Tuesday, November 8, 2011

Experimental Networks with pfSense

Virtual Networks

In addition to providing an easy way to test operating systems, VirtualBox also provides a way to test networks.



Turn off VirtualBox's internal DHCP server (via Preferences).

  1. Create a new guest on VirtualBox as a 64-bit FreeBSD instance. pfSense has very light resource requirements.
  2. Assign 128Mb of RAM and 8Gb of storage.
  3. Create two network interfaces. Both should be PCnet ll (Am79C970A)—FreeBSD has native support for these cards. One should be internal (intnet) and the other should be either NAT or Bridged.

Install pfSense

  1. Download pfSense. I used the Chicago mirror.
  2. Install using Quick Install.
  3. Assign one interface le0 to WAN and the second, le1, to LAN.
  4. Then point your browser (from a machine on your internal network) to https://ipaddress

You may want to change the subnet for your experimental network. I use to avoid colliding with 192.168.x.x and networks that are more common.

pfSense also includes a DHCP server by default. If you are testing DHCP services on your internal network, be sure to turn it off. It's listed under Services.

Finally, if you are running DHCP on your lan (host machine network), you may want to set up a DHCP lease reservation for the WAN interface to ensure you always get the same IP address for your experimental network.

Set Static IP on Ubuntu

If you are going to run DHCP on your experimental network, you'll need to assign a static ip to your DHCP server. Edit /etc/network/interfaces

auto eth0
iface eth0 inet static

Note that your values may differ. Then restart networking

$ sudo /etc/init.d/networking restart

Set Full Hostname on Ubuntu

Edit /etc/hosts to provide your machine with a fully qualified domain name:   stemsrv01.lab.lan stemsrv01 localhost   stemsrv01.localdomain   stemsrv01

Note that order matters. See the following post.

Port Forwarding

You may want to access the machines on your experimental network via SSH. To enable this, you'll need to turn on port forwarding on pfSense. But before you do, make sure you uncheck Block private networks on your WAN interface settings.

Then go to Firewall -> NAT and create a new port forwarding rule (in this case, forward WAN port 2222 to 22 on an internal host).

No comments: