Go Back   Hardware Canucks > SOFTWARE > Networking

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old November 6, 2012, 08:13 PM
lowfat's Avatar
Moderator
 
Join Date: Feb 2007
Location: Grande Prairie, AB
Posts: 7,973

My System Specs

Default Pfsense in a virtual machine

I am trying to setup a network w/ the VM of pfsense as my main router. My computer has 2 NICs. One as my WAN and the other as my LAN. Now the question is; Is it possible for the host machine to be behind the pfsense firewall? Which once again is a virtual machine.
Reply With Quote
  #2 (permalink)  
Old November 6, 2012, 08:36 PM
botat29's Avatar
Allstar
 
Join Date: Oct 2010
Location: Montreal
Posts: 828
Default

you will be better with 3 NICs and bridge 1 nic of the VM to the LAN and bridge the second to the WAN , third one will be the host , if you use 2, I'm pretty sure the only one you can NAT is the WAN , not to good.
Reply With Quote
  #3 (permalink)  
Old November 7, 2012, 07:29 AM
lowfat's Avatar
Moderator
 
Join Date: Feb 2007
Location: Grande Prairie, AB
Posts: 7,973

My System Specs

Default

Hmm. Not sure what you are saying there.

Maybe I'll make my goal clearer. I want my entire network to be behind the pfsense firewall including the PC that the VM of pfsense is running off. Is this possible? My CPU does not have Vt-d, would a Vt-d CPU help?

I'd rather buy a new CPU than buy an entirely new rig to use as pfsense machine. So using the virtual machine would be the better solution if possible.
Reply With Quote
  #4 (permalink)  
Old November 7, 2012, 07:46 AM
BlueByte's Avatar
Allstar
 
Join Date: Feb 2011
Location: Maynooth
Posts: 540
Default

I don't know what you are using for your VM software but yes you should be able to. If you view your NICs are ports on a router with the ability to plug into ether side of the router virtually then it might make it clearer.

Internet-->PC NIC1(disable iptcp4 on host)-->pfsense VM with two NICs-->PC NIC2(keep host settings normal, gateway, dhcp etc)-->home switch

this will have your host PC go out onto your home switch and then do a 180(might be smart enough never to actually hit the switch but think of it this way) and came back through for the bridged pfsense router connection. VMware is pretty easy to do this with, I assume the others would be equally easy. if you use vmware, I would use the workstation or player over the windows vmware server.... it is garbage imho. If you really want to do it right use ESX and vm your current server with a separate vm for pfsense.
Reply With Quote
  #5 (permalink)  
Old November 7, 2012, 08:00 AM
"Quote This..."
F@H
 
Join Date: Nov 2007
Location: Hell
Posts: 3,828
Default

Seems simple to me. Connect the pfsense vm to the wan nic and point your other vm's at it as the gateway.
Reply With Quote
  #6 (permalink)  
Old November 7, 2012, 08:31 AM
botat29's Avatar
Allstar
 
Join Date: Oct 2010
Location: Montreal
Posts: 828
Default

Quote:
Originally Posted by lowfat View Post
Hmm. Not sure what you are saying there.

.
When you use VM, you have 3 choices for your virtual network,

NAT; it will share the same NIC as the HOST PC,
Bridged ; the NIC will be use only by the VM
Internal: not usefull here

NIC 1 ( bridge ) ; use by PFsence in the VM to connect to the WAN, example a cable modem
NIC 2 ( bridge) ; use by PFsence to connect to your switch
NIC 3 ; use to connect the host to the switch



with this setup it's like if you are using PfSense in a dedicated PC , depending o the VM hypervisor it can be very hard to make your PCs on the network communicate with Pfsense if you are using NAT


here a small drawing, the VM is represented as a smaller pc inside the host


Last edited by botat29; November 7, 2012 at 08:46 AM.
Reply With Quote
  #7 (permalink)  
Old November 7, 2012, 09:29 AM
3.0charlie's Avatar
3.0 "I kill SR2's" Charlie
F@H
 
Join Date: May 2007
Location: Laval, QC
Posts: 9,643

My System Specs

Default

Quote:
Originally Posted by BlueByte View Post
I don't know what you are using for your VM software but yes you should be able to. If you view your NICs are ports on a router with the ability to plug into ether side of the router virtually then it might make it clearer.

Internet-->PC NIC1(disable iptcp4 on host)-->pfsense VM with two NICs-->PC NIC2(keep host settings normal, gateway, dhcp etc)-->home switch

this will have your host PC go out onto your home switch and then do a 180(might be smart enough never to actually hit the switch but think of it this way) and came back through for the bridged pfsense router connection. VMware is pretty easy to do this with, I assume the others would be equally easy. if you use vmware, I would use the workstation or player over the windows vmware server.... it is garbage imho. If you really want to do it right use ESX and vm your current server with a separate vm for pfsense.
That's exactly my own setup, using ESXi as the back end and VMSphere as the front end, with the Autostart feature enabled in both BIOS and VMSphere. Hardware is Asus M3A78-EM + AMD 920BE + Intel Gbit PCI NIC + 2Gb DDR2. ESXi is loaded on a USB stick, with a duplicate back-up inside the case if it ever dies. Secondary HDD is an old Hitachi 500Gb.

Now if you have a more powerful rig, you can easily add other VMs using VMSphere. I run W8, Ubuntu and OSX alongside PfSense.
__________________
Hydro-Quebec is salivating...
Reply With Quote
  #8 (permalink)  
Old November 7, 2012, 12:59 PM
Top Prospect
 
Join Date: Apr 2010
Location: East Van
Posts: 50

My System Specs

Default

Seems pretty straightforward. NIC #1 is assigned exclusively to the pfsense VM and is used as the WAN connection to the cable modem. NIC #2 is bridged with the pfsense VM and this bridge is the LAN. pfsense can number itself as the gateway IP on the LAN bridge, and the host can number itself on the "physical" NIC #2 as another LAN host. NIC #2 is then connected to a LAN switch for any other LAN clients that want to join in. There's no need for a 3rd NIC at all. Just a software-only bridge on the LAN side.
Reply With Quote
  #9 (permalink)  
Old November 7, 2012, 03:36 PM
botat29's Avatar
Allstar
 
Join Date: Oct 2010
Location: Montreal
Posts: 828
Default

Quote:
Originally Posted by Ardric View Post
There's no need for a 3rd NIC at all. Just a software-only bridge on the LAN side.
We don't know what lowfat use as hyper-visor, if he NAT the second NIC with the host, the host and the rest of PCs may not see the Internet, it's why I suggest a third NIC as it will work in any case.
Reply With Quote
  #10 (permalink)  
Old November 7, 2012, 03:45 PM
Top Prospect
 
Join Date: Apr 2010
Location: East Van
Posts: 50

My System Specs

Default

Quote:
Originally Posted by botat29 View Post
We don't know what lowfat use as hyper-visor, if he NAT the second NIC with the host, the host and the rest of PCs may not see the Internet, it's why I suggest a third NIC as it will work in any case.
But he wouldn't run NAT on the host or the windows guest at all. That job is assigned to the pfsense guest. All we need is for the hypervisor to create a bridge group and attach both the physical NIC #2 and the guest virtual LAN NICs to the bridge. Unless I'm not understanding what you mean... ?
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
is there a virtual machine that supports more then 8 cores? Shadowmeph O/S's, Drivers & General Software 6 April 19, 2012 07:12 AM
PFsense on RSA appliance lcdguy Networking 5 July 7, 2011 07:24 PM
pfSense, FreeNAS and SABnzbd+ in one box ADay2Long New Builds 12 April 21, 2011 03:12 PM
YOu are using VM ( Virtual Machine) for ? botat29 O/S's, Drivers & General Software 6 April 3, 2011 01:16 PM
WinSMP MPICH vs Virtual Machine Dwayne HardwareCanucks F@H Team 5 April 12, 2009 09:45 AM