Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersRoute all VM+host traffic through PFSense VM in VMware Workstation?
kenkeniff

628 posts

Ultimate Geek


#140936 24-Feb-2014 22:38
Send private message

Kind of a continuation of this thread:

Basically what I'm trying to do is route all my internet traffic for my Host OS and VM's through my PFsense VM so that I can manage a centralised firewall and setup appropriate port forwarding as needed from my public IP addresses.

I have a hosted Windows 2012 dedicated server with 4x public IPv4's allocated to it. e.g:

101.0.102.100/29 --|--> WIN2012_HOST
101.0.102.101/29 --|
101.0.102.102/29 --|
101.0.102.103/29 --|

And a gateway of 101.0.102.199.

On the server I'm running VMware Workstation with a bunch of guest VM's including PFSense.

WIN2012_HOST
   |- PFSense_VM
   |- Guest1_VM
   |- Guest2_VM
   |- Guest3_VM
   |- Guest4_VM

I setup the PFsense VM with two network interfaces; 1xWAN (Bridged with physical host interface) and 1xLAN (Virtual host-only interface) so now I have a virtual NAT'd network for my VM's.

In PFSense; I gave the WAN adapter the second spare public IP and setup the remaining 2 as 'Virtual IP's. I then enabled DHCP and in VMware added the virtual host-only interface to my other VM's to get them on the private network.

101.0.102.100/29 ----> WIN2012_HOST
101.0.102.101/29 --|-->  PFSense_VM - 192.168.1.1/24
101.0.102.102/29 --|         |- Guest1_VM   - 192.168.1.2/24
101.0.102.103/29 --|         |- Guest2_VM   - 192.168.1.3/24
                                       |- Guest3_VM   - 192.168.1.4/24
                                       |- Guest4_VM   - 192.168.1.5/24

What I really want however is to end up with this:
101.0.102.100/29 --|--> PFSense_VM            - 192.168.1.1/24
101.0.102.101/29 --|       |- WIN2012_HOST  - 192.168.1.2/24
101.0.102.102/29 --|       |- Guest1_VM         - 192.168.1.3/24
101.0.102.103/29 --|       |- Guest2_VM         - 192.168.1.4/24
                                     |- Guest3_VM         - 192.168.1.5/24
                                     |- Guest4_VM         - 192.168.1.6/24

I found a post here which is basically what I'm trying to do however it's a bit confusing so would appreciate if someone could please walk me through getting my Host OS onto my private network and routing its traffic through my PFSense VM too.

I haven't played around too much with it as I'm working over RDP any don't want to end up killing my connection however I do have KVM access if all goes too wrong.

Filter this topic showing only the reply marked as answer Create new topic
Zeon
3861 posts

Uber Geek

Trusted

  #993729 24-Feb-2014 23:10
Send private message

Your much better to get your ISP to route you your /29 subnet via a linking /30 subnet. You can then set your Servers with the actual IP addresses and just use PFsense for firewall rather than some hacky virtual IPs. Have you asked them about this?




Speedtest 2019-10-14

Affiliate link
 
 
 

Affiliate link: NordVPN allows you to securely access the Internet, encrypt your connection and keep your browsing history private.
kenkeniff

628 posts

Ultimate Geek


  #993799 25-Feb-2014 06:58
Send private message

Zeon: Your much better to get your ISP to route you your /29 subnet via a linking /30 subnet. You can then set your Servers with the actual IP addresses and just use PFsense for firewall rather than some hacky virtual IPs. Have you asked them about this?


I can set the servers with the actual IP's now but that's not what I'm trying to do.

I want to be able to forward each IP to different ports on multiple VMs through PFSense, got it all setup except for the host.

kenkeniff

628 posts

Ultimate Geek


  #993991 25-Feb-2014 11:17
Send private message

Ok so I'm almost there;

On my Host OS I have two network adapters (one physical + one virtual):

WAN
IP - 101.0.102.100/29
Gateway - 101.0.102.99

VLAN
IP - 192.168.1.2/24
Gateway - 192.168.1.1

PFsense now has the three remaining IPs assigned (101.0.102.101, 101.0.102.102, 101.0.102.103).

And I've setup port forwarding from WAN 101.0.102.101:3389 to LAN 192.168.1.2:3389 so I can RDP to my Host OS through the firewall.

I can access VLAN IP addresses from my Host OS (192.x) however any outbound WAN Host traffic still goes through the WAN adapter and incoming traffic to 101.0.102.100 still arrives directly at the Host machine.

How do I make the final step and basically remove the WAN adapter from the Host so all traffic goes through VLAN and I can assign that last IP to my PFsense VM?

(I've tried just disabling the adapter but it obviously just kills all WAN traffic even to to my VMs)



hio77
'That VDSL Cat'
12970 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #993994 25-Feb-2014 11:24
Send private message

although my situation was purely for caching and bandwith management in a local network with vmware workstations and pfsense, i would say the same situation applies really.

what we did, is had a nic that the internet came in on, that nic had TCP/IP etc disabled, so it was basically a dummy connection then just passed that to the VM.


traffic from the PFsense VM went out a different nic (in your case the virtual) and routed around all nicely.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

kenkeniff

628 posts

Ultimate Geek


  #994010 25-Feb-2014 11:50
Send private message

hio77: although my situation was purely for caching and bandwith management in a local network with vmware workstations and pfsense, i would say the same situation applies really.

what we did, is had a nic that the internet came in on, that nic had TCP/IP etc disabled, so it was basically a dummy connection then just passed that to the VM.


traffic from the PFsense VM went out a different nic (in your case the virtual) and routed around all nicely.



Simple as that eh, I just disabled TCP/IPv4 on the WAN adapter and all seems to be working as desired.

Thanks

hio77
'That VDSL Cat'
12970 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #994012 25-Feb-2014 11:51
Send private message

kenkeniff:
hio77: although my situation was purely for caching and bandwith management in a local network with vmware workstations and pfsense, i would say the same situation applies really.

what we did, is had a nic that the internet came in on, that nic had TCP/IP etc disabled, so it was basically a dummy connection then just passed that to the VM.


traffic from the PFsense VM went out a different nic (in your case the virtual) and routed around all nicely.



Simple as that eh, I just disabled TCP/IPv4 on the WAN adapter and all seems to be working as desired.

Thanks



some may see its as a brutish way of getting it sorted, but for us, resolved the exact issue you were having, and clearly worked for you too :)




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00

Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00

Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51

ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28

GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41

Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41

Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04

Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50

Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54

Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50

Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48

NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06

New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14

Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10

Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup



RSS feeds
Main feed
Forums feed
Copyright
©2002-2022 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Slack
Geekzone on Twitter
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.