[SOLVED] Normal bridge along with pfsense install

[blueduckdock]

Trying to figure out how to do this....
I have some VMs that I want accessible and manageable via my normal subnet (say 192.168.1.1) for which I have configured. Others I want behind a pfsense install (as part of a real test lab). So basically I need two bridges and then the internal DMZ if you'll call it that. So this is what my interfaces looks like-

auto lo
iface lo inet loopback

iface eth0 inet manual

##for normal bridge mode on the same subnet
auto vmbr0
ifacevmbr0 inet static
address 192.168.1.15
netmask 255.255.255.0
gateway 192.168.1.1
bridge_ports eth0
bridge_stp off
bridge_fd 0

##for pfsense wan link
auto vmbr1
iface vmbr1 vmbr1 inet static
address 10.0.0.2
netmask 255.255.255.0
gateway 10.0.0.1
bridge_ports eth0
bridge_stp on
bridge_fd 0

##for pfsense internal network/lan
auto vmbr2
iface vmbr2 inet manual
bridge_ports eth1
bridge_stp off
bridge_fd 0



This is the basic guide I followed- http://nowell.svaquila.us/?p=93

I figured that eth0 is obv the physical NIC and vmbr0 is already my bridge. I thought I could just add a secondary interface to act as the "WAN" for pfsense (mimicing vmbr0) and then add a separate interface for the internal network. Not sure what that should point to for bridge (is it eth0 or eth1?) or if it's all set up right. So far it's no dice.

I changed it up for pfsense and have vmbr0 as the WAN and vmbr2 as the LAN but no dice on the LAN handing out addresses.


Edit- apparently changing the pfsense NICs to vmbr0 and vmbr1 and then the guest guest (inside the internal net) to vmbr1 instead of 2 has solved my problems with that but now that network is completely 10.0.0.0 for all guests. Kinda lost still

 

[blueduckdock]

Think I got it- and now that I think about it it should've been easy to conceptualize from the start.

*NOTE*- easy method to do this below- do that instead of modifying the file below.

Copy of my /etc/network/interfaces


auto lo
iface lo inet loopback

iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.60.15
netmask 255.255.255.0
gateway 192.168.60.1
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1
inet manual
bridge_ports none
bridge_stp off
bridge_fd 0


Assign both vmbr0 and vmbr1 to your pfsense box. vmbr0 will be your WAN (so it gets an IP from your main router- something like 192.168.60.5) and vmbr1 will be your LAN (which is isolated because duh- pfsense is handling all your networking here.)

The fun is that you can assign things both to your main network and then things to your private network- vmbr0 to any VMs you want on the main net and vmbr1 to any you want behind the private net (that runs behind pfsense.)

And the kicker...to do ANY of this beyond a typical install- just add an interface via the GUI (Linux bridge) and do nothing but give it a name (here it's vmbr1.) That is it. Reboot (or just restart networking on your host) and it'll come up just fine.

Hope this helps someone in the future. Super super easy now that I understand what is going on.
You can go wild from here- add more interfaces and add them to pfsense as OPT1, 2, 3, etc. or add more and spin up multiple private networks behind 10 different pfsense installs.