How to Set up VirtualBox Host, ESXi 6 Guest, and pfsense nested guest

Recipe: How to Set up ESXi 6 (Guest) on VirtualBox (Host) on Windows with pfsense (nested guest)

Goal: Learn ESXi. Install pfsense to port-forward from a public ip using Microsoft Remote Desktop (computer:port) to private (isolated) guests

  1. Install Virtualbox on your Windows 64-bit computer
  2. In Virtualbox, create a new VM 64 bit guest by choosing Linux -> Red Hat 64
  3. Once created, assign 2 NICs to ESXi: Adapter 1: bridged (host-only works too) and Adapter 2: NAT (NOTE: The other types prevented networking my nested guests.)
  4. From another computer in the bridged vmnic0/Adapter1 network, open the vSphere client
  5. In vSphere (ESXi), create 3 Standard Switches: A (vmnic0 which is VirtualBox Adapter 1), B (vmnic1 which is VirtualBox Adapter 2), and C (no NICs thus creating an isolated network for pfsense Layer 3 routing) -- yes, the numbering is confusing!
  6. Note: VirtualBox has limitations when running another hypervisor: nested guests must be 32-bit only and have exactly 1 CPU.
  7. Install a 32-bit (64-bit won't work) pfsense guest on ESXi (technically a nested guest at this point) as usual, but after trying to turn it on, you'll need to fix the expected error about nested guests using VMWare's instructions
  8. Set pfsense's WAN to vmnic1/Adapter 2 (the B vsswitch from above) and LAN to the C vsswitch from above (note: A's purpose is to manage ESXi nor for its VMs)
  9. Create another 32-bit nested guest (I used XP for fun) with 1 NIC connected to the C vsswitch. Allow port 3389 (or whatever protocol you need) through that guest's firewall.
  10. From that new guest, log into pfsense http://192.168.1.1 with default credentials: admin / pfsense
  11. Create a Port Forward on pfsense.
  12. On pfsense's Firewall rules, allow private IP addresses to pass through.
  13. From the VirtualBox host, enable a port forward to the ESXi guest. I used local 3333 to 3389 guest. This allowed my host Windows computer to open Remote Desktop to localhost:3333

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.