Installing pfSense in VMware under Windows

From PFSenseDocs

This article is part of the HOWTO series.

NOTE: You probably just want to skip this and get the PfSense VMware Appliance.

Contents 1 Overview 2 Assumptions 3 Windows configuration 3.1 Configuring the main network connection 3.2 Configuring second network connection 3.3 Configuring further network connections 4 VMware network configuration 5 VMWare guest VM creation 6 Guest VM network additions 7 What's next? Installation and configuring

Overview

While running under VMware can be less secure than running on a physical machine, for home use or testing in particular it can be a good way of running pfSense that avoids the need to have yet another PC powered on all the time.

If you are going to do this, it is better not to have pfSense (and its host machine) directly exposed to the internet - it is better to have it behind a router or a simple firewall (or even just a NATing modem).

This way of running pfSense also allows you to run other VMs that are directly connected to the modem / router if you want to do this. I use this approach to upgrade pfSense by cloning the current version and then upgrading it. You can then quickly and easily run the upgraded version or the original version by just shutting down 1 VM and starting up the other.

This diagram outlines the setup that this page will describe. The first connection (right hand one on the diagram) is the main network connection, and the host machine uses this for communication with other computers on the internal network. Windows will have an IP address and other services enabled (such as file sharing) that you use to access the host machine as a standard windows computer.

The next connection (middle on the diagram) is the connection to your router / modem to the internet. This connection should be disconnected from all normal windows services (including TCP/IP). It should physically be connected only to your router / modem.

The final connection (left of the diagram) is for a second router / modem. If you only have 1 internet connection you don't need this, alternatively if you have more than 2 you can add further connections here. (Being able to properly share and easily setup 2 internet connections was why I first started using pfSense)

Assumptions

• You have a computer already running Windows server 2003 or Windows XP.
• The computer has 2 network connections available (3 of you have 2 internet connections).
• VMware is installed and running on the computer (I use VMware server).
• You know how to configure and manage Windows networking for anything straightforward.
• You have downloaded the pfSense iso image.

Windows configuration

Configuring the main network connection

The first connection is the host computer's connection to the internal network. It is configured with the normal windows services you need to use and with VMWare bridge protocol. This will normally have been set up by installing VMWare. This figure shows the settings on my host computer.

Configuring second network connection

The second connection is used to connect only to internet router / modem. In windows it is only connected to VMware bridge protocol and all other (windows) services are disabled on this interface. I'm not sure how good windows is at this area, but it should stop anyone being able to get at the host machine via this network connection.

Configuring further network connections

If (like me) you have 2 separate internet connections, then you will want one more physical network connection. This will connect only to your second internet router / modem. As for the first internet connection, this is connected only to VMware bridge protocol. Use the same settings as the section above.

VMware network configuration

In the Host Virtual Network Mapping tab (accessed from VMware Server Console, Host - Virtual Network Settings), you need to set up further VMware networks, one for each Internet connection. Don't change the VMware networks already set up, add the new one(s) you require starting at VMnet2. Use the drop down list at the right hand side to allocate the VMware networks to physical network connections.

Once you are done, it should like something like this (There are two additional connections here, one for each Internet ADSL line.

VMWare guest VM creation

Now that the network connections are setup, it's time to create the new VM.

1. start the new VM wizard using File - New - Virtual Machine or Ctrl-N
2. On the second page, choose Custom Configuration
3. Check Other guest operating system, and select FreeBSD from the drop down list
4. Choose a suitable name and location for the VM
5. uncheck keep it private
6. Set Use Local System Account in startup / shutdown options, and set Power on Virtual Machine on host start up
7. Set the number of processors (if you have the option - I only set it to 1)
8. 256Mb RAM is more than enough in my experience (unless you run lots of extras)
9. leave the network type at Use Bridged Connection
10. leave I/O adapter type to default
11. Make sure Create a new Virtual Disc is set is set
12. leave disc type alone (mine defaults to IDE)
13. 6Gb is plenty of space unless you want to use squid or some other service that will need lots of disc space, and you may as well allocate disc space now to avoid future hiccups
14. The VM is now created and entered in the inventory.

Guest VM network additions

1. Right click on you new VM in inventory and select settings - we're going to add the extra network connections
2. Click the Add button and click Next in the wizard
3. Select Ethernet Adapter and click Next
4. Select Custom and select VMnet2(Bridged) for your first internet connection (or VMnet3 for the second one)
5. Click Finish to complete the additional hardware
6. Repeat for each additional internet connection you use.

Your Virtual Machine settings should now look something like this.... Before you start the VM, you can tweak the settings to make it run better under VMWare. You can't do this through the GUI, but the setup here: [1] shows how to do this. It is better to do this before you build the VM, if you do it later you have to re-setup the interface assignments.

What's next? Installation and configuring

Point the CD-ROM at the ISO image of pfSense. Your VM is now ready to build.... Start up the VM and use these Installing_pfSense.

Ignore the first parts about BIOS setup etc. Now you can carry on. Use the setup guide most appropriate to you.