Protect Windows with pfSense and VirtualBox. Part 5: Configuring VLANs. Removing Windows’ TCP/IP stacks

Time to move to the next step: configuring pfSense, so we can make sure that we are going to have connectivity once we strip our physical NIC from its TCP/IPv4 and TCP/IPv6 stacks. Mind you, in this part I will discuss only the minimal configuration required in order to have Internet connectivity, as this is not a tutorial about advanced pfSense operation. You should refer to the official documentation for that.

  1. You have installed pfSense. After the VM restarts, click inside the window and then press F1 to boot. Then in the welcome screen type in 1 in order to boot pfSense:

  1. Setting the virtual LANs. When asked if you want to setup the VLANs type in y and Enter:

  1. Now, as you can see in the next screenshot, you have to tell pfSense which of the two NICS is the WAN interface and which one is for LAN. In what follows I will set em0 for WAN and em1 for LAN (as that is how we have set the interfaces in VirtualBox at points 4 and 5). If you get mixed up about which one is which, just compare the MAC address displayed by the pfSense installer with that in VirtualBox Manager. Whatever you do, just make sure that the WAN interface is the one bridged to your physical NIC, whilst the LAN interface is the one which is bridged to Microsoft Loopback Adapter:

  1. Enter the parent interface name for the new VLAN (or nothing if finished): em1

Enter the VLAN tag (1-4094): 20

Enter the parent interface name for the new VLAN (or nothing if finished): em0

Enter the VLAN tag (1-4094): 10

Enter the parent interface name for the new VLAN (or nothing if finished): just press Enter:

Enter the WAN interface name or ‘a’ for auto-detection: em0.

Enter the LAN interface name or ‘a’ for auto-detection: em1.

Enter the Optional 1 interface name or ‘a’ for auto-detection (or nothing if finished): just press Enter.

  1. You’ll have to confirm the assigned interfaces, so when asked if you want to proceed, type in y and then Enter:

  1. The system will apply the changes, after which it will display the typical pfSense console. If you didn’t mess up the WAN vs. LAN interfaces, you should be able to see the WAN NIC having an IP assigned from your physical network:

Done! Now you can start doing some basic configuration, such as setting a password, but the real thing is yet to come: the friendly web interface is what is going to be needed in order to configure pfSense.

  1. If you’ve installed and configured the VM correctly during the previous step, you should now be able to access the web interface. You do that by typing the IP of pfSense’s LAN interface in your web browser (you should be able to reach it, as it is bridged to the Loopback adapter). Ignore any security certificate related warnings:

  1. In the next window use the default credentials to login in into the administrative interface. User: admin, password: pfsense

  1. Now you’re in the main window: the dashboard. Update pfSense if needed (also, don’t forget to change your login credentials):

  1. Click on Services > DHCP Server. Make sure that the check box Enable DHCP server on LAN interface is ticked. The system should have created the default settings for the DHCP service:

  1. Now you should be good to go. Go to your Network and Sharing Center in Windows, Click on Change adapter settings on the left, then in the main window identify your physical network card and right-click on it (since we talk about a laptop, it is most likely a wireless card, but you can apply further what you’ve learnt in this tutorial and protect all your connections; only don’t forget to add more interfaces in pfSense). Click Properties, and then uncheck the boxes for Internet Protocol Version 6 and Internet Protocol Version 4:

And that is basically it. Open you browser of choice and navigate to whatever page. It should work, although the first time Windows will tell you in Network and Sharing Center that it has no internet connection. Don’t forget, if you want to be completely secure, you need to learn how to configure pfSense. Maybe in the future I will come back with some more tips and tricks on that subject.

<<Part 4: Installing and configuring pfSense on VirtualBox

Part 6: Running VirtualBox headless. VM auto save state/resume>>

About Manuel Timita

Passionate about both human and IT systems. More curious than a cat, yet hoping to dodge its proverbial fate for a while.
This entry was posted in Hacks, Tutorials and tagged , . Bookmark the permalink.

5 Responses to Protect Windows with pfSense and VirtualBox. Part 5: Configuring VLANs. Removing Windows’ TCP/IP stacks

  1. Ravnos says:

    wow, nice one ! I use pfSense a lot but never thought about using it this way, I will try that out when I have time, thanks for sharing this

  2. Manuel Timita says:

    It can get even better: using it not only as a firewall, but also as a proxy (with Squid) to filter and clean your web traffic. Tutorial coming soon

  3. koss says:

    Hi, thank you for the tutorial! but I’m stuck in step 6. my wan says:
    WAN NONE (DHCP)
    LAN 192.168.1.1
    I’m quite confused. and I have few questions:

    there is a “VirtualBox Host-Only Network” with ip 192.168.56.1 when I installed vbox
    the ip 192.168.1.1 is already in use, it my default gateway for internet so should I change this ip? to which one?

    my lookback adapter’s ip is 192.168.1.100, should I change LAN ip to this?

    my laptop has the ip 192.168.108.

    I have changed them to .56.x and I can ping all ips, but just can’t access the web application

    can you help me?

  4. Sam says:

    @Koss
    Hey I know this is a little late but for other people.
    You need to change your IP in pfsense for LAN to 192.168.2.1 or if that ones used up another one like 192.168.3.1 etc….

    Then you need to change the ipV4 Ip settings for the Loopback properties to
    IP address: 192.168.2.100 (or equivalent subnet)
    subnet mask: 255.255.255.0
    gateway: 192.168.2.1
    you can leave dns blank

    Then type in 192.168.2.1 in your browser and the pfsense screen should show

  5. Sam says:

    @Sam

    Actually I lied you have to set the dns settings in your loopback adapter properties. When I unchecked my ipv4 and ipv4 of my non-loopback adapter I was disconnected from the internet until i added the dns settings

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>