Summary

This article provides information regarding "Cloud Networking" feature in MachPanel, that is Software Defined Network handling for pfSense and Hyper-V

Applies To

Applies to MachPanel version v8.2.50 and above.

Overview

MachPanel now supports integration with pfSense, enabling automated management of network services such as NAT, firewall rules, and IP routing for virtual machines via newly added "Cloud Networking" section.

This enhancement allows administrators to seamlessly connect MachPanel with pfSense to automate network configuration during VM provisioning and management.

Key Features

• Automated NAT rule creation
• Firewall rule management
• Integration with VM provisioning workflow
• Centralized network control via pfSense
• Reduced manual configuration effort

Pre-Requisites​

• pfSense Configuration Pre-requisites:
  • One time pfSense deployment and configuration is required on Hyper-V server / servers. This deployment will serve as a multi-tenant pfSense setup for all your customers hosted via MachPanel giving you and your customers total control, automation and cost saving..
    • Setup/Install pfSense on your Hyper-V Server. Review following KB article on pfSense Deployment & Integration Prerequisites (Hyper-V Environment)
• MachPanel Configuration Pre-requisites:
  • Dynamic IP Allocation for Private Pool IPs is required to be configured in MachPanel before configuring pfSense in MachPanel.
    
    • To do that, navigate to Virtual Machine Hosting > Server Group.
      
      • From the Options click Subnet Pools
      • Click Add Subnet Pool
        
        • Give Name
        • Choose Type to 'Private'
        • Choose the Allocation type to 'Dynamic'
        • Select Virtual Switch 'Tenants'
        • Give VLAN ID
        • Choose the checkbox 'Use for Single VPS Hosting Products', if you want to create this Pool for Single VM Plan.
        • Select 'All'
        • Click Save.

      ​​​​​

   ​

MachPanel Cloud Networking / pfSense Configuration

A new configuration section is introduced to connect MachPanel that allows you to add pfSense servers called the "Cloud Networking".

Add Server 

Click Add Server button to add your pfServer server details and associate the Server Group and customers:

• Give Server Name.
• Select Provider as "PfSense"
• Select the Server Group to associate pfSense with.
• Tick the checkbox 'High Available Member' (If you have HA Setup)
  • Choose Role
    • Master 
    • Slave
• Give your API URL and API Key. (How to configure pfSense API)
• ​Tick the checkbox to enable this Server.
• Click Save.

​Manage Interfaces​

 Next step is to configure or manage the "Interfaces" which are already configured in pfSense.

• The interface setup on your backend Hyper-V Server will be shown here.
• You can choose the interface and tick the respective 'Used For'  for particular interface. You can choose either of the shown interface types for any particular interface:
  • OTHERS (interfaces not designated for specific use, such as LAN or other interfaces)
  • WAN (interface designated for WAN)
  • Tenants (interface designated for TENANTS)
    • If tenants is selected then you have to select it for any particular customer or ALL.
    • ​

•   ​Click Save.

​Public IPs

To add Public IPs click Add/Edit Public IPs

• You can Select Server.
• Select the Interface
• Give list of Comma separated IPs
• Select the Subnet

• Click Save

Now you can Provision a VM for a specific customer.

Virtual Networks

Once VM is provisioned against a customer, you can navigate to "Add VNet" interface to Add Virtual Network against desired customers:

Select the Customer against which you have added VM, then Select your Server and Click Save.

You can also manage/Edit DNS for particular customer virtual network.

Aliases

To add Aliases navigate to below section and click 'Add Alias' against a particular customer.

• Select Customer
• Give Alias name
• Give Discription
• Choose Type
  • Host(s)
    • 
  • Network(s)
    • 
  • Ports(s)
    • 
• Later you can Edit, View or Remove any alias as well.
  • 

Firewall Rules

To add firewall rules to a specific VM of customer, navigate to below interface and click Add Firewall Rule

​

• Select Customer
• Select Interface that you have created for this customer
• Give Description
• Choose Action
  • Pass
  • Block
  • Reject
• Choose Protocol
  • Any
  • TCP
    • ​
  • UDP
    • ​
  • TCP/UDP
    • 
  • Source and Destination can be choosen upon your requirements 'Any or any specific Interface'
•   ​Click Save

You can also set the Priority as well.

Static DHCP Mapping

As in DHCP, the IP of VM might get changed automatically after every reboot. So, here you can assign Static IP for any particular VM of a customer so that it does not get changed after every reboot. To set you can navigate to below interface, it will show details about the VM of your customer.

• Click Assign Static IP
• Choose the IP you want to assign to the VM of customer as static
  • 
• ​Click Assign
  • 

NAT Rules

To add NAT Rules, you first have to assign Static IP to the VM. Then navigate to below interface and click Add NAT Setting

​

• Select Customer
• Give Description
• Enabled NAT
• The IP you have given as static will be shown in drop down
• Choose the Protocol
  • Any
  • TCP
  • UDP
  • TCP/UDP
• Choose the Source from drop down
• Select the Public IP to which you want to translate/map the private IP of this customer VM
• Click Save

​

​

  ​