Summary
This article provides information regarding SDN handling in Hyper-V using PFSense Integration
Applies To
Applies to MachPanel version v8.2.50 and above.
Overview
MachPanel now supports integration with pfSense, enabling automated management of network services such as NAT, firewall rules, and IP routing for virtual machines.
This enhancement allows administrators to seamlessly connect MachPanel with pfSense to automate network configuration during VM provisioning and management.
Key Features
- Automated NAT rule creation
- Firewall rule management
- Integration with VM provisioning workflow
- Centralized network control via pfSense
- Reduced manual configuration effort
Pre-Requisites
- Setup/Install PFSense on your Hyper-V Server. Review following KB article on PFSense Deployment & Integration Prerequisites (Hyper-V Environment)
- Dynamic IP Allocation for Private Pool IPs.
- Navigate to Virtual Machine Hosting > Server Group.
- From the Options click Subnet Pools
- Click Add Subnet Pool
- Give Name
- Choose Type to 'Private'
- Choose the Allocation type to 'Dynamic'
- Select Virtual Switch 'Tenants'
- Give VLAN ID
- Choose the checkbox 'Use for Single VPS Hosting Products', if you want to create this Pool for Single VM Plan.
- Select 'All'
- Click Save.
MachPanel PFSense Configuration
A new configuration section is introduced to connect MachPanel with pfSense.
Add Server
Click Add Server to add your server details:
- Give Server Name.
- Select Provider (PfSense), Server Group.
- Tick the checkbox 'High Available Member' (If you have HA Setup)
- Give your API URL and API Key.
- Tick the checkbox to enable this Server.
- Click Save.
Manage Interfaces
- The interface setup on your backend Hyper-V Server will be shown here.
- You can choose the interface and tick the respective 'Used For' for particular interface. You can choose either below for any particular interface
- Others.
- WAN
- Tenants
- If tenants is selected then you have to select it for any particular customer or ALL.
Public IPs
To add Public IPs click Add/Edit Public IPs
- You can Select Server.
- Select the Interface
- Give list of Comma separated IPs
- Select the Subnet
Now you can Provision a VM for a specific customer.
Virtual Networks
Once VM is provisioned against a customer, then to Add Virtual Network against this customer you can navigate to below interface and click "Add VNet"
Select the Customer against which you have added VM, then Select your Server and Click Save.
You can also manage/Edit DNS for particular customer virtual network.
Aliases
To add Aliases navigate to below section and click 'Add Alias' against a particular customer.
- Select Customer
- Give Alias name
- Give Discription
- Choose Type
- Host(s)
- Network(s)
- Ports(s)
- Later you can Edit, View or Remove any alias as well.
Firewall Rules
To add firewall rules to a specific VM of customer, navigate to below interface and click Add Firewall Rule
- Select Customer
- Select Interface that you have created for this customer
- Give Description
- Choose Action
- Choose Protocol
- Any
- TCP
-
- UDP
-
- TCP/UDP
- Source and Destination can be choosen upon your requirements 'Any or any specific Interface'
- Click Save
You can also set the Priority as well.
Static DHCP Mapping
As in DHCP, the IP of VM might get changed automatically after every reboot. So, here you can assign Static IP for any particular VM of a customer so that it does not get changed after every reboot. To set you can navigate to below interface, it will show details about the VM of your customer.
- Click Assign Static IP
- Choose the IP you want to assign to the VM of customer as static
- Click Assign
NAT Rules
To add NAT Rules, you first have to assign Static IP to the VM. Then navigate to below interface and click Add NAT Setting
- Select Customer
- Give Description
- Enabled NAT
- The IP you have given as static will be shown in drop down
- Choose the Protocol
- Choose the Source from drop down
- Select the Public IP to which you want to translate/map the private IP of this customer VM
- Click Save
