Frames being sent out remain untagged, so they'll go to the untagged VLAN on the physical switch. However (poorly documented): in Windows, both VMXNET3 and E1000 will - by default - receive all frames from all VLANs but both will also remove all Q tags. I've done a bit of research/testing as I was trying to set up decent packet capturing: as documented, VGT (port group with VLAN ID 4095) forwards all VLANs from a vSwitch (and probably dSwitch as well) to the VM. What could we have missed? The biggest confusion we have is on the VXRail ESXI setup but any correction on pfSense setup is also welcome.
We've added a firewall rule to allow all traffic on Interface152 and logged everything but we cannot see any traffic being accepted or rejected. It's like there is no communication between them at all. The default gateway cannot ping that machine. Issue is, after doing all this, the protected machine cannot ping its default gateway. We then assign the protected machine an IP of 192.168.152.10 with a default gateway of 192.168.152.1. The NIC is based on a host network that has a VLAN tag e.g. We then create a machine that will be protected by the firewall. We then add an interface based on this VLAN and give it an IP of 192.168.152.1 This VLAN is sitting on the Trunk we've created above. The NIC should be the Port Group we've created above.Īfter that we create a VLAN on pfSense and add a VLAN ID. To create a trunk on pfsense is basically adding the NIC to the pfsense VM. To our understanding, this Port Group is what we will attach to pfsense Trunk so that it is able to "read" all the VLAN tagged traffic? we've setup a distributed port group? of VLAN Type VLAN Trunking and with VLAN IDs 0-200: We've followed the guide here to setup a Distributed vSwitch in VxRail. One is the WAN that will be used by the "Outside World" to communicate to servers within the ESXI environment and the other is a Trunk that should then connect to all the VLANs protected by the pfSense box. Web Server, Database Server, the VMs are setup to be in different VLANs.Īs such, we've setup pfSense with two interfaces. Traffic between machines within the same box also need to go through the firewall. The target configuration is that to access any machine within this box, you need to go through the Firewall. Were setting up a pfsense box as a virtual machine inside a VMWare ESXi 6.0 environment ( inside a VXRail hyper-converged Box).
0 kommentar(er)
