Pfsense as a NAT Gateway
Use the instructions below to work with Private Node groups through Pfsense
Prerequisites
To be able to use Pfsense as NAT Gateway for Cluster on VKS system, you need:
A Pfsense server (VM) is initialized on the vMarketPlace system according to the instructions below with the following configuration:
Item | Configuration |
Flavor | 2x4 |
Volume | 80 GB |
VPC | 10.3.0.0/16 |
Network Interface 1 | 10.3.0.3 |
Initialize Pfsense
Step 1: Visit https://marketplace.console.vngcloud.vn/
Step 2: At the main screen, search for Pfsense , at Pfsense service , select Launch .
Step 3: Now, you need to configure Pfsense. Specifically, you can select the desired Volume, IOPS, Network, Security Group . You need to choose the same VPC and Subnet as the VPC and Subnet you choose to use for your Cluster. In addition, you also need to select an existing Server Group or select Dedicated SOFT ANTI AFFINITY group so we can automatically create a new server group.
Step 4: Proceed to pay like normal resources on VNG Cloud.
Configure parameters for Pfsense
Step 1: After initializing Pfsense from vMarketPlace according to the instructions above, you can access the vServer interface here to check whether the server running Pfsense has been initialized. Next, open the Any rule on the Security Group for the Pfsense server you just created. Opening the Any rule on the Security Group will allow all traffic to the Pfsense server.
Step 2: After the server running Pfsense is successfully initialized . To access the Pfsense GUI, you need to use the IP address of the External Interface to log in with the default Username and password admin/pfsense.
To get this IP information, go to the Network Interface section of Pfsense to view the information
Step 3 : Open the rule on the firewall
Proceed to Add rule
You can open the rule as below to access the GUI using External Interface .
Attention:
You should limit the IP Range allowed to connect to the Pfsense GUI to limit users allowed to access the Pfsense GUI.
Select Save
Then select Apply changes
Step 4 : Proceed with General Setup , please do as below
Configure WAN Interface
Change password in GUI
Proceed to reload
General Setup completed
Step 5: Configure LAN Interface
Go to Interfaces -> Assignments to add a LAN Interface
Click Add
Then click Save
Go to Interfaces -> Assignments to enable LAN Interface
You make the configuration as below
Configure IP for LAN
Then proceed to Add a new gateway: enter Gateway for LAN Interface
To get this IP information, go to the Network Interface section of the Pfsense server to view the information:
Proceed to Save again
Step 6 : Review configuration information
Step 7 : Open the Internet outbound rule for the LAN interface
At source, select the IP range that is allowed to go out to the Internet
Step 8: Configure NAT so that vServers can go out to the Internet
Go to Firewall -> NAT
Select NAT mode then proceed to configure NAT
Click Add to add the rule
Select source , destination NAT
Initialize Route Table
After Pfsense is successfully initialized and configured, you need to create a Route table to connect to different networks. Specifically, follow these steps to create a Route table:
Step 1: Visit https://hcm-3.console.vngcloud.vn/vserver/network/route-table
Step 2: In the navigation menu bar, select Network Tab/ Route table.
Step 3: Select Create Route table.
Step 4: Enter a descriptive name for the Route table. Route table names can include letters (az, AZ, 0-9, '_', '-'). The input data length is between 5 and 50. It must not include leading or trailing spaces.
Step 5: Select VPC for your Route table. If you do not have a VPC, you need to create a new VPC according to the instructions on the VPC Page . The VPC used to set up the Route table must be the VPC selected for your Pfsense and Cluster.
Step 6 : Select Create to create a new Route table.
Step 7: Select the newly created Route table then select Edit Routes.
Step 8: In the add new Route section , enter the following information:
For Destination, enter Destination CIDR as 0.0.0.0/0
For Target, enter Target CIDR as the Pfsense Network Interface 2 IP address.
For example:
Checking connection
Proceed to ping google.com or 8.8.8.8 to check
Before Enable NAT the server could not access the internet
After configuring NAT, ping 8.8.8.8 to check
Last updated