I run pfSense in a VM in my server. A physical 2 port gigabit NIC is passed through to the VM for WAN and LAN. My server is supposed to get an internet connection through a virtual bridge, that is added to the pfSense VM as well.
Maybe this helps to explain it (I made it a while ago, the server IP is actually 10.0.1.2 and I am using VLAN 2 for guest):
Everything works on the LAN interface.
Behavior on server (connected to OPT1)
- I can access pfSense (on 10.0.1.254 but also on 10.0.0.254 and 10.0.2.254)
- I can do DNS lookups
root@server:~# nslookup google.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: google.com
Address: 216.58.211.110
Name: google.com
Address: 2a00:1450:400e:809::200e
- I can ping devices on LAN:
root@server:~# ping 10.0.0.101
PING 10.0.0.101 (10.0.0.101) 56(84) bytes of data.
64 bytes from 10.0.0.101: icmp_seq=1 ttl=63 time=0.319 ms
64 bytes from 10.0.0.101: icmp_seq=2 ttl=63 time=0.546 ms
64 bytes from 10.0.0.101: icmp_seq=3 ttl=63 time=0.463 ms
- I can ping stuff on the internet
root@server:~# ping example.com
PING example.com (93.184.216.34) 56(84) bytes of data.
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=1 ttl=54 time=92.3 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=2 ttl=54 time=92.5 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=3 ttl=54 time=92.1 ms
-
I can’t do any TCP requests. Browser doesn’t work, neither does
telnet google.com 80
. - I can’t SSH into the server from LAN (
ssh [email protected]
). - I can ping the server from LAN. (
ping 10.0.1.2
). - I can SSH into the server from WAN, after port forwarding (
ssh root@myexternalip -p 2222
).
Firewall rules
DHCP server
LAN: Enabled: 10.0.0.1-10.0.0.253
SERVER: Enabled: 10.0.1.2-10.0.1.253
IP Route
On my desktop (LAN):
robin@pop-os:~$ ip route
default via 10.0.0.254 dev enp33s0 proto dhcp metric 100
10.0.0.0/24 dev enp33s0 proto kernel scope link src 10.0.0.101 metric 100
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
On my server (OPT1):
root@server:~# ip route
default via 10.0.1.254 dev virbr0 proto dhcp src 10.0.1.2 metric 100
10.0.1.0/24 dev virbr0 proto kernel scope link src 10.0.1.2
10.0.1.254 dev virbr0 proto dhcp scope link src 10.0.1.2 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-cd18ef605502 proto kernel scope link src 172.18.0.1
172.19.0.0/16 dev pterodactyl0 proto kernel scope link src 172.19.0.1 linkdown
172.20.0.0/16 dev br-7477a87eb961 proto kernel scope link src 172.20.0.1 linkdown