Hello, I want to create a network of several virtual machines and configure a pfsense firewall.
I need this for a virtual penetration testing laboratory.
Since the pfsense firewall requires two or more network interfaces to install, I created a second virtual interface according to the instructions:
The network diagram I want to configure is:
sys-net → pfsense ↔ [1-os ↔ 2-os ↔ 3-os]
pfsense network-interface (NET-VM):
xn0 - WAN : IP Static 10.137.0.30/32. Gateway (sys-net)
xn1 - LAN : IP Static 10.137.100.100/32. Gateway : 10.137.100.0
1-os network-interface:
IP Auto QubeOS 10.137.0.11/32. Gateway : 10.137.100.100
2-os network-interface:
IP Auto QubeOS 10.137.0.12/32. Gateway : 10.137.100.100
3-os network-interface:
IP Auto QubeOS 10.137.0.13/32. Gateway : 10.137.100.100
As a result I get:
pfsense has access to the Internet.
1-os/2-os/3-os without access to the Internet and do not have a network with each other.
What I want to receive:
Connect all three virtual machines into a network.
Be able to isolate any virtual machine from the network and from the Internet using the pfsense firewall.
What am I missing? What am I doing wrong ? Please help, I have no strength anymore.
I’ve read the documentation.
All my virtual machines that are used in this sechem (HVM), including pfsense (NET-VM).
Therefore, the (iptables) rules are not relevant for them.
To make it clearer to you what I’m talking about, I’m attaching a link to the documentation =) :
To achive this, your pfsnse should be a proxyVM (which provides network)
Then simply attach this as a network Qube to your desired AppVMs.
But, because the pfsense has no qubes tools inside, you might have to configure the (dynamically added) interface IP’s manually… and it might be non-persistent.
I’m not sure why you specifically prefer pfsense, as what you want:
Be able to isolate any virtual machine from the network and from the Internet
can be much more easily achived by the standard Qubes Firewall.
