How Tos, Network

pfsense in VMWare 5.5

VMWare Configuration

I have found that one of the easiest methods to do this is to have a separate two port NIC for just PFsense. This makes it easy to build the LAN and WAN side of the pfsense router. One thing that I did find when in this whole process is that a critical hardware piece to this is a NIC that supports VLAN Tagging (I would recommend finding an Intel Pro/1000 for ebay – I found mine for only $25). Once you have the correct hardware you’ll want to setup the networking.

You’ll use the new NIC to setup one port as the LAN and one port as the WAN. The WAN port will have a VLAN of none and the LAN port will have a VLAN ID of 4095. This is how my VMWare networking is configured:

VMWare Networking

Setup a VM that has 1GB of RAM, the two NICs we just created and 10GB of hard drive space. The rest is pretty much default other than the OS is FreeBSD 64-bit.

PFSense Configuration

One section that took me forever to get clarified is whether the LAN interface you create is removed or if you keep it as the walkthroughs I found were inconsistent with this. I found that you keep the LAN interface and that becomes the primary IP of the router. In my example, I have the LAN interface setup to be 10.10.0.1, which is outside of any of my VLANs. Once you go through the initial config of pfsense and get the interfaces assigned and then go through the web config it’s actually quite simple.

Go to Interfaces -> Assign and you’ll see a list of LAN and WAN in the Interface Assignments. Click on the VLANs tab and click the little icon with a + sign to build a new VLAN. Make sure you select the LAN interface in the VLAN config, give it a VLAN tag and a description and click save. Once you have done this with all of your VLANs you’re ready for the next step.

Go back to the Interface Assignments page and click the + sign again to start adding the different VLANs. Just keep adding them until you have all of your VLANs showing. Leave the LAN and WAN interface alone. At first you’ll see OPT1,2,etc as the Interface Name. Click on the Interface Name, Enable the Interface, select “Static IPv4” and give it a static IP address in the range for that VLAN (that will be the gateway).Interface Config

Once you have done that for each interface it should look like this:

VLAN Interfaces

Now that the VLANs are created and assigned you’ll want to create rules to allow them to communicate. To do so, go to the Firewall -> Rules. Click on the different VLANs you created and create a new Rule by clicking the icon with a +. If you want all traffic to be able to flow between VLANs you’ll set it up like this for each rule:

Firewall Rules

Save the rule and once you’ve got them all apply the changes.

Finally, you’ll want to go and enable the DHCP server for the different VLANs. Go to Services -> DHCP Server and select one of the VLANs that you want to have DHCP. Choose an IP Range, DNS server, and Gateway and then save the configuration. When you have all of this you should be ready to go. If you have a ISP that just gives you a DHCP address your WAN should be ready to go. If you use PPoE or something of that nature you’ll have to make those changes to the WAN interface configuration.