In this blog post, I’m going to show you how to set up a network with pfSense in between LAN network and the WAN using virtual machines. Here’s my network map,

Step 2: Installation
Go to,
           File => New Virtual Machine => choose Typical (recommended) => choose I will install the operating system later. => choose Guest Operating System as Other and Version as FreeBSD 11 64-bit (If you downloaded 64 ISO file) => Select a location and a name if you want => Select Disk size (Default size is enough for me) and select Split virtual disk into multiple files => click on Customize Hardware
In this case, we need more than one network interface,

figure 1.3

Click on Add,

figure 1.2
Select Network Adapter and click on Finish. Like that, add another Network Adapter. Now you have 3 Network Adapters in total.Now you have to change each adapters’ Network Connection type. Go to Edit => Virtual Network Editor or you can use command sudo vmware-netcfg in Linux terminal.
In order to set up our networks, you need to have 3 networks.

figure 1.3

If you don’t have this 3 networks, you can add new Networks by clicking on Add Network button. Check whether those networks having these settings,

figure 1.4
figure 1.5

As you can see in figure 1.5, you need to two checkboxes under Host-only Network type. Because

  • Using pfSense you can activate DHCP on each interface.
  • You need to make sure LAN and DMZ networks are isolated from the host machine and only connectivity to WAN is through the firewall.
likewise, set the network settings for the 3rd network. In my case that’s vmnet3. Then go to Edit virtual machine settings of your pfSense VM (figure 1.6).
figure 1.6
As shown in figure 1.0, Network Adapter is going to be WAN interface in pfSense and connection type of that adapter should be vmnet0. So select Network Adapter connection type as Custom and from the drop-down list select vmnet0.
figure 1.7
and as for the Network Adapter 2, select vmnet2 and for the Network Adapter 3 select vmnet3.
Then select the iso image,
figure 1.8
then Next and Close. Then start the virtual machine. Select Accept and press Enter.
figure 1.9
Then select followings and hit Enter.
figure 2.0
figure 2.1
figure 2.2
then select No and then,
figure 2.3
Then hit Enter.

Step 3: Configuring Interfaces – change the default adapters

After restarting your pfSense VM you’ll get an interface like in figure 2.1.
figure 2.4
You can see pfSenese has already auto detected the 1st two Network Adapters and the 3rd one is not there. You can edit them as you need,
In order to do that, press 1 for Assign Interfaces (you can see the relevant number in the menu) and hit enter. Then it’ll ask to configure VLANs. we’ll configure them later. So press “n” and hit enter.
figure 2.5

If you want to change default WAN adapter from “em0” to “em1”, just type “em1” and hit enter. Here I’m not gonna change anything. So hit enter.

Set interface(s) IP address
Now, If you remember our Local Area Networks are 192.168.100.0 and 192.168.200.0 (figure 1.0). But in figure 2.1, it’s 192.168.1.1 which assigned by pfSense by default. We have to change the IP address (you can change the IP address by using web GUI).
figure 2.6
figure 2.7

Then press Enter.

Note – If you decided to choose 192.168.1.1 as your LAN IP range, and If your wireless access point or an ADSL modem uses exactly same IP range, then that will cause IP address conflicts. Then you’ll be having difficulties with connecting to the internet. In order to both of them work properly, the simple solution is to assign different local Network address for pfSense LAN.

First I’ll connect a client virtual machine to the vmnet2 network adapter in order to access pfSense Web Configurator. In order to access from the WAN Interface (Network Adapter), you have to add a firewall rule to allow traffic from the WAN interface (I’ll show you how to do that later).

Open up the browser in client VM (here I’m using ubuntu VM). Since we have no DHCP server running on those interfaces we need to give static IP for the client VM, otherwise, we can get the Web Configurator. In order to assign static IP. Please edit interfaces file like shown in figure 2.8.

figure 2.8

here my network adapter name is ens33. change it if your interface name is different (ex. eth0) and run following command,
$ sudo service networking restart
and verify your connectivity by ping to the DMZ interface which is 192.168.100.1. Then type the URL shows in cmd line interface (figure 2.7) in the browser and hit Enter.

pfSense has created a self-signed certificate. So in order to proceed, you need to add an exception.

Advanced => Add exception => Confirm security exception.
Default credentials are,
                                      username: admin
                                      password: pfsense
Then you’ll be redirected to dashboard or wizard. If you’re not redirected to the wizard, go to system then click on Setup Wizard.
figure 2.9
Then you’ll be getting a web interface like this,
figure 3.0
Click on Next. Then you’ll get web interface like this,
figure 3.1
Then again click on Next. Then you’ll get web interface like this,
figure 3.2
Then you can change values here, you can give new hostname and if you have a local domain, Primary DNS, and Secondary DNS, you can put those values there.
In my case, I filled the form like in figure 3.3.
figure 3.3
Click on Next. Then you’ll be redirected to an interface where you can change your time zone. Select relevant time zone and click next. Then you’ll be redirected to WAN Interface configuration web interface.
In order to assign static IP to WAN interface, em0 (figure 2.4), click on the SelectedType drop-down menu as static.Then, scroll down to Static IP Configuration section. Add the IP you need to your WAN interface (figure 3.4). Here I’ll not use Static IP for WAN interface. I’ll leave it as DHCP. Normally these details you’ll be getting from your ISP (Internet Service Provider).
figure 3.4
Then scroll down to the bottom of the page.
figure 3.5
Since we’re using VMware, untick the following check boxes to make sure we don’t have any issues with connectivity. Then click on Next. Then you’ll be redirected to an interface where you can configure LAN interface. But we have already configured the interface before (figure 2.6, 2.7).
figure 3.6

Then you’ll an interface to set Admin webGUI password. set a strong password for this and click Next and click Reload. Then you’ll be redirected to a window like this.

figure 3.7

Then enter https://<LAN IP address>. You will be getting pfSense dashboard.

figure 3.8
Now we have to enable 3rd interface and allow DHCP server on those LAN interfaces. Go to Interfaces => Assignments. Then you’ll be getting a web interface like this,

figure 3.9

Here we need to rename current LAN interface as DMZ ( because it’s em1 Network port and it’s DMZ network, figure 1.0). In order to do that click on LAN. Then you’ll be getting an Interface like this,

figure 4.0

Change the Description as “DMZ”, scroll down to bottom of the page and click on save. Then click on Apply Changes (figure 4.1).

figure 4.1

Then go to Interface Assignment again and look for “Available network ports:”(figure 4.2).

figure 4.2

Click on Add button. Then click on the new interface name you got, in my case its OPT1.Then,

  1. Enable interface by adding a tick to Enable check box.
  2. Change Description to LAN.
  3. Change IPv4 Configuration Type to static.
  4. Change the IPv4 Address to 192.168.200.1/24. Since this is a local area network interface, the upstream gateway should be “none”.
and Save and Apply Changes. Now if you look at pfSense interface you’ll see 3 interfaces has activated (figure 4.4).
figure 4.4

Now, allow DHCP servers on LAN interface. In DMZ network, I’m going to assign static IPs for each server. For now, let’s allow DHCP server on LAN interface. Go to Services => DHCP Server. Click on LAN (figure 4.5),

figure 4.5

Then do the following changes (figure 4.6 and 4.7),

figure 4.6
As shown in figure 4.5, it has shown you Available range, you can put that range or you can assign a different range of that range.
figure 4.7

under Servers section, add DNS server IP, because you need to tell LAN network to use the DNS in DMZ zone.

figure 2.8

Note: You don’t need to add DNS server on DMZ, because that DNS server is on the same network (192.168.100.0 network).

Here pfSenses’ DHCP server going to use LAN interface IP as the default gateway for this network. Then click on Save.
Now if you have connected a VM to LAN network, pfSense s’ DHCP server will assign an IP address to that VM from the pool and from that VM, you’ll be able to ping 192.168.200.1 interface.
Now we have completed the first part of the configuration.

Was this article helpful to you?

dev.nvcong

Leave a Reply