Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing with 2 pfsense VMs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 907 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cycleking
      last edited by

      Hi everyone,

      Long time lurker, first time poster.

      I have a noob question here and hoping ya'll could help me out a bit. So I have a virtualbox deployment with the following VMs.

      2x Windows 8.1 Clients
      2x pfSense VMs

      The setup is as follows:

      1st Win 8.1 Client
      IP: 10.10.10.50
      SN: 255.255.255.0
      GW: 10.10.10.1

      1st pfSense
      WAN: 12.34.56.78
      LAN: 10.10.10.1

      2nd Win 8.1 Client
      IP: 172.16.10.50
      SN: 255.255.255.0
      GW: 172.16.10.1

      2nd pfSense
      WAN: 87.65.43.21
      LAN: 172.16.10.1

      My issue is that i'm trying to replicate two remote offices but I cannot ping either IPs on the WAN side of the pfSense routers. I have configured the Routes giving the IP address of the WAN for either side of the pfSense routes.

      I've attached a diagram of what I have in my lab.

      Please let me know if you need more info.

      Thanks in advance for all of your great help!

      -Shawn

      Capture.JPG
      Capture.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Are they real WAN IP addresses with real ISP service on both or is it just a lab?

        If the former, check that your WAN firewall rules pass the traffic you're trying to pass (like ICMP if you want to ping.)

        If the latter you are going to need a third router. One that has both WAN subnets on interfaces and freely routes between them. It would be taking the place of "The Internet." I'd be inclined to use a layer 3 switch for it, but another pfSense instance would do fine too if you wanted to keep it all in the virtual environment. Both existing pfSense instances would have the appropriate interface on the third pfSense as its default gateway.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          cycleking
          last edited by

          Thanks Derelict!

          Yes this is 100% lab environment. I will put in place what you have outlined below and let you know my outcome.

          1 Reply Last reply Reply Quote 0
          • C
            cycleking
            last edited by

            Alright, so everything went well yesterday, but I have one more question.

            The new pfSense vm I built it with the 10.x.x.x network for both WAN and LAN and put the two original pfSense vms on the same network 10.x.x.x for WAN, I kept my LAN on the original 172.16 and 10.10 respectively. Now my question is what if I wanted to replicate a real world scenario where the WAN parts of the vms are all different just like in the real world how could I have Site A talk to Site B when they have different WAN IPs?

            Thanks

            Shawn

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              If the latter you are going to need a third router. One that has both WAN subnets on interfaces and freely routes between them. It would be taking the place of "The Internet."

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.