Virtual Lab Setup

[Brownboy]

I am trying to setup a virtual lab environment isolated from my current network. my goal is to setup 3 vms. one vm will be pfsense and the other 2 will be windows 10 vms. i want to route all traffic through the pfsense vm so i can test out some pfsense configurations before i implement it as my primary routing platform. i am planning to switch from tomato to pfsense but i want to familiarize myself better with pfsense before i make the switch. can anyone help me in setting this up.

 

i have created the pfsense vm with 2 virtual network cards. the first which is acting as the wan in pfsnese is br0. (which allows me to obtain an ip from my router with no problems)

the second is br0.1 which is the vlan i created and is acting as the lan in pfsense (ip within pfsense is 192.168.100.1)

the windows vm has a virtual network card using the interface br0.1

 

Home router = 192.168.1.1

pfsense vm = (br0) WAN = 192.168.1.151

                       (br0.1)LAN = 192.168.100.1

windows vm = (br0.1)192.168.100.2 (ip is obtained from pfsense)

 

i setup dhcp inside pfsense and when the windows machine boots it obtains the ipaddress from the pool i set within pfsense. for some reason i can ping google.com but i cannot access google.com from within my browser. i thought this may be a dns issue but cant seem to figure out what i am doing wrong. i setup different dns servers ranging from google's dns to my actual router as the dns server (which is 192.168.1.1). no matter how i set it up i cannot reach google.com from within the browser.. 

 

any help would be greatly appreciated. 

 

[BRiT]

Are you sure you have TCP/IP rules in PFSense setup to allow HTTP traffic outbound? PING Traffic is typically a different rule(set) than HTTP.

 

There are a lot of similar sort of items showing up on a search, such as this thread at pfsense forums: https://forum.pfsense.org/index.php?topic=87856.0 which has a lot of people responding to also see the following thread about KVM/PFSense potential issues: https://forum.pfsense.org/index.php?topic=88467.0

 

I don't know if this still applies, but it might...

 

 

 

If you are reading this, you probably have issues with your virtual network and pfsense, usually when packets need to pass pfSense for NAT or routing.
You will be able to ping stuff, but TCP and sometimes it seems UDP as well might fail or transport super-slow.

An issue exists with VirtIO drivers in combination with checksum offloading and the packet filter (pf) when you leave checksum offloading on for your virtual interfaces.

The reason this is happening is that virtual networks don't need checksums to verify the integrity of packets that are sent over a wire, because there is no wire in the virtual network (it's using shared memory). So packets will not be checksummed by the virtual interfaces and therefore supposedly arrive at pf with an invalid checksum. Those packets get dropped! I currently don't know if this is intended behavior, but since the packets are practically incorrect it would seem understandable that they get filtered out and dropped.

 

setting under System > Advanced > Networking.

Disable hardware checksum offload
Checking this option will disable hardware checksum offloading. Checksum offloading is broken in some hardware, particularly some Realtek cards. Rarely, drivers may have problems with checksum offloading and some specific NICs.

 

[Brownboy]

Thanks for the reply.. Both links had great information. Ultimately... Disable hardware checksum offload under System > Advanced > Networking in pfsnese is what did the trick.

All is working and subnets are isolated after some firewall rules added to pfsense. 

 

thanks again.

[bthoven]

On 3/27/2017 at 10:21 AM, Brownboy said:

I am trying to setup a virtual lab environment isolated from my current network. my goal is to setup 3 vms. one vm will be pfsense and the other 2 will be windows 10 vms. i want to route all traffic through the pfsense vm so i can test out some pfsense configurations before i implement it as my primary routing platform. i am planning to switch from tomato to pfsense but i want to familiarize myself better with pfsense before i make the switch. can anyone help me in setting this up.

 

i have created the pfsense vm with 2 virtual network cards. the first which is acting as the wan in pfsnese is br0. (which allows me to obtain an ip from my router with no problems)

the second is br0.1 which is the vlan i created and is acting as the lan in pfsense (ip within pfsense is 192.168.100.1)

the windows vm has a virtual network card using the interface br0.1

 

Home router = 192.168.1.1

pfsense vm = (br0) WAN = 192.168.1.151

                       (br0.1)LAN = 192.168.100.1

windows vm = (br0.1)192.168.100.2 (ip is obtained from pfsense)

 

i setup dhcp inside pfsense and when the windows machine boots it obtains the ipaddress from the pool i set within pfsense. for some reason i can ping google.com but i cannot access google.com from within my browser. i thought this may be a dns issue but cant seem to figure out what i am doing wrong. i setup different dns servers ranging from google's dns to my actual router as the dns server (which is 192.168.1.1). no matter how i set it up i cannot reach google.com from within the browser.. 

 

any help would be greatly appreciated. 

 

I'm sorry to dig this thread up.

I'm running pfSense on a standalone box without problem.

What I want to do is to create a pfSense VM on my unraid as a testing base. Your thread seems to be as close as what I want to do, but I don't know how to create my pfSense VM. Could you tell me in more details, for example, what VM template you used, how to create br0.1, etc..?

Note: I already have other VMs running on my unraid (Windows, Debian, etc.)