Pfsense установка и настройка vmware
In some of my last blog posts, we covered the installation of pfSense on BareMetal, meaning on old physical PC, and different hypervisors such as pfSense on KVM, VMware workstation, and so on.
In this blog, we will cover how you can install pfSense on a virtual box hypervisor. Since Oracle VirtualBox is free and supports Windows, MAC, and Linux operating systems, it is a great choice for someone who wanted to start with pfSense. However, if you want a good performance, I recommend you to try Pfsense on either in KVM if you are a Linux user or a VMware workstation if you are a windows or MAC user.
I have also covered how you can get started with pfsense using labs with different scenarios here, I highly recommend checking out the article if you are new to pfsense and wanted to learn more.
Assumptions¶
Proxmox VE host is up and running
Host has at least two network interfaces available for WAN and LAN.
pfSense software ISO image is present on the Proxmox VE host
5. PfSense installation.
The pfsense installation now will begin. You can accept the copyright notice.
Click on Install on the pfSense installer welcome screen.
You may choose the keymap of your choice, I am leaving the default one.
In the partitioning step, select Auto (UFS) BIOS and click on OK.
After few seconds the installation will now be completed, and you may now go there is nothing much here, you can click on No.
And go ahead and reboot the firewall.
After the reboot, you will be presented with the below screen, as you can see below the WAN interface got the DHCP IP address from my local network 192.168.0.196/24 and the LAN is configured with the default IP 192.168.1.1.
Let me ping the internet to see, whether I can reach the internet or not, so type the key 7 and enter the IP address that wanted to ping.
And we can reach the internet VIA the WAN interface.
4. Set up the Network.
Before you start the VM, you need to configure the Pfsense Network adapter in VirtualBox to use for the pfSense VM.
Does pfsense need two nics?
The Pfsense firewall has two interfaces: the outside interface that connects to the internet, and another is the LAN side interface that connects to the inside users. So you must use two NICs (network interface cards) while deploying the pfSense.
If you use a physical machine with a single NIC, you will have to split the interface and create VLANs to separate the traffic. Alternatively, use the USB to ethernet adapter along with the RJ45.
Things are very easy in a virtualized environment; those two NICs will act as a vnic (virtualnic) on the VirtualBox helps us connect the pfsense WAN and the LAN interfaces virtually.
As we would require two interfaces, one for the WAN and another for the LAN. Select the pfSense VM and click on Settings.
The internet connection is through the WAN link, and you can either configure the WAN interface as NAT or a Bridged interface.
If you choose the NAT interface, then the VirtualBox NAT engine has to translate the WAN IP address to the Host machine IP, which adds more overhead on the packet.
And if you choose the Bridge interface, it acts as a switch between the local network and the Virtualbox bridge interface; since your local router act as a DHCP server, it also gets an IP address from the DHCP server. With that IP, the pfsense can go out to the internet.
You can learn more about VirtualBox Networking here with examples. So you should be able to make the right choice based on your requirement.
Connect the WAN interface.
Choose the first adapter as Bridge Adapter which is the WAN interface.
Note: Under name ensure you choose the right physical interface that you are using it to connect to the LAN network on the Host machine.
Connect the LAN interface.
The second adapter is VirtualBox Internal Network, which will act as a LAN adapter.
As the name suggests, the internal Network creates an internal network where only the VMs that are part of the network can talk to each other, and it isolates from the Host machine.
In the name, I changed to Pfsense-LAN so it is easy to identify.
So basically, the only way the host machine or anyone on the physical local network can talk to the internal network has to come via the pfsense WAN interface.
2. Create PfSense Virtual machine.
We are now going to create the pfSense firewall VM, so Click on File and new virtual machine.
In the New virtual machine wizard choose Typical.
In the installer disk file image, choose the PfSense image that you have downloaded earlier and click on Next.
By default, the VMware workstation would pick up the location where you wanted to install the pfSense as well as the name. You may leave the default location or choose a different one. And you may name the VM of your choice.
Maybe you will have a dedicated drive just for the VM installation, so you need to make sure you choose that specific drive here, otherwise, it is okay to leave the default.
1. Setup the pfSense VM in VirtualBox.
Open VirtualBox software and click on New to create new virtual machine.
A new window will pop up. You will have to define the name of the VM, for example, pfSense-fw. Also, choose the location where you wanted to save the pfSense virtual hard disk files.
In the Type, you need to make sure that you select BSD as the type and FreeBSD (64bit) as the version.
Click on Next.
Prerequisite.
Any version of the VMware workstation will work; however, I am using VMware workstation 16, which you can get it from here.
You can download the Pfsense image from here, make sure you choose AMD64, DVD image(iso) installer.
7. Start the pfSense VM instance.
Our prerequisite configuration has been completed now; let’s go ahead and start the VM by selecting the VM and clicking on Start.
Does PfSense work well with VMware workstation?
In VMware, you can pretty much run any operating system virtually. And the pfSense is based on FreeBSD operating system, and free BSD is the supported operating system by the VMware workstation. The pfSense firewall will work just fine with the VMware workstation pro.
7. pfSense initial setup.
You would get a security warning, ignore that and click on continue.
You will be prompted to enter the credentials; the username is admin and the password is pfsense and click on Sign in.
You will be taken to the initial setup wizard, since this is going to be the lab, I would choose the default options and eventually on the step 6 I would set the password for the web GUI.
Once reloaded you will be able to see the message Congratulations! pfSense is now configured. Click on Finish.
8. Install VMware tools in pfSense.
When you are using the any operating system on VMware workstation, it is recomeded that you install VMware tools to get best performance. It is no different for the pfsense.
Click on system and package manager.
In the package manager, click on Available packages and search for VMware.
You should be able to see Open-VM-Tools appeared, click on Install.
When you get a prompt click on confirm under package installer.
You will get a message that says, VMware tools package was successfully installed.
8. Initiate the pfSense installation.
After a few seconds, you will get a pfSense installer prompt, you may click on Accept to begin the installation.
Click on install now to begin the installation.
On the Keymap choose the default one or choose based on your language.
In the partitioning wizard, choose Auto (ZFS)and click on Ok.
- Hit enter on Install.
- Choose Stripe.
- Select the virtual hard disk by pressing the spacebar.
- In the ZFS configuration warning, say yes.
It basically tells you that it’s going to format the virtual hard disk.
The installation will now proceed automatically and will finish in a few seconds. Once completed, it would ask you whether you want to get into the shell to make further changes or not. Click on No.
On the next screen, choose Reboot.
This will reboot the pfsense VM, and boot into the virtual hard disk where we have installed the firewall.
LAB objective.
Below is the topology that we will work on. First, we will install the pfSense firewall on the Virtualbox and configure it with WAN and LAN interfaces. After Pfsense is connected to the internet, we can then go ahead and simulate the end-user machine by using the Linux mint and the Ubuntu on the LAN side and test the connectivity further.
11. Finish the initial setup wizard.
The initial setup wizard page will open, and the default settings will remain as it is. Only, In step 6, to configure the admin password, you may set your own admin password.
Note: Though I left the default settings in the setup wizard, you may change it if needed.
At the end of the wizard, you will get a message that says the pfSense installed successfully.
Click on Finish on the screen.
We have now successfully installed the pfSense firewall in the VirtualBox; you can now start making configuration changes using the web GUI; let’s go ahead and do one more test to make sure everything is working fine.
10. Access the pfSense web GUI in VirtualBox.
Post-installation of the PfSense for any other configurations you will have to do via the Web GUI.
So how do we access the pfSense web GUI in VirtualBox?
We have already configured the Linux Mint operating system on the VirtualBox, and I will use the same virtual machine to access the pfSense web GUI.
Connect the Linux mint to the PfSense LAN side.
Right-click on the Linux mint, and click on settings.
By default, the Network is configured with the NAT; you must change that to the internal network where we have connected the Pfsense LAN adapter.
This will bring both the pfsense LAN side and the VirtualBox VM on the same network.
Verify the IP address.
First, you need to make sure you got the IP address from the Pfsense DHCP service.
Start the VM, open the terminal, and type ip addr to see the IP address configuration. As you can see, I got the first IP address from the range.
You may ignore the security warning and you will get the login prompt.
Enter the username as admin and password as admin and click on Sign in.
First boot and interfaces assignment¶
The pfSense virtual machine should boot up quickly and prompt for interface assignments. Select N to not set up VLAN’s now.
In the following steps assign WAN and LAN interfaces to the appropriate network adapters. The MAC address can be verified against the virtual machine settings.
After assigning interfaces, pfSense software will finish the boot-up. Verify both interfaces have the correct IP addresses.
Congratulations! The virtual machine is now running pfSense software on Microsoft Hyper-V.
pfSense — дистрибутив для создания межсетевого экрана/маршрутизатора, основанный на FreeBSD. pfSense предназначен для установки на персональный компьютер, известен своей надежностью и предлагает функции, которые часто можно найти только в дорогих коммерческих межсетевых экранах. Настройки можно проводить через web-интерфейс что позволяет использовать его без знаний базовой системы FreeBSD.
Правила форума
Условием использования нашего форума, является соблюдение настоящих Правил форума.
Ваш вопрос может быть удален без объяснения причин, если на него есть ответы по приведённым ссылкам, а вы рискуете получить предупреждение.
07 окт 2013, 11:29
Не знаю почему так получилось, но на pfSense я не обращал внимания до тех пор пока мой hardware-router не заглючил до такой степени, что назревала мысль о покупке нового оборудования. Хм. А что выбрать-то, чтоб на грабли снова не наступать? Гугл мне назойливо предлагал pfSense. Чтож, можно попробовать, тем более его можно установить на любой компьютер. Как обычно, я тестирую ПО, если это возможно конечно, на виртуальной машине. Для начала я опишу как создать VM для pfSense и организовать автозапуск нашего роутера при загрузке основной ОС.
Теперь при запуске основной ОС наш роутер автоматически будет запускаться. Внимание! В списке запущенных виртуальных машин это не отображается.
Всё готово к установке самого pfSense.
И так, у нас есть настроенная виртуальная машина и пришла пора установить на неё этот самый pfSense. Для начала нам нужен образ iso, с которого можно установить систему. Переходим Для просмотра ссылок Вы должны быть авторизованы на форуме. и выбираем из довольно внушительного списка понравившееся Вам зеркало. Например, Для просмотра ссылок Вы должны быть авторизованы на форуме. . Выбираем там архив под именем pfSense-LiveCD-2.1-RELEASE-amd64.iso.gz и скачиваем в удобное место. Распаковываем и получаем установочный образ, который и подключаем к нашему роутеру.
- 1. Сбросить все настройки роутера к заводским.
2. Настроить роутер в режим Bridged PPPoE (implies Bridged Ethernet)
3. Назначить ему самый последний адрес в сети, например, у меня такой 192.168.1.254
4. Отключить, если есть, DHCP Server.
5. Сохранить настройки и перезагрузить железку.
Можно получать адрес автоматически, но если что-то не идёт, делаем так
Сетевые интерфейсы у нас определились как em0 и em1.
Для WAN (внешний интерфейс) назначаем - em1.
Для LAN (внутренний интерфейс) назначаем - em0.
Больше интерфейсов у нас нет, жмём Enter.
WAN -> em1
LAN -> em0
Do you want to proceed [y|n]? (Вы хотите продолжить?)
Подтверждаем "y"
Через некоторое время появится окно консольного интерфейса. Нам оно уже не требуется.
Все настройки далее будем производить из веб-интерфейса любимого браузера.
В адресной строке набираем Для просмотра ссылок Вы должны быть авторизованы на форуме. и нас автоматически перенаправляет на защищённое соединение.
Как-нибудь назовём наш роутер и домен локальной сети и пропишем адреса DNS-сервера нашего провайдера.
Галку не убираем.
Настраиваем PPPoE соединение с интернетом.
Не забудьте прописать параметр Idle timeout в секундах, если будет 0, то при разрыве соединения, роутер не будет его восстанавливать.
После завершения работы мастера настроек, консольный интерфейс роутера будет таким: (Из интерфейса VMWare можно выйти, т.е. закрыть его. Наш роутер будет работать в фоновом режиме)
Больше ничего настраивать не нужно, всё должно работать "из коробки". Фух, вроде всё правильно написал. Удачи!
14 окт 2013, 16:52
для новичка который ничего в этом не понимает ( просьба сильно не ругать), этот вариант использования вмваре как роутера как возможно использовать раскройте тему для чайника,
П.С. читаю ваш форум пока разбираюсь есть много вопросов, но не все сразу )
14 окт 2013, 17:43
AZANIR, у нас новичков не ругают. Что Вам конкретно непонятно? Виртуальный роутер используется точно также как и "железный", только в этом виртуальном роутере на порядок больше возможностей и он расширяемый, т.е. можно добавлять функциональность. Или я не понял сути Вашего вопроса. Спрашивайте, не стесняйтесь.
14 окт 2013, 18:02
вопрос состоит вот в чем , на данный момент я пользую роутер asus wl 500gp v2 но есть сним иногда проблемы то зависнет( благо есть ребут ) то было тупо умер еле его перепрошили. вот и вопрос каким образом я смогу пользовать вариант софта приведенного ранее.
И что для этого необходимо в материальном смысле тоесть 2 сетевых карты на компе итд. ну как бы я понимаю заходит нет в комп а как его раздавать с вмваре для меня пока загадка )
14 окт 2013, 18:23
AZANIR писал(а): ну как бы я понимаю заходит нет в комп а как его раздавать с вмваре для меня пока загадка
Эм. Никакой загадки тут нет. Ели всё правильно сделали, то теперь Ваш роутер asus wl 500gp v2 будет, очень грубо говоря, как свитч, т.е. 3 оставшихся свободных сетевых разъёмов и будут раздавать интернет. Wi-Fi на нём тоже отключите, т.к. он не будет раздавать интернет.
Спрашивайте дальше.
P.S. Надо дополнять статью, ибо этот момент как-то выпал из поля зрения
14 окт 2013, 18:33
во во как это сделать тупо механически
вот примерно как счас органнизованно
(программа в которой рисовал freemind)
тоесть как организовать все это в офисе чтоб раздать интернет и Wi-Fi оставить нада иногда у жены планшет она с клиентами через него работает , да и на мафоне моем тоже тот же нет нужен часть хотя не критично.
14 окт 2013, 19:23
AZANIR, Я тут глянул инфу на asus wl 500gp v2. В данном случае его можно исключить вообще и соединить по схеме:
Провайдер (ehernet PPPoE)->hub(switch)->компьютер (1 сетевая карта) с виртуальным роутером. Свитч будет раздавать интернет. Если надо Wi-Fi, можно подключить asus wl 500gp v2 к свитчу и настроить asus как точку доступа. А ещё лучше будет воткнуть в компьютер с виртуальным роутером. usb-Wi-Fi, и беспроводная сеть будет полностью под управлением pfSense.
14 окт 2013, 19:40
исходя из описанного прихожу к віводу что можно продать свой роутер , а вместо него купить usb-Wi-Fi, а в остальном работать приятно и локально при помощи виртуалки
подключение ehernet PPPoE будет производиться как я понял на виртуальной машине и уже с нее раздаваться всем остальным?
еще 1 вопрос какую виртуальную машину пользовать wmware или virtualbox,
и еще такой нескромный вопрос , есть несколько сайтов у меня хощу понятное дело на хостинге в нете, есть ли смысл заморачиваться со своим веб хостингом на основе скажем дебиан или убунту.
14 окт 2013, 20:37
AZANIR писал(а): подключение ehernet PPPoE будет производиться как я понял на виртуальной машине и уже с нее раздаваться всем остальным?
virtualbox - бесплатно, но функционал по-хуже чем у wmware. В Virtualbox я не знаю как запускать виртуальную машину автоматом, надо гуглить, а в остальном можно и на Virtualbox виртуальный роутер поднять.
AZANIR писал(а): есть ли смысл заморачиваться со своим веб хостингом на основе скажем дебиан или убунту.
Нужен бесшумный комп + надёжный бесперебойник + непадающий интернет со скоростью не ниже 100мбит + статический IP + доменное имя. Посчитайте расходы в месяц в деньгах + время на обслуживание и сразу будет видно есть ли смысл этим заморачиваться.
14 окт 2013, 20:58
SinglWolf, Нужен бесшумный комп + надёжный бесперебойник + непадающий интернет со скоростью не ниже 100мбит + статический IP + доменное имя. Посчитайте расходы в месяц в деньгах + время на обслуживание и сразу будет видно есть ли смысл этим заморачиваться.
*Нужен бесшумный комп стоит на работе на шум пофиг
*надёжный бесперебойник присуцтвует по умолчанию держит без света 30мин но если света не будет то и нета так как все получаю так скать в одном месте
*непадающий интернет со скоростью не ниже 10мбит присуцтвует могу поднять до 20 мб для моего хостинга в 20-100 человек на сайт должно хватить.
*доменное имя за имена и так плачу у регистратора тоесть реч идет о хостинге ( ну к примеру торент трекер есть но скоро там хостинг заканчивается хо может он мне нафиг нада )
- онже хостер онже и регистратор но есть проблемы к примеру торрент нельзя, ну и думаю если абузу напишут то тоже получу плюху а так полностью устраивает. (пакет кстати Експерт в год выходит немного больше 110у.е.) это не в целях рекламы это просто по опыту тем более есть у них фишка классная что каждому сайту можно указать пхп версию необходимую итд. пока год прошел доволен за исключением мелких ньюансов.
I have been running pfSense as my home firewall for quite some time now. Setting up for the first time would be the difficult part for many. But once you make it up and running, it works just great. Since it is open-source, there is no cost associated with it, and you can build a zero-dollar firewall setup by using the old computer as the firewall.
However, some of you out there, may not have an old PC lying around, and if that’s the case and you wanted to start the pfSense firewall journey, the option you have is by virtualizing them. If you are using Linux, you can prefer the KVM method to virtualize the PfSense in your environment.
What if you have windows or a MAC machine, how do you virtualize PfSense on them?
You can virtualize PfSense on windows in multiple ways. You could use VMware workstation pro, VirtualBox, or a Hyper-V.
If it is MAC, then VMware fusion (follow the same guide here) or VirtualBox.
In this blog, we are going to install the pfSense firewall on a VMware workstation. Since the VMware fusion works the same way as the workstation, the steps performed here are identical for MAC machines.
10. Block the internet traffic on the Centos Machine
Open pfSense, on the firewall click on Rules.
Choose the option Reject.
In the source IP, put the IP address of Centos VM which is 192.168.1.101.
You can log the packet if you want.
As you can see below, I have a rule in pfSense.
Now go back to Centos and Linux mint and try to browse the internet.
Note: you should be able to ping the public IP from both the machines.
As you can see, it is kept loading, but the page never comes up on the Centos.
But when I tried the same from Linux mint, I can access the internet, which is the expected result.
13. Verify the DHCP lease.
When we set up the VMs it automatically got the IP address right?
The pfSense assigned that on the LAN side of the firewall; The same can be verified using the DHCP lease on the PfSense firewall by clicking on the status > DHCP leases; as you can see, I have two IP’s that I received from the DHCP server.
If you want to connect more VMs to the firewall, all you got to do is deploy the VM in VirtualBox and change its the adapter to the internal network, and the host will become part of the network by getting an IP address from the pfsense firewall.
This following article is about building and running pfSense® software on a virtual machine under Proxmox Virtual Environment (VE). The guide also applies to any newer Proxmox VE version. Article covers Proxmox VE networking setup and firewall virtual machine setup process. The guide does not cover how to install Proxmox VE.
A basic, working, virtual machine will exist by the end of this article.
Assumptions¶
Hyper-V host is up and Hyper-V role has been installed.
The reader has an basic understanding of networking and Hyper-V virtualization
Prerequisite.
-
and install the latest Oracle VirtualBox software.
- pfSense image, you can download it here.
Note: While downloading, make sure to select DVD Image (ISO) Installer and the mirror nearest to you.
9. Access the internet on Pfsense LAN side.
Let’s try to access the internet on the machine that is connected to the pfSense LAN side.
To test the internet connectivity, I am going to ping the google DNS IP 8.8.8.8.
As you can see, I can reach the internet, and when I try to do the traceroute it shows the internet is via the pfSense firewall.
The output is same on the Centos side as well.
4. Assign the VM resources.
Before you click on next, you need to click on the customize hardware option here.
First change the default RAM size to 2048MB.
CPU – 2
Note: The PfSense VM will work just fine with 1024MB memory and 1CPU as well.
I configure the RAM and the CPU next lets go ahead and add the Network interfaces.
Connect two network interfaces that you configured earlier.
The first interface is already configured as NAT by default, we will change it to use it as a bridge interface that connects to the WAN, and I will add the second interface for the LAN.
Attach the WAN interface.
Select the network interface that is configured as NAT, and change it to Bridge interface.
Attach the LAN interface.
Currently, the VM has only one network interface. We need to attach the LAN interface by clicking Add. The Add Hardware wizard now open.
Choose network adapter and Finish.
For Network adapter two (LAN), I can choose a Host-only adapter which is by default configured as VMnet1 adapter and we have validated that in step1.
Make sure you check the option which says, Power on this Virtual machine after creation. Click on Finish on the New virtual machine wizard.
6. Change the Boot Order.
Click on System and check out the boot order.
As you can see, Floppy is the primary boot device, CD Drive is the secondary, and Virtual hard disk is tertiary.
When you boot the Pfsense VM, Virtualbox will try to boot from the Floppy disk. Since it is empty, it will then choose the CD Drive, which has Pfsense iso, it will load the pfsense installer. All good.
However, there is a problem. After the installation, it will follow the same sequence, and we would end up getting into a loop where we are going back to the pfsense installation screen again and again.
Note: You can remove the pfsense cd image right after the installation, but you might get an error message. And the step we are going to do here is the easiest.
We will make the virtual hard disk the primary boot device, CD as the secondary boot device.
When the VirtualBox starts the pfsense firewall VM, it will first boot from the virtual hard disk. It will then boot to the CD drive and proceed with the installation as it is empty.
After the installation, the virtual hard disk becomes bootable, and being the primary device, when you reboot the pfsense, it will always load from the virtual hard disk.
Change the boot order to the following.
Unselect the Floppy, move the Hard disk as primary and Optical as secondary.
Creating the virtual machine¶
After creating WAN and LAN switches, we move to virtual machine creation. Start the new virtual machine wizard add a name.
After clicking next select the appropriate virtual machine Generation: Generation 2.
On the Assign Memory step add enough of RAM this deployment. This guide uses 1GB. 2GB is better if this VM will run multiple packages.
Next step is to Configure Networking, select WAN from Connection drop-down menu. We will add LAN later.
On the next step select Create a virtual hard disk and assign 10-20GB to the firewall. Larger disk size is required when running Squid caching.
Select Install an operating system from a bootable CD/DVD-ROM and browse to the pfSense installer ISO.
Review the virtual machine information and finish the wizard!
Open Settings of the newly created pfSense virtual machine and add another network adapter. Select LAN virtual switch for the adapter.
Review the VM settings and make sure to have WAN and LAN switches selected under network adapters
6. Setup the client machine.
I have a Centos 8 and Linux mint configured in the VMware workstation; I will be using it as a client machine to test the end user connectivity on the PfSense LAN side.
Remember we have configured PfSense LAN side interface as Host-only network, go to the client operating system in VMware workstation and right-click on it and click on settings, add client VM to be part of Host-only network.
Once the LAN side of the PfSense connected to the client operating systems, it should start getting IP addresses from the PfSense DHCP server on the LAN.
As you can see, the Centos machine got the IP address 192.168.1.101
Live mint got the first IP from the range 192.168.1.100.
3. Setup the hard disk.
Next, we are going to configure the Hard Disk for the VM, choose Create a virtual hard disk now and click on Create.
By default, VirtualBox should pick up VDI as the hard disk, you can still choose the VDI, but I wanted this VM hard disk to be used by other hypervisors such as VMware workstation in the future; hence I selected VMDK and as the hard disk file type and click on Next.
In the Storage on Physical hard disk, choose Dynamically allocated option.
You now need to define the hard disk storage size; I choose 20GB as the storage; you may choose the same or different size depending on your usage and click on Create.
Steps to install pfSense on VirtualBox.
I will install pfSense on VirtualBox in Windows 10. However, the steps mentioned here are similar to other operating systems, such as MAC or Linux, just that you will have to download and install the respective Virtualbox software packages.
Creating a virtual machine¶
After creating WAN and LAN Linux bridges, now proceed to create a new virtual machine.
Click Create VM from the top right section to display the new virtual machine wizard
Navigate to the General tab
Enter a Name for the VM (e.g. firewall )
Navigate to the OS tab
Set the following options:
Use CD/DVD disc image file
Select the previously uploaded ISO image
Other
Navigate to the System tab
Set the following options:
The SPICE console uses less CPU when idle and supports more advanced console features than the default console. It is compatible with the VNC Proxmox VE console as well as the more advanced virt-viewer console application.
Navigate to the Hard Disk tab
Set the following options:
VirtIO Block
Enter an appropriate disk size, no less than 8 GB.
Navigate to the CPU tab
Set the following options:
1 or more cores as needed
Host to match the CPU on the hypervisor hardware
Navigate to the Memory tab
Set the following options:
At least 1024 MB
Use the same value as Memory
Navigate to the Network tab
Set the following options:
Navigate to the Confirm tab
Review the settings and make any final corrections if necessary
Click Finish
Wait for the VM creation process to finish
Now add another network adapter to the VM:
Expand the Server View list on the left to show the contents under Datacenter and the name of this hypervisor node (e.g. pve, proxmox, etc.)
Select the newly created virtual machine from list
Click Hardware in the right pane
Click Add
Click Network Device
Set the following options:
Click Add
Review the hardware list for the VM and confirm it now contains two network interfaces.
Installing pfSense Software¶
After successfully creating and configuring the pfSense virtual machine, it’s time to start it.
Wait for the virtual machine to boot up and press I to invoke installer.
Once installer boots up select the Quick/Easy Install and follow the installer steps.
When prompted, select the standard kernel and continue the installation.
After installation is complete, select reboot and eject the ISO.
Basic Proxmox VE networking¶
First create two Linux Bridges on Proxmox VE, which will be used for LAN and WAN on the firewall VM.
Select the host from the server view
Navigate to System > Network
This example uses eth1 and eth2 interfaces for the firewall, while eth0 is for Proxmox VE management.
Click create
Select Linux Bridge
Enter eth1 under Bridge ports
Repeat the process to add another Linux Bridge, this time add eth2 under Bridge ports.
Proxmox VE networking should now display two Linux bridges like on the following screenshot.
Proxmox VE requires a reboot if the interfaces are not marked Active.
Steps to install pfSense on VMware.
Booting UEFI¶
pfSense software can boot UEFI in a Proxmox VE guest but doing so requires a few extra steps.
When creating the VM:
Set Machine to q35
Set BIOS to OVMF (UEFI)
Add an EFI disk when prompted
Pick the storage for the EFI disk, other settings can remain at defaults
An existing non-UEFI VM can be reconfigured to boot UEFI with these settings on its Hardware but the process is more error prone. For example, the EFI disk is a separate manual process and not semi-automated as it is when creating a VM.
On the first boot, go into the boot settings and disable secure boot:
Hit Esc while the boot splash screen is visible
Select Device Manager
Select Secure Boot Configuration
Uncheck Attempt Secure Boot
Press F10 to save
Press Esc to exit
With secure boot disabled the VM can now boot with UEFI from the ISO as well as after installation.
This article is about building and running a pfSense® virtual machine under Microsoft Hyper-V. The guide applies to any Hyper-V version, desktop or server (this includes the standalone Hyper-V Server). The guide explains how to install any major pfSense software version under Hyper-V. Article covers the Hyper-V networking setup and pfSense software virtual machine setup process. The guide does not cover how to install Hyper-V or Windows Server. A basic, working, pfSense virtual machine will exist by the end of this article.
If pfSense software will be used as a perimeter firewall for an organization and the “attack surface” should be minimized, many will say it is preferable to run it non-virtualized on stand-alone hardware. That is a decision for the user and/or organization to make, however. Now back to the topic.
We’re going to start at the point where we have a Windows Server 2016 with the Hyper-V role installed. If other VMs are already running on Hyper-V, then it is not likely necessary to follow the networking steps too closely. However, we recommend skimming through it to see what is suggested before building the pfSense virtual machine part.
3. Setup the pfSense VM hard disk.
Since I would be using pfSense firewall VM for the LAB purpose, I will configure the Hard Disk as the default value 20GB and choose split virtual disk into multiple files and click on Next.
Objective.
We will install the pfSense with WAN and the LAN interface and connect two boxes on the LAN side of the firewall and validate the internet connectivity from both. Once verified the internet access, block internet access from one of the LAN hosts, so let’s begin.
Starting and configuring the virtual machine¶
After creating a new virtual machine and adding network interfaces, it is time to start the virtual machine.
Expand the Server View list on the left to show the contents under Datacenter and the name of this hypervisor node (e.g. pve, proxmox, etc.)
Select the newly created virtual machine from list
Click Start
Click Console on the left, under Summary
The Console button at the top will launch the console in a new window, which depending on the settings may require an additional client installation such as virt-viewer.
When the VM starts it will boot into the installer automatically. From there, follow the installation steps as usual, and reboot when finished.
After the virtual machine reboots, the console will stop at an interfaces assignment prompt.
Type n and press Enter to skip VLAN configuration
Enter vtnet0 for WAN
Enter vtnet1 for LAN
Type y and press Enter to complete the interface assignment
After interfaces have been assigned, the VM will complete the boot process.
Disable Hardware Checksums with Proxmox VE VirtIO¶
When using VirtIO interfaces in Proxmox VE, hardware checksums must be disabled.
Do not skip this step, otherwise the virtual machine will not properly pass traffic. Accessing the firewall may be sluggish at first, but changing this setting will correct that as well.
After the installation and interfaces assignment processes are complete, connect to the assigned LAN port from another computer.
To disable hardware checksum offload:
Navigate to System > Advanced, Networking tab
Locate the Networking Interfaces section
Check Disable hardware checksum offload
Reboot the firewall from Diagnostics > Reboot or the console menu
Congratulations, the virtual machine installation and configuration on Proxmox VE is now complete.
5. Attach the PfSense ISO image.
While you are on the settings, let’s go ahead and add the ISO image that we have downloaded earlier.
1. Configure VMware workstation network for pfSense
We require two interfaces for pfSense, one for the WAN and the other for the LAN, for the WAN interfaces you need to have internet access. And the LAN side will act as a gateway for the LAN users. We need to configure these two interfaces on the VMware workstation first.
We are going to configure as follows.
- WAN- We will be using the Bridge interface, which will bring the PfSense firewall WAN side to be part of the local network. Your local router will assign an IP address on the WAN side. There are times the bridge interface may not work well, and you can follow the guide here to troubleshoot the problem. As a workaround, you could use the NAT interface if the bridge interface doesn’t work.
- LAN- For the LAN interface we will be using the host-only adapter and select VMnet1. By default, the VMnet1 will act as DHCP server for the Virtual machine. You need to disable the DHCP service on the VMnet1 first.
Open VMware Workstation and click on Edit > Virtual Network editor. In the Virtual Network Editor click on Change settings.
Note: You need to have admin rights, in order to change the settings.
Here is my virtual adapter configuration; we will configure VMnet1 for the LAN as the second adapter. As you can see, I have the DHCP configuration disabled on this adapter, and it is acting as the host-only adapter, meaning it will allow the VM to talk internally in a Private network.
Alright, we just configured the network for the PfSense firewall in the VMware workstation, let’s go ahead and install pfSense on the VMware workstation.
Can I install pfSense on VirtualBox to replace my home router?
Though it can be done, it’s not the recommended method, as you would virtualize the network stack, and you won’t get good throughput. Moreover, it adds more latency to the network. If you are still planning to virtualize the PfSense to replace your home router, then the recommended method is to use KVM with a PCI passthrough to give a good performance as we connect the network interface directly to the VM that is running in the KVM hypervisor. And we will not be virtualizing the network.
Related Articles,
9. Validate the configuration.
Once rebooted the pfsense firewall would get an IP address from the local internet router.
As you can see, I got the IP address 192.168.1.28 from my wifi router. But the other problem is that both the WAN side and the LAN are in the same network; we will go ahead and change that now.
Type 2 to change the IP address of the LAN side.
After choosing 2, you will get a prompt to choose the interface for which the IP address needs to be changed. Press 2 again as the LAN side represents 2.
Enter the IP address, which is a default gateway for the LAN users; I choose 10.1.1.1; you may choose whatever network you want to.
Subsequently, the subnet mask and hit enter when you finish.
I am not configuring the ipv6 hence I choose no.
We also need to configure the DHCP address for the LAN side, press ‘y’ for the prompt.
Enter the start of the DHCP address and the end of the address and hit enter.
You will also get a prompt that says, do you want to change the web gui protocol, say no to that.
After you configured everything, you will have the WAN address from your local network, and the LAN side address specified a minute ago, which is 10.1.1.1/24.
Basically, we have configured the pfSense on the VirtualBox successfully. One advantage of pfSense is that it is very easy to configure, and you don’t need to configure any policies or Nat if you want to access the internet. The NAT and the security policy to allow traffic from LAN to WAN are already pre-configured out of the box.
Let’s try to ping the internet IP address by pressing the 7, and as you can see, I can reach the internet IP just fine.
Basic Hyper-V Networking¶
To virtualize pfSense software, first create two Virtual Switches via Hyper-V Manager. In the Hyper-V Manager open Virtual Switch Manager from the Actions menu. Select Internal type of virtual switch and click Create Virtual Switch
Name the newly added switch LAN and select private network. Click apply.
Now create WAN switch the same way as LAN. Make sure Allow management operating system to share this network adapter is not selected if the host has a dedicated NIC for WAN. For the purpose of this guide the management was allowed, however production use requires a separate NIC for WAN. Click OK.
2. Configure the pfSense Memory.
You need to define the memory for the pfSense virtual machine here, I am giving 2GB.
The 1GB would work just fine as well. Once you defined the memory click on Next.
12. Test the connectivity with the end-user machine.
To test the connectivity, I will use Linux mint and Ubuntu desktop as end-user hosts that I have deployed previously on the VirtualBox.
Like Linux mint, I have also changed the Ubuntu desktop network configuration to be part of the VirtualBox internal network configured on the pfSense LAN side.
As you can see, I have got the first IP from the pfSense DHCP server to the Linux mint, and I can also ping the public IP address.
And we can also browse the internet on the Linux mint box.
Similarly, on the Ubuntu desktop, I have already got the IP address 10.1.1.11 from the pfSense DHCP server, which is the second IP from the subnet.
I can also ping the internet Public IP.
I can ping the internet IP to make sure it is taking the correct path, you can do a traceroute on the Ubuntu machine, and it will show you the path that the packet is taking.
You can type the command mtr 8.8.8.8 to see the traceroute in Ubuntu.
And the traceroute shows it is going via pfSense firewall.
Also, I can browse the internet using the Firefox browser.
Читайте также: