-2

I just want to ask for help about pfSense., I used pfSense because my router doesn't support a port forwarding however pfsense's wan IP in virtualbox is different from my host operating systems public IP and for that i cant access my computer remotely if I'm not at home... :(

I've already tried watching tutorials but still can't figure out on how to make it

Does anyone knows how to make pfsense wan IP the same with my host operating system public IP address?

Somebody Help Please :(

user3676924
  • 1
  • 1
  • 2
  • If your computer is sitting behind a NAT device (router or modem) setting up port forwarding on a device behind it wont do anything unless you place your computer (which hosts pfSense) in a DMZ (when there isn't a port forwarding rule, all incoming connections are directed to the IP in the DMZ). You could set the first NIC in the vm to bridged mode and then place the pfSense machine in the DMZ, I use pfSense in a similar configuration to bridge my office's network to wifi. – sean_m Jun 13 '14 at 20:15
  • How can I do that for my router doesn't support DMZ also , do you know how to configue it using other software like pfsense? And by the way thanks for the Help :D – user3676924 Jun 13 '14 at 20:39
  • How is this a question about programming? – Charles Duffy Jun 13 '14 at 20:49
  • @CharlesDuffy You're right, this should go on superuser.com but to user3676924's question, if your router doesn't support any of that, you're kind of boned. NAT's purpose is to obfuscate many private IP addresses behind a single public IP, so if you can't setup port forwarding or have a default incoming route (DMZ) then your only course of action is to buy a new gateway device or try flashing yours with an open firmware. – sean_m Jun 13 '14 at 21:28
  • ...well. It's *possible* to take the router out of the loop, bridge a physical interface from your cable modem to your VM, run a NATting firewall on that VM, and then connect your host to the network via a second virtual interface (bridging from that to a second physical interface, if you have other devices to put on your network, and perhaps putting your wireless access point behind that). It's just a complicated enough piece of configuration that trying to talk someone through it on a forum seems prone to failure. And, also, off-topic on StackOverflow. – Charles Duffy Jun 13 '14 at 21:32
  • Eh. Answering, but also hoping someone votes with me to migrate this to somewhere it's more appropriate. – Charles Duffy Jun 13 '14 at 21:44

1 Answers1

1

First -- you can't do your routing anywhere else; if you have an upstream router, take it out, and connect your cable modem (or other upstream connection) directly to the machine you're running the VM on.

Second -- since this virtual machine will be running NAT for your connection, your host OS will need to be getting its IP (and its connection) via a second interface on the VM.

Third -- if you have other systems on your network (and if you want wireless, you'll be taking your wireless router, disabling the "router" part of its functionality to make it a simple bridge, and using it here), you'll want to plug them into a second interface on your host (yes, this means you might need to buy a second NIC), and bridge that second interface to your guest separately. YOUR HOST SHOULD ONLY EVER HAVE AN IP ADDRESS ON THIS INTERFACE, NOT THE ONE GOING IN FROM THE CABLE MODEM.

So, from the host's perspective, what you need (if using Windows -- the way bridges work on Linux is a bit different, and IMHO saner) looks like this:

modem -> eth0 -> [VM] -> eth1 -> Router

...where...

  • modem is your upstream link to the world
  • eth0 is a physical interface on your host WHICH HAS NO IP ADDRESS ASSIGNED, and exists only to run a bridge to the virtual machine
  • Your VM has two separate virtual interfaces, bridged respectively to eth0 and eth1
  • eth1 is a second physical interface on your host, which your host gets its IP address and communicates to
  • router is, actually, not behaving as a router at all, but as a wireless bridge. Decent routers can be reconfigured this way. If yours isn't decent, replace it.

This means you'll need to buy a second Ethernet device if you don't have one already. Don't skip that step -- attempts to do so will result in something that, if it works at all, will have only purely illusory security.

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441