Netgate SG-1000 microFirewall

Author Topic: Vm-network conecting to home network  (Read 452 times)

0 Members and 1 Guest are viewing this topic.

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Vm-network conecting to home network
« on: January 01, 2018, 02:58:54 pm »
Hi Guys,

I new with all this pfsense stuff, and it give me a headache... i tried a couple of times but what i do it want work :(

what try to do:

 
Home network 192.168.0.x (TP-LINK Archer C7 v1)
Vm-network  10.0.0.x (LAN site of pfSense box)

what i have is a server running esxi 6.0.x with a default setup pfsence box..

WAN to my home network & my LAN with DHCP to 10.0.0.x

on my LAN site i have client Win8.1 and everything is working the machine is able to go to internet..
but i also have synology NAS on my home network with all my files and  i like to acccess this files with my vm-client...

can you guys tell me what i have to do to get access to my files?

i know i have to make a route, i tried did not work :(

see attachment for network in vm

i found kinda some topic...
https://forum.pfsense.org/index.php?topic=142131.15
« Last Edit: January 01, 2018, 03:07:44 pm by lars314 »

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +5/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #1 on: January 01, 2018, 03:14:07 pm »
The VMware part looks good. The thing your missing is that you need to disable NAT on pfSense.

I looked up your TP-Link and it supports static routes so this is "easy". Here are some general steps:

1. Disable NAT on pfSense
2. Set a static IP on your pfSense "WAN" from your main network but outside your DHCP range.
2. On the TP-Link add a route to 10.0.0.0/24 via the IP you set on pfSense WAN (assuming your only using 10.0.0.1-10.0.0.254)
3. Add firewall rules to pfSense as needed to allow traffic from your main LAN to your pfSense LAN (10.0.0.0/24)

I'm not sure about internet access for you pfSense LAN though as the TP-Link may not NAT the extra network. I would advise getting a physical pfSense router. That way you can have all the networks "on" that physical router and have full control over NAT. That's how I do it at home and just extend the all the extra networks into ESXi via VLANs.
Slow code? Sounds like a good reason to buy more hardware!

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +5/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #2 on: January 01, 2018, 03:21:36 pm »
The other thing you can do, is run the Virtual pfSense router as your main router, then just use the TP-Link as an access point. the big downside to that is, if your ESXi goes down so does your internet/network. You have to setup auto-start for the pfSense router VM and be extremely careful about how you change settings.
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #3 on: January 01, 2018, 04:02:49 pm »
The VMware part looks good. The thing your missing is that you need to disable NAT on pfSense.

I looked up your TP-Link and it supports static routes so this is "easy". Here are some general steps:

1. Disable NAT on pfSense
2. Set a static IP on your pfSense "WAN" from your main network but outside your DHCP range.
2. On the TP-Link add a route to 10.0.0.0/24 via the IP you set on pfSense WAN (assuming your only using 10.0.0.1-10.0.0.254)
3. Add firewall rules to pfSense as needed to allow traffic from your main LAN to your pfSense LAN (10.0.0.0/24)

I'm not sure about internet access for you pfSense LAN though as the TP-Link may not NAT the extra network. I would advise getting a physical pfSense router. That way you can have all the networks "on" that physical router and have full control over NAT. That's how I do it at home and just extend the all the extra networks into ESXi via VLANs.

oke i try this thanks let you if it works :D

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #4 on: January 01, 2018, 04:05:12 pm »
The other thing you can do, is run the Virtual pfSense router as your main router, then just use the TP-Link as an access point. the big downside to that is, if your ESXi goes down so does your internet/network. You have to setup auto-start for the pfSense router VM and be extremely careful about how you change settings.

i want to but i know nothing about pfsense and if i .... it up i have no internet ... :'(

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #5 on: January 01, 2018, 04:35:43 pm »
Quote
2. Set a static IP on your pfSense "WAN" from your main network but outside your DHCP range.

Like?

192.168.0.2 because my dhcp on my TP-link start by 192.168.0.100

« Last Edit: January 01, 2018, 05:01:30 pm by lars314 »

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +5/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #6 on: January 01, 2018, 06:26:51 pm »
Quote
2. Set a static IP on your pfSense "WAN" from your main network but outside your DHCP range.

Like?

192.168.0.2 because my dhcp on my TP-link start by 192.168.0.100


One change. The "Default" gateway (TP-Link used the wrong term there) will be the IP you give pfSense.

TP-Link
Destination network: 10.0.0.0
Subnet mask: 255.255.255.0
"Default Gateway": 192.168.0.2

pfSense
WAN: 192.168.0.2
LAN: 10.0.0.1

So if you PC (192.168.0.101) sends a packet to a VM guest (10.0.0.101) it will go to the TP-Link (PCs default gateway) then to the pfSense then to the VM guest.

I almost for, make sure pfSense has a route to your 192.168.0.0/24 network as well. That said, pfSense SHOULD already have one due to having an interface in the 192.168.0.0/24 network (the WAN interface) but if things are not working, that's a good first thing to check.
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #7 on: January 02, 2018, 11:03:14 am »
do i need to fil in upstreamgateway for my WAN en LAN 192.168.0.1 & 10.0.0.1 ??

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +5/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #8 on: January 02, 2018, 12:18:33 pm »
If I understand your question, yes. The pfSense WAN upstream gateway will be the TP-Link LAN address (192.168.0.1).

I hope your project is moving along well and let me know if you need anymore help.
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #9 on: January 02, 2018, 03:59:49 pm »
how about the ustream for my LAN 10.0.0.1 do i need that one 2 ?

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #10 on: January 02, 2018, 04:08:01 pm »
oke did is what i did:

Wan: 192.168.0.3/24 -
upstream: 192.168.0.1


Lan: 10.0.0.1/24
Upstream: 10.0.0.1
DHCP: 10.0.0.100 t/m 10.0.0.254

when i try on my server go to internet i get the message DNS not be found.
but got no yellow mark on my network icon.. :) so that is a good thing..

can tell we close to internet :P

Edit: if i give my server fix ip with DNS 8.8.8.8 and 8.8.4.4 internet is working
but i can ping 192.168.0.1 but i cant ping 192.168.0.100 (my workstation)

if i use: Diagnostics /ping and ping 192.168.0.100 it works <-- need firewall rule ?

« Last Edit: January 02, 2018, 04:36:51 pm by lars314 »

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +5/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #11 on: January 02, 2018, 05:25:31 pm »
Looks good, just remove the Upstream: 10.0.0.1.

In your DHCP for the 10.0.0.0/24 network, you should have the default gateway listed as 10.0.0.1 also make sure you have DNS servers listed in there.

As for pinging, check your firewall logs. That will tell you if thats why its getting blocked. If it is showing as blocked, make sure you have your allow rules on both pfSense LAN AND WAN. If it gets out it still needs to get back in  ;)

When using the pfSense Diag. Ping tool, its important to select the from IP as the auto setting will choose the IP closest to the destination i.e. if your pinging 192.168.0.1 it will use 192.168.0.3 and not 10.0.0.1. This will cause it to bypass any firewall rules on the LAN (10.0.0.1) interface.
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #12 on: January 02, 2018, 05:50:45 pm »
oke status update:

removed the upstream on LAN and added DNS 8.8.8.8 & 8.8.4.4 and default gateway 10.0.0.1 under services/ DHCP Server / LAN
 

Server: can ping to 192.168.0.100 (with CMD of MS)

workstation: cant ping to 192.168.1.100 (with CMD of MS)

i think i need some help with where to make the rules  :-[

but we made some progress.... :D



--- off topic---

I resetted pfsense to factory default no worry i made a snap :P
and i found out that by default i able to ping both ways.. so was trying to found out why .... but did not find any.... :(


Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +5/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #13 on: January 02, 2018, 06:33:04 pm »
Server: can ping to 192.168.0.100 (with CMD of MS)

workstation: cant ping to 192.168.1.100 (with CMD of MS)

What is 192.168.1.100? That's not in any of our mentioned/configured subnets.

So far I have:
TP-Link WAN: (DHCP? doesn't matter for this topic)
TP-Link LAN: 192.168.0.1/24

pfSense WAN 192.168.0.3/24
pfSense LAN:10.0.0.1/24

Server: ?
Workstation: 192.168.0.100/24

Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #14 on: January 02, 2018, 07:08:11 pm »
Sorry is a typo needs to be 10.0.0.100

10.0.0.100 vm cliŽnt Windows server 2012 R2 assigned by DHCP on LAN..

And gived a fix ip to WAN of 192.168.0.3 stil outsite of my DHCP of my Home Network.

Becauce 192.168.0.2 was used..