PfSense in a VM and 10g NIC ?

Fritz

Well-Known Member
Apr 6, 2015
2,152
508
113
66
Was the C7 attached to the cable modem wan port before the server? If so, did you release the C7 dhcp lease before plugging in the server to the cable modem?

When I've switched routers on Comcast, the new router would not immediately obtain a new IP address until I released the dhcp lease on the old router or until the lease on the old router expired.
If you mean did I power cycle the modem, yes, several times and often. It's just a dumb modem with no routing capabilities at all. Motorola SB6141.
 

Fritz

Well-Known Member
Apr 6, 2015
2,152
508
113
66
Just a suggestion from someone who's new to pfSense as well...I noticed on 2.3.1, when I made a lot of changes and applied them, sometimes things got "wonky" until I rebooted the actual pfsense router.

Also, double check you are looking at the correct physical ethernet ports for WAN and LAN.
I have PfSense running in a VM and restart it every change I make. And you do have a point about knowing which port is which. There really should be a straight forward way of determining this. I made sure I had it right by plugging each cable into the switch one at a time. The one that pulled a local IP on the WAN is the one that's plugged into the cable modem. (The other being the LAN, static 192.168.1.1). :)
 

Continuum

Member
Jun 5, 2015
77
24
8
43
Virginia
Had another device been attached to the sb6141 before the pfsense vm? In my experience with Comcast, if another device has been previously plugged into the cable modem and had obtained an IP address via dhcp, power cycling the cable modem is sometimes insufficient. What has always worked for me when replacing a router or firewall attached to the cable modem is to release dhcp IP lease on the device to be replaced and then attach the new device.

If you did not have a device attached to the cable modem before the pfsense vm, the above does not apply.
 
Last edited:

RobertFontaine

Active Member
Dec 17, 2015
666
148
43
53
Winterpeg, Canuckistan
I noticed the opencompute boards have 2 onboard 1gb and 1 onboard 10gb nic. I've been thinking this would be just about perfect for a router vm if I added a small 10gb switch for the lan. Still kind of interested in infiniband but by the time I get my lab built 10gb ethernet will probably be even cheaper and easier. All we need is a cheap quiet switch.
 

NetWise

Active Member
Jun 29, 2012
599
131
43
Edmonton, AB, Canada
That is the location and method I was referring to as well. We seem to be on the same page.

Do you have a v1 VM? Or is the VM running?


Sent from my iPhone using Tapatalk
 

Fritz

Well-Known Member
Apr 6, 2015
2,152
508
113
66
BUMP :mad:

I still cannot get PfSense to pull an IP from my Comcast modem. i set both MACs to static (their burned in MACs) and still no joy. I even swapped the Archer C7 out for a Asus RT66u to see if the problem was in the modem but it gave the Asus an IP without a hitch so the problem is with PfSense. Surely someone knows what the secret is?

And btw, PfSense shows the WAN as up with an IP of 0.0.0.0
 

whitey

Moderator
Jun 30, 2014
2,770
866
113
38
If you mean did I power cycle the modem, yes, several times and often. It's just a dumb modem with no routing capabilities at all. Motorola SB6141.
I have an IDENTICAL setup, moto sb6141 tied to comcast, no issues here, only thing different is I am using vSphere for hypervisor layer, two vSwitches (one for WAN, one for LAN) hope you got this sorted out...been playing 'catch up on the forums today' since work has been murderous lately.

Are you able to perform any tests w/ phys HW w/ pfSense loaded to validate/rule-out if it's virt/Hyper-V layer/mis-config?
 

tullnd

Member
Apr 19, 2016
57
7
8
USA
BUMP :mad:

I still cannot get PfSense to pull an IP from my Comcast modem. i set both MACs to static (their burned in MACs) and still no joy. I even swapped the Archer C7 out for a Asus RT66u to see if the problem was in the modem but it gave the Asus an IP without a hitch so the problem is with PfSense. Surely someone knows what the secret is?

And btw, PfSense shows the WAN as up with an IP of 0.0.0.0
Ok, so your WAN port is not pulling an IP. First...plug in your Asus or C7 from their LAN port to the WAN on the PFsense box. The WAN port should pull a local LAN IP from their DHCP pool. If it's still not pulling the IP, you have a hardware or config issue.

Verify all settings for the WAN port for IPv4 are set for DHCP and such. If you're convinced they're all correct, try re-assigning the ports. Switch LAN and WAN assignments. Does WAN start working(you'll have to do this via console over IPMI maybe) but LAN now won't lease? Then it's hardware.
 

Fritz

Well-Known Member
Apr 6, 2015
2,152
508
113
66
Plugged the WAN cable into the C7 and it did not pull an ip from it either so something must be wrong with my config.

In Hyper V I have two switches, i340 and i340 #2

In PfSense I have both i340 and i340 #2
 

RobertFontaine

Active Member
Dec 17, 2015
666
148
43
53
Winterpeg, Canuckistan
I was struggling with vmware worktstation pro and windows 10 last night trying to figure out how/if it was possible toi
Pass my cable modem IP through to pfsense on a vm and have the metal use the subnet provided by pfsense.

After a couple of hours I gave up and decided to do real work. Is this possible and are there directions for monkeys somewhere on the net?
 

Fritz

Well-Known Member
Apr 6, 2015
2,152
508
113
66
I give up. Deleted the PfSense VM and called it quits. I wasted way too much time trying to sort this out, time to move on. Next step is to put it in it's own box.
 

RobertFontaine

Active Member
Dec 17, 2015
666
148
43
53
Winterpeg, Canuckistan
Did a fair number of hours of reading and youpoop videos last night. The answer appears to be "No" using VMWare Workstation. There isn't a virtual switch that can speak to the metal with the base instal.

With ESXi on the other hand it would work just fine. Once I have a separate server I will put the pfsense on there.
 

mikesm

New Member
Mar 3, 2013
20
1
3
Plugged the WAN cable into the C7 and it did not pull an ip from it either so something must be wrong with my config.

In Hyper V I have two switches, i340 and i340 #2

In PfSense I have both i340 and i340 #2
I have this running and working very nicely on one of my dual proc E5-2670 boxes. I have one NIC dedictaed to the cable modem, and the other going to a switch with a number of VLAN's active on it, all using vmware ESXi 6.0U1.

There is a pretty good guide out there by Calvin Bui (he writes a lot of good stuff): Part 1: Install pfSense on ESXi 5.5 - Calvin Bui

And then on VLAN configs he has a nice guide here: VLAN on VMware, pfSense and a Switch - Calvin Bui

Its been very stable since I set it up. I highly recommend this config, esp since you can throw a fair amount of CPU at pfsense so it can run a capable IDS like Suricata.

I do not have failover working between different hosts - I don't have a static IP from Comcast. But that is doable if you have such a config from your ISP.

I highly recommend pfsense. I have no experience with hyper-V, but the concepts that work in ESXi should generalize. I try and avoid MSFT products wherever I can.

Thx
Mike
 
  • Like
Reactions: epicurean

RobertFontaine

Active Member
Dec 17, 2015
666
148
43
53
Winterpeg, Canuckistan
Avoiding Microsoft in favor of VMWare seems similar to not liking sql server licensing so choosing oracle ;).
The Xen Project seems to have some legs on the open source track but I have landed on ESXi as well. VMUG seems like a tenable "solution" to licensing for now.
 

Fritz

Well-Known Member
Apr 6, 2015
2,152
508
113
66
I've always been CLI challenged and have never been able to make sense of Linux CLI gibberish so I'm stuck in the Windows world. :(