This is just a short little sorta how-to on configuring pfSense on a virtualBox virtual machine utilizing Xubuntu as the host with two network cards. I utilized the cheapest oldest laptop that was available, a Sony PCG-4A1L. This system has a humble 1Ghz processor, 512Mb of RAM and a 40Gb hard drive. Sadly, this system’s processor doesn’t have PAE support so I had to utilize an older version of OS, specifically 12.04LTS. After installing Xubuntu, I set about installing the new hardware. I used this USB network adapter from dealextreme (as I only use the most extreme components). Fortunately, the adapter’s price didn’t break the bank ($4.80). Unfortunately, it isn’t autosensing for cabling so actually remembering to use a crossover was an issue at first.
Now that the host system was generally configured, I installed virtualBox and downloaded the pfSense virtual machine image (http://www.pfsense.org/index.php?option=com_content&task=view&id=58&Itemid=4/). This was a fairly straightforward process with only configuring how much RAM was allotted to pfSense and configuring the network adapters for bridged mode. The more complicated process was getting pfSense and the host machine to utilize the network adapters in the manner I desired. One adapter would only be used by the VM to access the WAN and the other would have two addresses on the same subnet for the LAN, a statically assigned address for the VM and a DHCP address for the host machine so that its packets would be routed through the VM. After an intense session of Googling (hey Google, I’m genericizing your trademark) which failed to yield the desired information, I ended up doing things the hard way via trial and error. All that was actually necessary was to edit the ethernet adapter for the WAN connection in the host so that it was not managed by the host. In this case, that was unchecking the “connect automatically” checkbox. I tested the functionality by using a shared connection from my main laptop that was connected to the wi-fi router.
Before continuing, I entered option 14 from the pfSense menu to enable SSH logins. As this setup is destined to be headless, it is useful to be able to SSH into the VM which, by default, shows the same thing as the monitor would anyway. Of course, enabling SSH is opening the system to attack just like enabling any service or opening any ports.
Once the physical and logical connectivity were complete, it was time to get pfSense running on headless on startup. A quick Googling yielded a near answer at http://askubuntu.com/questions/57220/start-vboxheadless-vm-at-startup with a script that was only slightly out of date. A quick review of the error message and a review of the current VBox commands yielded the answer. The line
sudo -H -b -u $VMUSER /usr/bin/VBoxVRDP -s "$VMNAME"
was out of date and /usr/bin/VBoxVRDP should be /usr/bin/VBoxHeadless. Having corrected that and added the script to be executed on startup and shutdown. The system was in need of actually being configured to do something.
Just like Security+ is pretty much useless, this virtual machine wasn’t able to route, serve DHCP addresses, or perform firewall and proxy duties. Setup of pfSense is done largely through a web browser with a limited set of options from a menu prompt (although one menu option is to access a full openBSD command prompt). While this has been so much not sarcastic fun, further configuration will have to wait for the next thrilling installment.
Shoutout to Wiz(!) and S+ auditors.
No comments:
Post a Comment