pfsense for noobs

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
Anyone have a good guide for setting up pfsense on an esxi 6.7 host and properly configuring it? I'm trying to learn more of the network setup side, I work pretty much just with hardware.

I picked up a Dell R710 last week and have been playing around with trying to get pfsense set up properly. No matter what I try I lose network connectivity on my PC.

This is what I'm working with

Internet provided by Comcast, I have their X-Fi gateway
Dell powerconnect 3448 switch (want to upgrade this to gigabit soon)
Dell R710 server running ESXi 6.7

What I have tried after setting up the NICs in ESXi
Comcast gateway to NIC 0 configured for WAN on the R710
NIC 1 configured for LAN from server to Dell switch
PC connected to switch

The NICs are configured within ESXi, is there something I need to do on the server itself to allow NIC 1 to act as the LAN port to plug into the switch?

I have tried wiping all VMs and installing pfsense first, I have tried installing pfsense after other VMs have been created.

Not looking for hand holding, but a detailed guide would be awesome, all of the guides I have followed fell short.
 

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
After many hours of sweating (AC went out Fri night) and trial and error I have pfsense running in a VM and passing traffic to the switch. Once I get a gigabit switch and some sort of mesh wifi setup I'll switch the Xfi modem to bridge mode so pfsense can really do its thing.

pfsense.jpg


This vid helped me put all the pieces together for anyone else that might be struggling.

 
Last edited:
  • Like
Reactions: Farva
like this

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
Figured I'd just add youtube vids that have helped me out with pfsense.

I was getting a warning in Destiny 2 that I had a strict NAT configured and that would degrade gameplay. Found this walkthrough and it fixed my gaming issue. The guide is for xbox/ps4 but same settings apply to a gaming PC

 

Shockey

[H]ard|Gawd
Joined
Nov 24, 2008
Messages
2,000
Nice job figuring it out ;)

Since you aren't using X-Fi, might be worth buying your own modem and not paying rental fee.
 

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
Nice job figuring it out ;)

Since you aren't using X-Fi, might be worth buying your own modem and not paying rental fee.
Thats the plan. The 10/100 switch I'm using will be replaced by a gigabit switch, then the X-fi gateway will be replaced by my own modem.
 

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
good video series here, little dated but a wealth of knowledge.

 
  • Like
Reactions: Meeho
like this

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
pfsense is now handling all firewall, DHCP, routing etc. I replaced the 10/100 Dell switch with an inexpensive fully managed DLink gigabit switch and added a mesh wifi sustem behind the router to handle wifi for the house. Total spent for the server, switch, wifi setup was about $350

also have pihole setup in a VM to do adblocking for every device on the network. A VPN will be my next project.
 

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
pfsense is now handling all firewall, DHCP, routing etc. I replaced the 10/100 Dell switch with an inexpensive fully managed DLink gigabit switch and added a mesh wifi sustem behind the router to handle wifi for the house. Total spent for the server, switch, wifi setup was about $350

also have pihole setup in a VM to do adblocking for every device on the network. A VPN will be my next project.

You can also use the PFBlockerNG package in pfsense to handle ads/malware directly at the edge.

Setting up OpenVPN with cert auth is like a 15 minute job in pfsense as well.
 

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
You can also use the PFBlockerNG package in pfsense to handle ads/malware directly at the edge.

Setting up OpenVPN with cert auth is like a 15 minute job in pfsense as well.
I tried PFBlocker too, I havent decided which one I prefer. I had openvpn set up but I blew all my VM's away yesterday and am starting over. I have an old PC here with dual gigabit nics I'm going to set pfsense up as a standalone rather than in a VM.
 

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
I tried PFBlocker too, I havent decided which one I prefer. I had openvpn set up but I blew all my VM's away yesterday and am starting over. I have an old PC here with dual gigabit nics I'm going to set pfsense up as a standalone rather than in a VM.
That would have been a good time to test the config backup/restore functions of pfsense.

pfsense sense is supported running as a VM. I've had multiple enterprise setups for offices as well as at home, all running on a VM for years with no issues.
 

leezard

[H]ardness Supreme
Joined
Aug 24, 2004
Messages
4,579
That would have been a good time to test the config backup/restore functions of pfsense.

pfsense sense is supported running as a VM. I've had multiple enterprise setups for offices as well as at home, all running on a VM for years with no issues.
Yeah, I know its well suppoirted in a VM. Main reason I want to run it stand alone is since I'm learing things by trial and error as far as setting up other things in esxi and networking them etc I want to seperate the router from the esxi server so once I have it configured properly anything I do with the VMs, virtual switches etc wont affect it.
 

Biznatch

2[H]4U
Joined
Nov 16, 2009
Messages
2,224
Yeah, I know its well suppoirted in a VM. Main reason I want to run it stand alone is since I'm learing things by trial and error as far as setting up other things in esxi and networking them etc I want to seperate the router from the esxi server so once I have it configured properly anything I do with the VMs, virtual switches etc wont affect it.
That's a perfectly valid reason. But that could also be used as an excuse to buy a second server and build a SAN to play with clustering/live migration ;)
 
Joined
Jun 1, 2018
Messages
692
most people here wont understand this, but anything running pfsense is kind of a piece of junk... if you want to learn more networking buy an asa 5505($80) off ebay. it can still be upgraded to current os image. now cisco gear is definitely junk, but there is a lot of documentation and the command set and behavior is more in line with vanilla networking concepts.

so you can write 4-5 lines of cisco commands and get a trunk and gateway working to your hypervisor and learn a ton about real networking, or you can fight the piece of junk that is pfsense and only literal who's actually run at their enterprise. im giving you a gold tip here if the intention is to learn admin stuff.
 

IdiotInCharge

[H]ardForum Junkie
Joined
Jun 13, 2003
Messages
13,265
Cisco largely has their own language, which doesn't line up with real networking concepts at all...

You'd do best to learn the RFCs and then apply that to vendor-specific language if it differs, like ahem, Cisco.
 
Top