pfsense passthrough nic - access to host

[AnttiA]

Hello everyone,

 

here's the actual status:

my unraid server is connected to a switch that has 8x1Gb ports and 2x10Gb ports.

Currently, the server is connected to the switch with a 1Gb connection (motherboard integrated NIC)

I put a dual 10Gb NIC (X550-T2) inside my unraid box to make a pfsense VM. the NIC is passed through, so it's not visible from the host, and my pfsense config is working ok (1 WAN -> to my ISP router / 1 LAN -> to a 10Gb port of my switch)

 

How can I access the host, shares .. though the 10Gb pfsense LAN port ? If I disable my motherboard integrated NIC, i can't access the host anymore, nor my shares (wich seems to be normal i guess)

Sorry for this dumb question, I'm confused with this network concept !

 

 

[iTHiNDiL]

Hi,

 

I'm also working to deploy a VM with pfsense with a PASSTHROUGH NIC and was wandering the same question, it is possible, so I can disable the onboard LAN and have a direct connection between pfsense and my containers to avoid traffic through the switch to come back again to the host?

 

Thanks

[iTHiNDiL]

No one knows anything about the question?

[jortan]

On 1/18/2021 at 1:14 AM, AnttiA said:

How can I access the host, shares .. though the 10Gb pfsense LAN port ? If I disable my motherboard integrated NIC, i can't access the host anymore, nor my shares (wich seems to be normal i guess)

 

You don't need to disable the on-board NIC.

 

You can re-order them in Settings / Network Settings under "Interface Rules" (at least you can in unRAID 6.9, not sure how recent this feature is).  Here I have reordered my interfaces, so upon rebooting, my 10GBe (mlx4_core) is assigned whatever network settings I have configured for eth0:

 

 

If you get stuck, you can edit these assignments manually at /boot/config/network-rules.cfg

 

What's your use-case for virtualising pfsense?  Losing internet access/dhcp/dns every time your unraid server is down or rebooting is far from ideal.  I would strongly recommend a small/low powered but dedicated machine for pfsense if at all possible.  If you have a managed switch, you can even run this on hardware with a single network adapter.

 

 

[Hakabe]

On 1/17/2021 at 4:44 PM, AnttiA said:

Hello everyone,

 

here's the actual status:

my unraid server is connected to a switch that has 8x1Gb ports and 2x10Gb ports.

Currently, the server is connected to the switch with a 1Gb connection (motherboard integrated NIC)

I put a dual 10Gb NIC (X550-T2) inside my unraid box to make a pfsense VM. the NIC is passed through, so it's not visible from the host, and my pfsense config is working ok (1 WAN -> to my ISP router / 1 LAN -> to a 10Gb port of my switch)

 

How can I access the host, shares .. though the 10Gb pfsense LAN port ? If I disable my motherboard integrated NIC, i can't access the host anymore, nor my shares (wich seems to be normal i guess)

Sorry for this dumb question, I'm confused with this network concept !

 

 

As you said, you have passed through the Dual 10Gb NIC to a VM. VM doesn't "know" anything else than its own existence thus able to serve the host (UnRaid server, as it's not physically connected to it). You need to add virtual NIC to the VM and via that the host can communicate with the pfSense VM. 

See the following thread for more info:

FYI: If you're running UnRaid on trial basis and you reboot your server, the arrays and firewall VM won't be started automatically. This is due the limitation where the UnRaid will start to fetch your trial license status from the Internet, and because the routing is based via VM, it wont be able to do so.

Edited April 10, 2021 by Hakabe