Arch Linux

developej

Member

Registered: 2011-10-02

Posts: 68

Virtualizing router - pfSense inside VirtualBox

Hey,

I googled for some tutorials on this, but didn't find one that does exactly what I want, and I can't figure it out.

I am trying to set up a virtualized router (pfSense as VirtualBox guest), and I want to set it up so that all traffic MUST go through that pfSense
guest if it wants to go to the internet.

Let's say I have only one machine in my "network", and it will act as the VirtualBox host.

I have configured VirtualBox, loaded all the modules needed (also loaded those which are needed for host-only adapter which I then added (vboxnet0))
and created a new guest, pfSense.

In network settings inside VirtualBox for pfSense I have created 2 NICs, first one is bridged to WAN, second one is host-only vboxnet0.

I installed pfSense, for WAN I entered 'em0' and for LAN 'em1'. I can then access the web setup of pfSense, configure what I want, pinging 8.8.8.8
from inside pfSense works.

But my host is still not connecting to the internet through pfSense. So I did a

 #systemctl start dhcpcd@vboxnet0.service 

After that, pinging pfSense (10.0.0.1) from host works fine, pinging host (10.0.0.100) from pfSense also works, but WAN does not. It just died.
Pinging 8.8.8.8 says no route to host.

So my question is what I need to do to achieve desired result - having a pfSense guest regulate ALL traffic for me? At the moment it will be only for
the host, but later I will add a switch to my host's second NIC and I want that all those machines too go through pfSense if they want to connect to
the Internet.

Is the setup I mentioned with two NICs, bridged and host-only the way to do it? It is something I come up with combining informations from several
tutorials and it may not be the way to achieve the desired  result.

Thanks

Slithery

Administrator

From: Norfolk, UK

Registered: 2013-12-01

Posts: 5,776

Re: Virtualizing router - pfSense inside VirtualBox

I have exactly the same setup on my box (using Smoothwall instead of pfsense).

You need to change your default route so all traffic passes through the virtual network...

root@oldarch:~# ip r #Show default route
default via 192.168.1.254 dev enp2s0 
192.168.0.0/24 dev vboxnet0  proto kernel  scope link  src 192.168.0.104 
192.168.1.0/24 dev enp2s0  proto kernel  scope link  src 192.168.1.150 
root@oldarch:~# 
root@oldarch:~# 
root@oldarch:~# ip route change default via 192.168.0.1 #Change default route to vbox nic
root@oldarch:~# 
root@oldarch:~# 
root@oldarch:~# ip r #Show default route
default via 192.168.0.1 dev vboxnet0 
192.168.0.0/24 dev vboxnet0  proto kernel  scope link  src 192.168.0.104 
192.168.1.0/24 dev enp2s0  proto kernel  scope link  src 192.168.1.150 
root@oldarch:~# 

---

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

developej

Member

Registered: 2011-10-02

Posts: 68

Re: Virtualizing router - pfSense inside VirtualBox

I will need more help

First, a little more info:
In Host-only Netowrks settings in VirtualBox, for vboxnet0 IPv4 Address is 10.0.1.0, and mask is 255.255.255.0
In pfSense, there is DHCP server, 10.0.0.101 to 10.0.0.110, with my host having a static ip for it's MAC, 10.0.0.100.

Here is the output of $ip route when my internet works

 ip r
default via 178.148.156.1 dev eno1  metric 203 
10.0.0.0/8 dev vboxnet0  proto kernel  scope link  src 10.0.0.100  metric 204 
10.0.1.0/24 dev vboxnet0  proto kernel  scope link  src 10.0.1.0 
178.148.148.0/22 dev eno1  proto kernel  scope link  src 178.148.150.108  metric 203 
178.148.156.0/22 dev eno1  proto kernel  scope link  src 178.148.157.18  metric 203

Now, I am a noob for computer networks, but your output looks 'cleaner'.

I tried setting the default to both 10.0.1.0 and 10.0.0.1 but WAN didn't work both times.
How should the output of ip r look on my end?

Thanks!

developej

Member

Registered: 2011-10-02

Posts: 68

Re: Virtualizing router - pfSense inside VirtualBox

I finally got it to work. I don't know what was causing the problem and how it suddenly got fixed.

This is the output of $ip route

 ip r
default via 10.0.0.1 dev vboxnet0  metric 204 
10.0.0.0/8 dev vboxnet0  proto kernel  scope link  src 10.0.0.100  metric 204 
10.0.56.0/24 dev vboxnet0  proto kernel  scope link  src 10.0.56.0 
178.148.140.0/22 dev eno1  proto kernel  scope link  src 178.148.142.61  metric 203

10.0.0.1 is LAN in pfSense
10.0.56.0 is vboxnet0

Because 'default' is on 10.0.0.1 everything is now going through vbox guest (pfSense), right?