In addition to providing an easy way to test operating systems, VirtualBox also provides a way to test networks.
Turn off VirtualBox's internal DHCP server (via Preferences).
- Create a new guest on VirtualBox as a 64-bit FreeBSD instance. pfSense has very light resource requirements.
- Assign 128Mb of RAM and 8Gb of storage.
- Create two network interfaces. Both should be PCnet ll (
Am79C970A)—FreeBSD has native support for these cards. One should be internal (
intnet) and the other should be either NAT or Bridged.
- Download pfSense. I used the Chicago mirror.
- Install using Quick Install.
- Assign one interface
le0to WAN and the second,
le1, to LAN.
- Then point your browser (from a machine on your internal network) to
You may want to change the subnet for your experimental network. I use
172.16.50.1 to avoid colliding with
10.0.0.0 networks that are more common.
pfSense also includes a DHCP server by default. If you are testing DHCP services on your internal network, be sure to turn it off. It's listed under Services.
Finally, if you are running DHCP on your lan (host machine network), you may want to set up a DHCP lease reservation for the WAN interface to ensure you always get the same IP address for your experimental network.
Set Static IP on Ubuntu
If you are going to run
DHCP on your experimental network, you'll need to assign a static ip to your
DHCP server. Edit
auto eth0 iface eth0 inet static address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1
Note that your values may differ. Then restart networking
$ sudo /etc/init.d/networking restart
Set Full Hostname on Ubuntu
/etc/hosts to provide your machine with a fully qualified domain name:
127.0.0.1 stemsrv01.lab.lan stemsrv01 localhost 127.0.1.1 stemsrv01.localdomain stemsrv01
Note that order matters. See the following post.
You may want to access the machines on your experimental network via SSH. To enable this, you'll need to turn on port forwarding on pfSense. But before you do, make sure you uncheck Block private networks on your WAN interface settings.
Then go to Firewall -> NAT and create a new port forwarding rule (in this case, forward WAN port 2222 to 22 on an internal host).