Router Tricks

Using pfSense on VirtualBox for Windows using only One Virtual Machine

pfSense on VirtualBox

I’ve been experimenting with pfSense (firewall software you can use for DIY routers). Following this guide by Get Labs Done, I was able to install pfSense in a Virtualbox virtual machine in Windows 10 (with hypervisor disabled). If you do this, keep in mind this should be done purely for development/testing purposes and not to use as your network’s gateway.

Setting up Two Networks on VirtualBox

Essentially, you install pfSense as a virtual machine with two network cards, the first being a bridge to your physical network, and the second being internal.

When booted pfSense will detect both cards, the “WAN” side (side facing the internet) will be your actual physical network (i.e., behind my home physical router, so something like 192.168.X.X), while the “Lan Side” will be a Vlan (in the example 10.1.1.1/24) where you can connect clients. You then install a second virtual machine and set that up as having a gateway as being the pfSense virtual router 10.1.1.1 on that network. You run both virtual machines simultaneously which can be a load on your host PC.

SSH and Browser Access to pfSense From Windows Host

What stumped me was how to SSH into the box from my Windows host machine or even to access from the host the pfSense web interface. The Get Labs Done tutorial has you accessing pfSense VM through the browser on the second VM using the 10.1.1.1 network.

After opening up the SSH port through the command line on the pfSense box using “ufw allow 22”, ssh was still blocked. I then realized pfSense itself must be blocking it.

Disable the pfSense Private Network Block

The secret to enabling SSH from your host to pfSense is to disable pfSense’s blocked private network firewall rule (I’m sure there are security reasons for this rule, but as mentioned above, do this only on a development setup not if you are actually using the pfSense install for a network gateway):

  1. After setting up pfSense using this guide, log into pfSense using the browser in the second VM you setup using the guide which is on the Lan 10.1.1.1 sdie of the network:

  2. Select Interfaces->Wan

  3. Scroll down to “Reserved Networks” and uncheck “Block Private Networks and Loopback Addresses”. Save.

  4. That’s it. You should now be able to ssh into the WAN Side (i.e., 192.168.X.X) at the ip address shown in the pfSense menu:

  5. In addition, on your Windows host, you can go to the same address using your browser (https://192.168.0.19 in my case) and logging into pfsense.
  6. After setting this up, I was able to make my first pfSense VM instance headless, and shutdown my second VM instance to lighten the load on my PC, while still having full access to pfSense using my browser and ssh.
Charlie

Recent Posts

Need to Move Your Router’s Existing DHCP IP Reservations to A New Router ? Try Uproot – a Static Lease Conversion Utility

I just released a new open source project on github called Uproot. What is Uproot…

2 weeks ago

Keyboard Browser Navigation Nirvana – Must Have Tools for Keyboard Ninjas

Keyboard Shortcuts Recently I've been coding quite a bit (working on a dart command line…

4 weeks ago

Firefox – Where did my pinned tabs go ?

Firefox Pinned Tabs Firefox provides the ability to "pin" a tab, so it stays in…

2 months ago

Creating a Shortcut to Windows Terminal (Or Any Other App That Doesn’t Show Shortcut Option)

Weirdly, Windows Terminal does not allow you to create a shortcut - there's no obvious…

6 months ago

Simplest Wireguard Setup Ever

Wireguard Wireguard is the newest way to setup a VPN for your home servers. What…

7 months ago

Fix Your Smart Home – Stop Tasmota Devices From Switching Randomly

While working on fixing my KuLED light switches from magically but unexpectedly switching on, I…

9 months ago