Project 1 : PFSense Routing
-
A very Wise man once told me ; the best way to learn networking is hands on. Doing it over and over again.
So : in this series of threads, I'll be working on doing just that.
My first project (which I started lastnight) is : build a windows 10 VM , and 2 PFSense Vm's.
The goal: get the Windows 10 VM to the internet using the 2 routers :
#note; only one router is on the internet, the other is internal. (#note: Separate vswitches/Networks)The way I set this up (and I'm probably way off course, but .. its a first draft )
Installed PFSense iso file. (#note: it was downloaded as a .iso.gz file Used 7zip to get the iso file separated.)Created 2 VM's using the pfsense.iso file, and configured the first to be a bridged connection on em0 and an internal on em1
and the second to be internal on both adapters.Set IP Addresses of the NICs; em0(WAN) on the first router I kept the same as my hardware router.
the em1 (LAN) to be 192.168.128.1/24.So far, that is how far I've gotten. The other pfsense vm has been installed, but I did not get into configuration of the NICs.
Feel free to add projects that will help, and give feedback on where I'm at currently.
excited to learn.
-
@WrCombs said in Project 1 : PFSense Routing:
The goal: get the Windows 10 VM to the internet using the 2 routers :
AKA "With two hops"
-
Recommended Learning: Do it first with static routes. Then do it with dynamic routes, even if just RIP.
-
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
-
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
awesome..good job. Now try it with dynamic routes
-
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's inside (LAN) is routed to the default gateway on the outside (WAN). The default gateway is either defined as a static IP or through DHCP on the WAN interface. You don't need to add any routes anywhere.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1). No routes needs to be defined here either.
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
-
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet. -
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet.Well, I don't see the exercise as an attempt at setting up static routes but rather an attempt at creating a double NAT setup. But that might be a useful exercise by itself.
Please add names for each router and device and write IPs and subnets you intend to use (for each interface). On the internet side you can write public IP, DHCP is that is what you have.
-
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet.Well, I don't see the exercise as an attempt at setting up static routes but rather an attempt at creating a double NAT setup. But that might be a useful exercise by itself.
Please add names for each router and device and write IPs and subnets you intend to use (for each interface). On the internet side you can write public IP, DHCP is that is what you have.
now I'm confused.
-
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet.Well, I don't see the exercise as an attempt at setting up static routes but rather an attempt at creating a double NAT setup. But that might be a useful exercise by itself.
Please add names for each router and device and write IPs and subnets you intend to use (for each interface). On the internet side you can write public IP, DHCP is that is what you have.
now I'm confused.
What part? Double NAT vs Static routes? Having a network diagram with detailed info?
-
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
You should expand upon this for networks, as Pete mentions.
-
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet.Well, I don't see the exercise as an attempt at setting up static routes but rather an attempt at creating a double NAT setup. But that might be a useful exercise by itself.
Please add names for each router and device and write IPs and subnets you intend to use (for each interface). On the internet side you can write public IP, DHCP is that is what you have.
Nothing about the diagram implies any NATing or double NATing... Though in a home setup, we assume NATing will take place.
-
@Dashrender said in Project 1 : PFSense Routing:
Nothing about the diagram implies any NATing or double NATing... Though in a home setup, we assume NATing will take place.
Correct. Need more details in the network diagram to be certain.
-
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet.Well, I don't see the exercise as an attempt at setting up static routes but rather an attempt at creating a double NAT setup. But that might be a useful exercise by itself.
Please add names for each router and device and write IPs and subnets you intend to use (for each interface). On the internet side you can write public IP, DHCP is that is what you have.
Likely neither. No static and no double NAT. In theory it's likely single NAT with default routes. But another router is needed so that static to the non-default can be established.
-
I'm still working on setting up the diagram with the IP's
Question though: the Static routing is defined as "upstream gateway" in PFSense correct?
-
@WrCombs said in Project 1 : PFSense Routing:
the Static routing is defined as "upstream gateway" in PFSense correct?
No, upstream gateway is the default.
-
@scottalanmiller said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
@WrCombs said in Project 1 : PFSense Routing:
update: I was able to get the Windows 10 VM onto the internet. Took me forever to figure it out: but the VM was using the wrong setup for the network adapter..
Using the following diagram :
Seems pretty simple to me, Setup the VM to use a Internal Adapter (?) and use Static Routing to hop the connection through the 2 routers and out to the internet.
thoughts?
I can't see any static routing defined here.
But first, Rule no 1 - always give each device a name and write IPs, subnets and CIDR on the network diagram.
Router 1 (left) is connected to the internet. It routes but that is the default route, right? Everything on it's LAN is routed to the default gateway on the WAN. That gateway is either defined as a static IP or through DHCP.
But it's the same with Router 2, connected to the client. It's default gateway for the client LAN and routes everything to the default gateway on it's outside (which is router 1).
If you had both routers on the same LAN it would have been different. Then a client could route some traffic though Router 1 and some traffic through Router 2.
I haven't done it yet, as I said above the diagram, I was using the wrong Adapter setting in Oracle VirtualBox on the windows 10 device,
I stated: Seems pretty simple to me, Setup VM to use Internal (instead of NAT) (?) and use static routing to hop the connection through the 2 routers and out to the internet.
Then asked for Thoughts on my Plan of Action, the Diagram was to give a visual of what I was planning.
@Dashrender I mis read what you said, I thought you said " awesome, then try it with Dynamic Routing"
I haven't done it yet.Well, I don't see the exercise as an attempt at setting up static routes but rather an attempt at creating a double NAT setup. But that might be a useful exercise by itself.
Please add names for each router and device and write IPs and subnets you intend to use (for each interface). On the internet side you can write public IP, DHCP is that is what you have.
Likely neither. No static and no double NAT. In theory it's likely single NAT with default routes. But another router is needed so that static to the non-default can be established.
I have no idea what you want @WrCombs to accomplish. You should probably draw the network diagram.
I can't see anything in his proposed network diagram that the default route wouldn't take care of. I doubt you meant 0.0.0.0/0 when you talked about setting up static routing.
Also, by default pfSense is setup to automatically identify the default gateway on the WAN and set that up as the default route for the LAN. It's under System / Routing / Gateways and then you have static routes under System / Routing / Static Routes. If you want to see pfSenses' routing table it's under Diagnostics / Routes.
-
@Pete-S said in Project 1 : PFSense Routing:
I have no idea what you want @WrCombs to accomplish. You should probably draw the network diagram.
I want there to need to be a non-default route
-
@scottalanmiller said in Project 1 : PFSense Routing:
@Pete-S said in Project 1 : PFSense Routing:
I have no idea what you want @WrCombs to accomplish. You should probably draw the network diagram.
I want there to need to be a non-default route
OK, one scenario I can think of is this:
You have an Edgerouter on your LAN, 192.168.1.0/24, that gives you internet access.
Now you want to add your server fleet (VM host) to the LAN and protect them behind a pfSense firewall/router.All your servers are located on the server LAN, 10.100.1.0/24.
-
How can you let the W10 client have access to the server LAN, for instance 10.100.1.2, by changing the Edgerouter config?
-
How can you access the server LAN from your W10 client directly (without sending that traffic over the Edgerouter)?
-
-
Just remember @WrCombs that you can set up static routes both on the client VMs or the router VMs. Most of the time, you'd want this to be set up on your routers because it's more manageable this way plus you can use dynamic routing protocols at scale. However, in some real-life scenarios like remote access VPN with split tunnelling, a route to the secure remote network needs to be added on the client machine itself (with L2TP at least).
