The pfSense Store

Author Topic: Create a DMZ in VirtualBox using two pf Sense instences  (Read 671 times)

0 Members and 1 Guest are viewing this topic.

Offline mayfair_50

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Create a DMZ in VirtualBox using two pf Sense instences
« on: November 02, 2016, 07:18:09 am »
Hi all,
I am trying to create a DMZ in VirtualBox using two instences of pf Sence. The problem I am having is two fold

1: I cant get my internal pf to speak with my external pf.
2: I cant get my internal LAN traffic to see my internal pf  WAN interface or external pf sence interfaces.

My setup:

External pfSense
Adapter 1 is bridged to host NIC in VirtualBox this is WAN port (DHCP) ip: 10.*.*.*
Adapter 2 is set to Internal in VirtualBox network name DMZ ip:192.168.20.1
Internal pfSense
Adapter 1 is set to Internal in VirtualBox network name DMZ ip:192.168.20.2 WAN in pf
Adapter 2 is set to Internal in VirtualBox network name testnet ip:192.168.1.1 LAN in pf

I can ping 192.168.20.1 from internal pfSense but cant ping the other way.
I cant configure the external pfSense via brose because I cant ping/ reach it. 
Both pfsense are running on freebsd

I would like the 192.168.20 network to be my dmz. My goal is to put some other servers like snort in this network.
« Last Edit: November 02, 2016, 07:33:07 am by mayfair_50 »

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
Re: Create a DMZ in VirtualBox using two pf Sense instences
« Reply #1 on: November 02, 2016, 08:12:01 am »
Without commenting on the architecture and reasons for it, your problem will be that Internal pfSense WAN will block traffic originating from outside it (i.e. trying to ping from external back to 192.168.20.2).
At the VM console of Internal pfSense you can use the developer shell and enableallowallwan (its called something like that). Then you can get into the webGUI from upstream of WAN and sort out a more restricted set of rules for access to the Internal pfSense webGUI from upstream.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/