Hey all,
I have a Win 10 machine with two nics. One NIC is plugged into the corporate network so that I can RDP into it. The other will be plugging straight into a port on my pfSense firewall.
I want to have the Virtualbox VM's run exclusively from that second NIC. I will configure that NIC with a public static IP. I know that Virtualbox will be able to do the NATing.
I'll take care that the physical port is firewalled off in pfSense from crossing over to the LAN. I'm just wondering how I can configure VirtualBox so that it will use exclusivly the NIC that is plugged into the pfSense and NOT the nic that is plugged into the LAN.
Any help would be greatly appreciated.
Thanks!
Network config for running like a DMZ
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Network config for running like a DMZ
Use Bridged mode, bridging the card to the NIC that goes to the pfSense.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 3
- Joined: 21. Feb 2018, 03:36
Re: Network config for running like a DMZ
Will VirtualBox still do a NAT translation with bridged mode? I thought that it would be bridged or NAT (not both), or does the pfSense need to do the NATing in that case?
-
- Site Moderator
- Posts: 27330
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Network config for running like a DMZ
Bridged is Bridged. NAT is NAT. Two different things. See ch. 6.2 onward from the User Manual for details.BoomSchtick wrote:Will VirtualBox still do a NAT translation with bridged mode?
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Site Moderator
- Posts: 39156
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Network config for running like a DMZ
I'm not entirely sure what kind of "translation" would be useful anyway. Passing through the router translates network addresses, and port forwarding is redundant in bridged mode, since the VM already receives everything.BoomSchtick wrote:Will VirtualBox still do a NAT translation with bridged mode?
-
- Posts: 3
- Joined: 21. Feb 2018, 03:36
Re: Network config for running like a DMZ
The idea is to have a DMZ like environment where the VM's will get a private NATed IP but use the public IP to get to the internet. At the same time they will have no access to the rest of the network due to being firewalled off. If one of the devices gets pwned then that VM gets deleted and replaced with a clean one. I can see how bridging could work, but only if I can get the pfSense to do DHCP, NATing and firewalling to the VM's.
Last edited by socratis on 22. Feb 2018, 01:49, edited 1 time in total.
Reason: Removed unnecessary verbatim quote of the whole previous message.
Reason: Removed unnecessary verbatim quote of the whole previous message.
-
- Volunteer
- Posts: 5102
- Joined: 19. Sep 2009, 04:44
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10,7 and earlier
- Location: Sydney, Australia
Re: Network config for running like a DMZ
I think there is a bit of confusion going on here. The normal setup we see is a user using pfSense to give the vms on an internal network Internet access. In that case the pfSense does NAT for the internal network and the public NIC of the router is bridged to the physical network.
Your situation is different. Your host is on a corporate LAN and you want the vms to be in their own network behind a pfSense router firewall. If this is a physical device with actual ports that is not going to work. The vms are on the wrong side of the firewall.
The vms will be in a virtual network and to connect to any other network, they must be bridged to a NIC in the host. If the pfSense is a vm, you could bridge the vms to the "private" side of the firewall and bridge the "public" side of the firewall to NIC2 of the host. If it is a physical device and you bridge your vms to NIC2 of the host they are on the "public" side of the firewall.
Your situation is different. Your host is on a corporate LAN and you want the vms to be in their own network behind a pfSense router firewall. If this is a physical device with actual ports that is not going to work. The vms are on the wrong side of the firewall.
The vms will be in a virtual network and to connect to any other network, they must be bridged to a NIC in the host. If the pfSense is a vm, you could bridge the vms to the "private" side of the firewall and bridge the "public" side of the firewall to NIC2 of the host. If it is a physical device and you bridge your vms to NIC2 of the host they are on the "public" side of the firewall.
Bill