pfSense or a server's own routing?

Discussions related to using VirtualBox on Windows hosts.

pfSense or a server's own routing?

Postby AndyA » 24. Aug 2019, 15:46

Hi,

I've set up VB 6.0.10 with Windows Server 2008 R2 Standard and a Windows 7 Pro workstation. I want the server DHCP scope on a separate subnet but I also want the workstation to have Internet access.

Every post I've read uses a virtual router like pfSense for the routing.

But Windows Server 2008 has a routing function (and static routing can also be configured).

Why is pfSense recommended instead of Windows Server's own routing for simple subnet routing?

regards, AndyA
AndyA
 
Posts: 6
Joined: 24. Aug 2019, 15:27

Re: pfSense or a server's own routing?

Postby scottgus1 » 24. Aug 2019, 20:38

I have recommended pfSense as the intermediary between a test lab of guests and the host/LAN/world because pfSense can block access to the host's LAN and keep any network services on the test lab from interfering with the physical LAN while allowing internet access for the test lab. pfSense can effectually ensure that the lab does not know there's a host or a physical LAN out there while having the whole internet available. Useful for testing domain controllers & clients in an already domain-controlled office, for example. See viewtopic.php?f=1&t=76667#p356720

pfSense does not have to be the DHCP server. pfSene's DHCP server can be turned off & have a server guest in the test lab be the DHCP server.
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
 
Posts: 4262
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Win7

Re: pfSense or a server's own routing?

Postby AndyA » 24. Aug 2019, 22:38

Thanks for your reply. I'll read the post in the link in detail later.

I understand the advantages of pfSense for security, but I'm setting up a short-term lab server that will be used only by me. Security is not an issue. My web browsing will be limited to google to check that the Internet is working.

So, I'm looking for the *simplest* way to install a router, not the safest.

Do you know of a link to explain how to use built-in Windows Server routing instead of pfSense?

regards, AndyA
AndyA
 
Posts: 6
Joined: 24. Aug 2019, 15:27

Re: pfSense or a server's own routing?

Postby scottgus1 » 25. Aug 2019, 00:01

You could look at section 6 of the manual to see the types of Virtualbox networking you might try. I don't know of a specific tutorial nor know all the ways Windows Server can connect networks. But in the Server guest I'd try two network adapters in the Server guest, the first attached to NAT to allow the internet in, and the second to an 'Internal' network to which a client guest or two can also be connected. Have the Server guest use the NAT adapter act as the WAN side, and the Internal network as the LAN side. Then it can act as a router & DHCP server over the Internal network. How one makes a Windows Server act as a router? Got no idea. Google time...
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
 
Posts: 4262
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Win7

Re: pfSense or a server's own routing?

Postby BillG » 25. Aug 2019, 01:52

It is never a good idea to route through the host OS. The host should not be part of your virtual setup. Think of the host as a "black box" which powers your virtual system, not a part of it. That applies especially to the routing setup. Your host should know nothing about your virtual network setup.
Bill
BillG
Volunteer
 
Posts: 4165
Joined: 19. Sep 2009, 04:44
Location: Sydney, Australia
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 7,8,Server

Re: pfSense or a server's own routing?

Postby AndyA » 25. Aug 2019, 20:23

I think you need to re-read my initial post.

Nothing will be routing through the host OS.

Windows Server 2008 R2 Standard (English) is a guest, as is Windows 7 Pro x64 (French).

My host will not be involved in the routing that will be performed by the guests.

regards, AndyA
AndyA
 
Posts: 6
Joined: 24. Aug 2019, 15:27

Re: pfSense or a server's own routing?

Postby BillG » 26. Aug 2019, 04:48

Are you running RRAS as your router? That will work fine if you give the server two NICs - on in the private (virtual) network and one bridged to the physical network as the router's "public" NIC.

The reason for recommending pfSense is that people usually want to run their server as a DC, and running a DC as a router as well is definitely a no-no (no matter whether it is a physical or virtual server).
Bill
BillG
Volunteer
 
Posts: 4165
Joined: 19. Sep 2009, 04:44
Location: Sydney, Australia
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 7,8,Server

Re: pfSense or a server's own routing?

Postby AndyA » 26. Aug 2019, 11:49

Hi, Bill.

Yes, I've installed RRAS to enable routing on my test server. In VB, I gave the server two NICs, one bridged to the local network and one on a private network. They're both present in the server Device Manager and I can configure both adapters via Network and Sharing Center | Change adapter settings, but the private adapter is not found under RRAS | IPv4 | General. (The bridged adapter is found there.) When I right-click on General | New Interface, I'm told that there are no new interfaces available. There's something very simple that I'm not doing.

I've found lots of documentation for this on the web: here, for example, but I'm not yet able to see the internal adapter under RRAS.

Any suggestions would be appreciated.

Again, my goal is to use Windows Server 2008 R2 Standard as a router to simplify use of a subnet for one or two workstations.

regards, AndyA
AndyA
 
Posts: 6
Joined: 24. Aug 2019, 15:27

Re: pfSense or a server's own routing?

Postby scottgus1 » 26. Aug 2019, 14:25

Lets first clarify if the Virtualbox network is working. We will run 'ping' tests.

Put the server OS in its default configuration, with a Bridged network and a "Private" (which in Virtualbox parlance would be the "Internal") network. Don't try to set up the "router server" function yet.

Attach a client to the Internal network too.

There are no DHCP servers on Internal networks, so you will probably need to set static IP addresses on the Internal network adapters in the server and client guests for the ping test.

Windows defaults to blocking 'ping', so turn that on in the firewalls.

Can you ping back and forth between the host and the server guest on the Bridged side? Can you ping back and forth between the server guest and the client guest on the Internal side?
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
 
Posts: 4262
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Win7

Re: pfSense or a server's own routing?

Postby AndyA » 29. Aug 2019, 11:59

FOA, thanks for your detailed instructions. Sorry for my extensive delay in responding.

I removed Network Policy and Access Services as a server role.

The host can ping the server and vice versa. The server sees both the WAN and LAN (internal) NICs in ncpa.cpl. The server's IP address on the WAN adapter is 192.168.0.200; on the LAN adapter it's 192.168.1.200.

There is a single Win 7 Pro client. Its IP address is 192.168.1.20. It uses the server LAN address (192.168.1.200) as the primary DNS and as the default gateway.

The client could ping the server without changing any server firewall rules. However, the server could not ping the client until a rule for echo request ICMPv4 was enabled in the client firewall.

So, now the server and client can ping each other.

I'd be especially grateful for any suggestions. Am I ready to re-install the Network Policy and Access Services server role?

regards, AndyA (who promises to respond more quickly)
AndyA
 
Posts: 6
Joined: 24. Aug 2019, 15:27

Re: pfSense or a server's own routing?

Postby BillG » 29. Aug 2019, 13:02

It is hard to see any Virtualbox connection in those questions. They sound like pure Windows Server questions.
Bill
BillG
Volunteer
 
Posts: 4165
Joined: 19. Sep 2009, 04:44
Location: Sydney, Australia
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 7,8,Server

Re: pfSense or a server's own routing?

Postby AndyA » 29. Aug 2019, 13:19

OK, I'll seek a reply in a Windows server forum.

regards, AndyA
AndyA
 
Posts: 6
Joined: 24. Aug 2019, 15:27

Re: pfSense or a server's own routing?

Postby scottgus1 » 29. Aug 2019, 13:29

Good you got pings both ways on WAN & LAN! Now that the Virtualbox "infrastructure" is working, you should be able to find out all the Windows-ish configuration on that Windows forum. Have fun!
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
 
Posts: 4262
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Win7


Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: Google [Bot] and 20 guests