hi,
i am running linux mint as a host and want to use pfsense as a guest.
the setup doesn't seem complicated if i just bridge the wan and lan ports using two nics.
but this would leave the host exposed while allowing the rest of my network to be secure behind the pfsense router.
i want to run the host behind the pfsense firewall as well.
is there a sticky or guide that would show me how to do this?
the pfsense virtual machine would be my only router in the setup and would have dhcp enabled.
thanks.
If you're trying to protect the LAN then use a separate physical device or a virtual device implemented on a Physical Machine that is not also being used directly by a User.
That said, if you want to isolate the Host while the Virtual Machine is being Bridged then assign a link-local address 169.254.0.0/16 (or for IPv6 us a fe80::/64 prefix) to the Host's Physical NIC. Then the host can communicate with the guests using a VMnet.
That does indeed work. You can then 'share' your VM and have it automatically power on after your host starts. This is configured by right-clicking "Shared VMs" --> "Manage AutoStart VMs..."
ok, i will give it a try.
i just found that using a consumer router didn't provide enough power for openvpn, that's why i wanted to use my desktop which has the haswell chip. obviously i didn't want to dedicate it solely as a pfsense router ergo the original question.
so your setup would prevent the host (linux) from acquiring an ip address from the modem but would cause it wait until the guest (pfsense) starts and hands out ip addresses?
if so, then that sounds exactly what i need.
i will get the pc running with pfsense and then try to figure out how to assign a link-local address.
i don't know about this at all, but i checked on google and got this . . .
GNU/Linux systems typically use "ip" (from the "iproute" package) to configure addresses. A link-local address would be added using something like
ip address add dev eth4 scope link fe80::21b:21ff:febb:5db0/64 If your problem is that you don't know what exact address you should use as the link-local address: These addresses are typically derived from the hardware (MAC) address of the interface.
Take the MAC address of the interface (the "link/ether" field in the result of "ip link show dev ..."), and convert it to Modified EUI-64 according to this procedure.
Then add "fe80::" (standard link-local prefix) to the left and "/64" (as the subnet prefix length) to the right.
am i on the right track here?
thanks.
hammer4 wrote: am i on the right track here?
I would simple go in to the adapters settings and on the IPv4 and IPv6 tabs select Link-Local Only! ![]()
