Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersRoute all VM+host traffic through PFSense VM in VMware Workstation?
kenkeniff

628 posts

Ultimate Geek
+1 received by user: 88


#140936 24-Feb-2014 22:38
Send private message

Kind of a continuation of this thread:

Basically what I'm trying to do is route all my internet traffic for my Host OS and VM's through my PFsense VM so that I can manage a centralised firewall and setup appropriate port forwarding as needed from my public IP addresses.

I have a hosted Windows 2012 dedicated server with 4x public IPv4's allocated to it. e.g:

101.0.102.100/29 --|--> WIN2012_HOST
101.0.102.101/29 --|
101.0.102.102/29 --|
101.0.102.103/29 --|

And a gateway of 101.0.102.199.

On the server I'm running VMware Workstation with a bunch of guest VM's including PFSense.

WIN2012_HOST
   |- PFSense_VM
   |- Guest1_VM
   |- Guest2_VM
   |- Guest3_VM
   |- Guest4_VM

I setup the PFsense VM with two network interfaces; 1xWAN (Bridged with physical host interface) and 1xLAN (Virtual host-only interface) so now I have a virtual NAT'd network for my VM's.

In PFSense; I gave the WAN adapter the second spare public IP and setup the remaining 2 as 'Virtual IP's. I then enabled DHCP and in VMware added the virtual host-only interface to my other VM's to get them on the private network.

101.0.102.100/29 ----> WIN2012_HOST
101.0.102.101/29 --|-->  PFSense_VM - 192.168.1.1/24
101.0.102.102/29 --|         |- Guest1_VM   - 192.168.1.2/24
101.0.102.103/29 --|         |- Guest2_VM   - 192.168.1.3/24
                                       |- Guest3_VM   - 192.168.1.4/24
                                       |- Guest4_VM   - 192.168.1.5/24

What I really want however is to end up with this:
101.0.102.100/29 --|--> PFSense_VM            - 192.168.1.1/24
101.0.102.101/29 --|       |- WIN2012_HOST  - 192.168.1.2/24
101.0.102.102/29 --|       |- Guest1_VM         - 192.168.1.3/24
101.0.102.103/29 --|       |- Guest2_VM         - 192.168.1.4/24
                                     |- Guest3_VM         - 192.168.1.5/24
                                     |- Guest4_VM         - 192.168.1.6/24

I found a post here which is basically what I'm trying to do however it's a bit confusing so would appreciate if someone could please walk me through getting my Host OS onto my private network and routing its traffic through my PFSense VM too.

I haven't played around too much with it as I'm working over RDP any don't want to end up killing my connection however I do have KVM access if all goes too wrong.

Filter this topic showing only the reply marked as answer Create new topic
Zeon
3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #993729 24-Feb-2014 23:10
Send private message

Your much better to get your ISP to route you your /29 subnet via a linking /30 subnet. You can then set your Servers with the actual IP addresses and just use PFsense for firewall rather than some hacky virtual IPs. Have you asked them about this?




Speedtest 2019-10-14



kenkeniff

628 posts

Ultimate Geek
+1 received by user: 88


  #993799 25-Feb-2014 06:58
Send private message

Zeon: Your much better to get your ISP to route you your /29 subnet via a linking /30 subnet. You can then set your Servers with the actual IP addresses and just use PFsense for firewall rather than some hacky virtual IPs. Have you asked them about this?


I can set the servers with the actual IP's now but that's not what I'm trying to do.

I want to be able to forward each IP to different ports on multiple VMs through PFSense, got it all setup except for the host.

kenkeniff

628 posts

Ultimate Geek
+1 received by user: 88


  #993991 25-Feb-2014 11:17
Send private message

Ok so I'm almost there;

On my Host OS I have two network adapters (one physical + one virtual):

WAN
IP - 101.0.102.100/29
Gateway - 101.0.102.99

VLAN
IP - 192.168.1.2/24
Gateway - 192.168.1.1

PFsense now has the three remaining IPs assigned (101.0.102.101, 101.0.102.102, 101.0.102.103).

And I've setup port forwarding from WAN 101.0.102.101:3389 to LAN 192.168.1.2:3389 so I can RDP to my Host OS through the firewall.

I can access VLAN IP addresses from my Host OS (192.x) however any outbound WAN Host traffic still goes through the WAN adapter and incoming traffic to 101.0.102.100 still arrives directly at the Host machine.

How do I make the final step and basically remove the WAN adapter from the Host so all traffic goes through VLAN and I can assign that last IP to my PFsense VM?

(I've tried just disabling the adapter but it obviously just kills all WAN traffic even to to my VMs)



hio77
'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified
Trusted
Lizard Networks
Subscriber

  #993994 25-Feb-2014 11:24
Send private message

although my situation was purely for caching and bandwith management in a local network with vmware workstations and pfsense, i would say the same situation applies really.

what we did, is had a nic that the internet came in on, that nic had TCP/IP etc disabled, so it was basically a dummy connection then just passed that to the VM.


traffic from the PFsense VM went out a different nic (in your case the virtual) and routed around all nicely.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have. 

kenkeniff

628 posts

Ultimate Geek
+1 received by user: 88


  #994010 25-Feb-2014 11:50
Send private message

hio77: although my situation was purely for caching and bandwith management in a local network with vmware workstations and pfsense, i would say the same situation applies really.

what we did, is had a nic that the internet came in on, that nic had TCP/IP etc disabled, so it was basically a dummy connection then just passed that to the VM.


traffic from the PFsense VM went out a different nic (in your case the virtual) and routed around all nicely.



Simple as that eh, I just disabled TCP/IPv4 on the WAN adapter and all seems to be working as desired.

Thanks

hio77
'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified
Trusted
Lizard Networks
Subscriber

  #994012 25-Feb-2014 11:51
Send private message

kenkeniff:
hio77: although my situation was purely for caching and bandwith management in a local network with vmware workstations and pfsense, i would say the same situation applies really.

what we did, is had a nic that the internet came in on, that nic had TCP/IP etc disabled, so it was basically a dummy connection then just passed that to the VM.


traffic from the PFsense VM went out a different nic (in your case the virtual) and routed around all nicely.



Simple as that eh, I just disabled TCP/IPv4 on the WAN adapter and all seems to be working as desired.

Thanks



some may see its as a brutish way of getting it sorted, but for us, resolved the exact issue you were having, and clearly worked for you too :)




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have. 

Filter this topic showing only the reply marked as answer Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright