So I finally got PFsense working

[BlackManINC]

Now I'm making progress, finally got PFsense working. So what I'm trying to do is make a type of sandbox, a testing environment that doesn't communicate to the outside world, but can still get to the internet, if that makes sense. So is this IP configuration correct in the image below? I have the pfsense WAN set up as a bridged adapter, while the Windows VM adapter is set up as "internal network". The one on the left is the Windows 10 VM. 

 

 

 

[Eww]

Im not clear on what your end goal is. Do you mean that you want a network segment that can only communicate with the internet, and nothing on your LAN? Where are you running pfsense and where do you want the 'isolated' machine to be? What is this isolated machine used for?

[BlackManINC]

On 11/7/2021 at 5:56 PM, Eww said:

Im not clear on what your end goal is. Do you mean that you want a network segment that can only communicate with the internet, and nothing on your LAN? Where are you running pfsense and where do you want the 'isolated' machine to be? What is this isolated machine used for?

 Never mind, I got it working. Its a type of 'hide-the-LAN-but-get-internet' sandbox I wanted, as explained in the link below. My O.S VM has a different address range assigned to it than the host machine, so it looks like its working. 

 

Link: https://forums.virtualbox.org/viewtopic.php?f=35&t=96608#p468780

[JacobFW]

On 11/6/2021 at 12:39 PM, BlackManINC said:

Now I'm making progress, finally got PFsense working...

My sympathies for your los...t time

 

[BlackManINC]

On 11/8/2021 at 9:24 PM, JacobFW said:

My sympathies for your los...t time

 

 

On 11/7/2021 at 5:56 PM, Eww said:

Im not clear on what your end goal is. Do you mean that you want a network segment that can only communicate with the internet, and nothing on your LAN? Where are you running pfsense and where do you want the 'isolated' machine to be? What is this isolated machine used for?

Actually, I thought I had it figured out, but not quite it seems. Basically, I'm now trying to set up a second interface so that it can connect to the internet the same way as interface em1 shown below, the Windows VM. I have it set up right in the "network" settings for the pfsense vm, but I still can't connect my second internal vm to the internet. So do I have to assign an IP address to 'Em2'? And if so, how exactly? Its asking me to type in the "WAN upstream gateway address", which I'm assuming is the one shown in the image below (10.0.0.127/24), but it keeps saying its "not an IPv4 address". That doesn't make sense at all to me if interface em1 connects to the internet perfectly fine through it. 

 

[Alex Atkin UK]

As it says on the page, leave it blank if its a LAN interface.  Although I can't really tell what you're trying to achieve on this second interface.

 

This is a bit of a weird way to be doing this in general, you'd normally isolate different LANs at the main router, not one that is connected to the LAN.

[BlackManINC]

13 hours ago, Alex Atkin UK said:

As it says on the page, leave it blank if its a LAN interface.  Although I can't really tell what you're trying to achieve on this second interface.

 

This is a bit of a weird way to be doing this in general, you'd normally isolate different LANs at the main router, not one that is connected to the LAN.

 I figured it out. I was making it way too hard on myself, when the solution was right in front of me, where it says "Lan". ....Now I have a completely isolated sandbox similar to how its done for enterprise environments. 

[Alex Atkin UK]

1 hour ago, BlackManINC said:

 I figured it out. I was making it way too hard on myself, when the solution was right in front of me, where it says "Lan". ....Now I have a completely isolated sandbox similar to how its done for enterprise environments. 

Like I said though, pretty sure enterprise would keep all LANs on the router/firewall, anything on the WAN side of the router can potentially be accessed unless you're careful with your NAT rules as the default configuration is to allow access to EVERYTHING on the WAN side from the LAN side.

It will block you seeing auto-configuration devices that broadcast to the LAN, but it wont block access if someone guesses the IP address of your LAN clients and tried to connect directly, NAT will happily forward that through by default.