERVER 2013 >> IPAddress 192.168.1.3

    VIRTUAL SWITCH >> IPAddress 192.168.1.4

    PFSENSE BOX - 192.168.1.254(FIREWALL) with 2 NICs (WAN & LAN)

    WAN NIC >>>> MODEM >>> ISP >>> INTERNET

    LAN NIC(192.168.1.254) >>> SWITCH <<<<<  DNS/DHCP/AD servers(192.168.1.2)
                                                    SWITCH <<<<<  EXCHANGE server (192.168.1.3)

    both VM Servers has a SUBNET of 255.255.255.0 and their GATEway is 192.168.1.254 and the DNS Server is 192.168.1.2

    ****ON PFSENSE SIDE

    ****Configures DNS Server - 192.168.1.2 Use Gateway WAN_PPPoE -wan-xxx

    *** WAN Interface PPPoE
    *** LAN Interface Static IPv4 - 192.168.1.254

    -Please correct to this if it wrong-
    DHCP disabled since I want my DHCP to be handled by my DHCP Server Virtual Machine
    (DHCP Relay enabled - destination server - 192.168.1.2)

    with all of this setting and connection WebGui of pfsense confirmed my WAN and LAN

    *my HOST PC (and my VirtualSwitch as well) - 192.168.1.4 can PING 2 VM's and FIREWALL
    *my Exchange Server Virtual Machine - FIREWALL and HOST PC and DNS/DHCP/AD server
    *my DNS/DHCP/AD server can PING Exchange Server and HOST PC BUT CANT PING FIREWALL
    *my Firewall CAN PING Exchange Server and HOST PC BUT CANT PING DNS/DHCP/AD server
    WHY IS THAT?

    Plus I want to configure my wireless router to become ACCESS POINT to my Wireless Client
    to get IPAddress and Access the internet, how can I achieve this? what cable connection and PFsense configuration must I do.?

    Thank you! ;)



  • If you want pfSense to use you AD DNS server then you need to modify a couple of your settings (that is pfSense only queries the server on 192.168.1.2 and nothing else). I'm assuming that you have your ISP's DNS servers specified as forwarders in your AD DNS server.

    Under System General Setup

    • Enter the IP of your AD DNS server, but do not specify a gateway (based on your current settings pfSense is being told to send the DNS query out of the WAN interface which will not get to your DNS server)

    • Uncheck Allow DNS server list to be overridden by DHCP/PPP on WAN

    • Check Do not use the DNS Forwarder or Resolver as a DNS server for the firewall

    Using your AD DHCP server you need to disable the DHCP server on pfSense. You also need to leave the DHCP relay disabled (you would only enable the relay if you had another LAN segment and wanted your AD DHCP server to manage that as well).

    As for the ping issues, double check the firewall settings in the Windows Server host and VMs to make sure that nothing is blocking ping from those hosts. Also check the firewall logs on pfSense to see if things are being blocked. When using ping on Windows try ping -4 hostname. Windows could be trying to send the ping via IPv6 and this will force it to use the IPv4 addresses.

    One issue I encountered when running a virtual AD server, is that the host wouldn't detect the network as being in a domain at boot because the AD server wasn't up and running when the network location awareness service started, and would set the network type on the host as private or public. This would cause havoc with connecting to it as the host would adopt stricter firewall rules. The only way to resolve this was to temporarily stop the network location awareness service, enable and then disable the network interface on the host, and then restart the  network location awareness service.

    What are you firewall rules on pfSense? Do you have the default allow all rules from your LAN for IPv4 and IPv6?

    For your wireless access point, you need to put it in access point mode. Depending on what the model is, some let you chose the mode and change all the settings for you, others require you to manually change the settings. You will need to do the following on your AP:

    • give it a static IP address, assign pfsense as the gateway and your AD DNS server for DNS

    • disable NAT

    • disable DHCP server

    • disable firewall

    • setup your WLAN

    When a client connects to your WLAN, the AD DHCP server will issue it with the details.



  • Hi! @kesawi thank you for immediate reply., I'll try your recommendation I just need to clarify something,

    • "you have your ISP's DNS servers specified as forwarders in your AD DNS server"
      –-- you mean to set my Public IP given by my ISP in DNS Forwarder?

    *For your wireless access point
    ---- What port port in my router should I use when connecting the physical cable? should I connect to one of my LAN Port of my Router to >>> one port of my Switch?



  • @papotz:

    • "you have your ISP's DNS servers specified as forwarders in your AD DNS server"
      –-- you mean to set my Public IP given by my ISP in DNS Forwarder?

    See http://trekker.net/archives/configure-a-dns-server-on-windows-server-2012-or-2012-r2-to-use-opendns/. Substitute the OpenDNS server IPs given in that example with whatever external DNS server you want to use (your ISP's, Google's, etc). It's not essential but you may find it quicker than using the default Root Hints for lookups in AD DNS.

    *For your wireless access point
    –-- What port port in my router should I use when connecting the physical cable? should I connect to one of my LAN Port of my Router to >>> one port of my Switch?

    Yes, connect one of the LAN ports on the wireless AP to one of the ports on your the switch.



  • Hey sorry for the delayed update just want to thank @kesawi it works! Thank you. :)

    Just having problem when installing squid to act as proxy server.., when squid is installed any link you click on a website will omit the https:// on the address then will show err in connection error..