Difference between revisions of "Using PFsense on my ESXi server"
Ccunha64415 (talk | contribs) |
Ccunha64415 (talk | contribs) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 22: | Line 22: | ||
Settings used to create this article: | Settings used to create this article: | ||
| − | - Agile S server, Intel® Xeon® E3 1220v5(4c/4t) processor, 8GB ram and 1TB HDD. With of course an additional | + | - Agile S server, Intel® Xeon® E3 1220v5(4c/4t) processor, 8GB ram and 1TB HDD. With of course an additional IP. |
- Operating system : ESXI 6.7 | - Operating system : ESXI 6.7 | ||
| Line 28: | Line 28: | ||
- Network Settings: | - Network Settings: | ||
| − | Main | + | Main IP: 213.246.45.105/24 |
| − | Additional | + | Additional IP: 213.246.45.104/24 |
| − | Gateway | + | Gateway IP: 213.246.45.1 |
| − | == | + | == Deploying the router vm under PfSense== |
| − | === | + | === How to create a virtual lan network=== |
First, we will create our virtual switch by going to the "Networking" section and clicking on "Add a standard virtual switch": | First, we will create our virtual switch by going to the "Networking" section and clicking on "Add a standard virtual switch": | ||
| Line 60: | Line 60: | ||
So we named our port group "LAN-Ports-Group" and selected our LAN vswitch. | So we named our port group "LAN-Ports-Group" and selected our LAN vswitch. | ||
| − | === | + | === How to Create the PfSense VM in ESXI=== |
| + | |||
We create the virtual machine, with this parameters: | We create the virtual machine, with this parameters: | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
[[Fichier:Pfs5.PNG]] | [[Fichier:Pfs5.PNG]] | ||
| Line 79: | Line 75: | ||
[[Fichier:Pfs7.PNG]] | [[Fichier:Pfs7.PNG]] | ||
| − | When adding this network adapter, please make sure to assign it the LAN network: | + | When adding this network adapter, please make sure to assign it the our LAN network: |
[[Fichier:Pfs8.PNG]] | [[Fichier:Pfs8.PNG]] | ||
| Line 88: | Line 84: | ||
[[Fichier:Pfs9.PNG]] | [[Fichier:Pfs9.PNG]] | ||
| − | ===installation | + | ===pfSense settings and installation=== |
| − | + | At pfSense Installer choose the default options, For the partitioning, we've pick the following : | |
[[Fichier:Pfs10.PNG]] | [[Fichier:Pfs10.PNG]] | ||
| − | + | ||
| + | Once you have finished installing PfSense and restarted your vm, you will have access to the PfSense interfacen which should look like this: | ||
[[Fichier:Pfs11.PNG]] | [[Fichier:Pfs11.PNG]] | ||
| − | + | In the following screenshot, you can check the following: | |
| − | - | + | -The wan tab -> Em0 -> 213.246.45.104 (which is the additional IP). |
| − | + | In your case, you will have to assign the additional IP to the Wan interface using option 2. | |
| − | |||
| − | |||
| − | |||
| + | -The LAN tab corresponds to the Em1 interface that we added when we created the PfSense VM. | ||
| + | Here is what it corresponds to at the vm level on ESXI : | ||
[[Fichier:Pfs12.PNG]] | [[Fichier:Pfs12.PNG]] | ||
| − | === | + | ===How to configure the internet connexion in the LAN === |
| − | |||
| − | |||
| + | In order to the virtual machines can connect to the internet you need to performe the following commands in the PfSense Shell. | ||
[[Fichier:Pfs13.PNG]] | [[Fichier:Pfs13.PNG]] | ||
| − | + | To access the shell, select the option 8. | |
| − | + | Once in the shell, the first thing to do, is to delete default route by entering this command: | |
<code>route del default</code> | <code>route del default</code> | ||
Latest revision as of 14:46, 11 October 2022
en:Using PFsense on my ESXi server fr:Utiliser PFsense sur mon serveur ESXi
INTRODUCTION
In this article we will explain how to set up a PfSense Virtual Machine on an ESXI hypervisor with a server rented from IKOULA with an additional IP.
This will allow you to have multiple virtual machines accessible from the internet using your PfSense firewall NAT rules.
Required :
- A server from the family AGILE
- An additional IP address, can be ordered at your Client Area
- ESXI 6.7 installed on your server
We will assume that ESXI is already installed on your server and functional.
Settings used to create this article:
- Agile S server, Intel® Xeon® E3 1220v5(4c/4t) processor, 8GB ram and 1TB HDD. With of course an additional IP.
- Operating system : ESXI 6.7
- Network Settings:
Main IP: 213.246.45.105/24
Additional IP: 213.246.45.104/24
Gateway IP: 213.246.45.1
Deploying the router vm under PfSense
How to create a virtual lan network
First, we will create our virtual switch by going to the "Networking" section and clicking on "Add a standard virtual switch":
In the the next open window, we advise you to select the parameters as show in the picture:
We've decided to name our Switch "LAN". Once the switch is created, we will assign a port group. We need to go to the "port groups" tab and click on Add a port group as shown here :
Once you click on "add a port group", this window will appear: Fichier:Pfs4.PNG
So we named our port group "LAN-Ports-Group" and selected our LAN vswitch.
How to Create the PfSense VM in ESXI
We create the virtual machine, with this parameters:
Here are the characteristics we have chosen for our PfSense :
At this level, we need to add a network card, which will be used to connect our virtual machines through our virtual LAN. To do this we must click on add a network adapter:
When adding this network adapter, please make sure to assign it the our LAN network:
Finally, you will have to select the ISO image of PfSense in the virtual drive. You can then start the installation of PfSense. By default the keyboard is qwerty but you can change this by clicking on the flag as explained here :
pfSense settings and installation
At pfSense Installer choose the default options, For the partitioning, we've pick the following :
Once you have finished installing PfSense and restarted your vm, you will have access to the PfSense interfacen which should look like this:
In the following screenshot, you can check the following:
-The wan tab -> Em0 -> 213.246.45.104 (which is the additional IP). In your case, you will have to assign the additional IP to the Wan interface using option 2.
-The LAN tab corresponds to the Em1 interface that we added when we created the PfSense VM. Here is what it corresponds to at the vm level on ESXI :
How to configure the internet connexion in the LAN
In order to the virtual machines can connect to the internet you need to performe the following commands in the PfSense Shell.
To access the shell, select the option 8.
Once in the shell, the first thing to do, is to delete default route by entering this command:
route del default
Maintenant il faudra créer une route sur l’interface Wan ici em0, l’ip ici correspond à la passerelle de notre ESXI et qui est la même que celle de l’ip supplémentaire (propre au réseau IKOULA) à savoir 213.246.45.1 :
route add 213.246.45.1 /32 -link -iface em0
Pour finir on devra créer la route par défaut pour pfSense via cette commande :
route add default 213.246.45.1
Une fois cela fait, toutes vos VM reliée au réseau LAN auront accès à internet.
Cependant, celles-ci ne seront pas accessibles depuis l'extérieur depuis des connexions RDP ou SSH par exemple.
Pour que vos VM soient accessibles , il faudra créer des règles de pare-feu au niveau de votre PfSense.
Nous verrons cela dans un autre article.