How to setup pfSense VMware on unraid OS with 2 NIC ports?


bi7l

Recommended Posts

Hello, so first of all i’m completely new to this type of stuff so please bear with me and a step by step guide would be appreciated.

 

so i want to run pfSense as a router on unraid as a vmware but the pc only has 2 nic ports, one is the main motherboard nic port and the other is a pci nic card with 1 port, i want to setup pfsense so that everything home traffic will go through that router and i also want to make it a vpn client i’ve got a wan cable coming in from the isp router that has a private ip address provided by the isp because it’s a carrier grade nat (CGN) type network. anyways so i don’t know if it’s possible to give access to both nic ports to pfsense how may i do that?

and how will unraid get internet access?

is there a way to make a virtual nic port between the pfsense vm and the unraid os so that unraid can connect to the pfsense router?

 

i’m really confused about all this networking stuff if someone could help me that would be great. if you have any questions about the setup just let me know

 

also here is the pc specs 

 

motherboard: dell optiplex 7010 

cpu: intel i5 3470

ram: 8GB 1333MHz

storage: 4TB hdd 

 

i really don’t care about performance i just want the thing to work 

 

 

Edited by bi7l
Link to comment
4 minutes ago, bi7l said:

 

is it at least possible to setup pfsense on unraid with only 2 nic ports?

Maybe, but I only remember seeing one person attempt it.

 

With 3 ports, IF you can pass the hardware for 2 of the ports through cleanly, IF the hardware is supported by pfSense, then it's doable with a full Unraid license. I personally run a pfSense VM with my 2 motherboard 1Gb ports passed through, and Unraid has exclusive use of a 10Gb PCIe card. The 10GB and the LAN 1GB for pfSense are plugged in to the same switch, and the 1GB WAN goes to the modem.

 

It's definitely NOT possible with a trial version of Unraid, because the trial version requires internet access to start the array and VM's.

 

IIRC @Ford Prefect was trying to help someone with the 2 nic setup, but I don't know if it ever got running.

 

I'm not familiar enough with other hypervisors to comment on the feasibility of doing it with other software.

Link to comment
2 hours ago, bi7l said:

so i want to run pfSense as a router on unraid as a vmware but the pc only has 2 nic ports, one is the main motherboard nic port and the other is a pci nic card with 1 port, i want to setup pfsense so that everything home traffic will go through that router and i also want to make it a vpn client i’ve got a wan cable coming in from the isp router that has a private ip address provided by the isp because it’s a carrier grade nat (CGN) type network. anyways so i don’t know if it’s possible to give access to both nic ports to pfsense how may i do that?

and how will unraid get internet access?

is there a way to make a virtual nic port between the pfsense vm and the unraid os so that unraid can connect to the pfsense router?

Yes, you could do that for LAN but I'd not recommend it.

Never, ever use a virtual NIC for WAN !!

If the second NIC is on a PCI(e) card, why not geht a DUAL or even QUAD ... a use i350-T4 is about 50EUR from a reputable seller, as a used, server-pulled part.

I'd recommend a "Fujitsu Quadport GBit Ethernet Adapter D3045-A11 GS1", which a genuine i350-T4.

 

2 hours ago, bi7l said:

i really don’t care about performance i just want the thing to work 

Don't worry, these things will come later...search for OCD ;-)

 

1 hour ago, JonathanM said:

With 3 ports, IF you can pass the hardware for 2 of the ports through cleanly, IF the hardware is supported by pfSense, then it's doable with a full Unraid license. I personally run a pfSense VM with my 2 motherboard 1Gb ports passed through, and Unraid has exclusive use of a 10Gb PCIe card. The 10GB and the LAN 1GB for pfSense are plugged in to the same switch, and the 1GB WAN goes to the modem.

THIS +1 !!

 

1 hour ago, JonathanM said:

IIRC @Ford Prefect was trying to help someone with the 2 nic setup, but I don't know if it ever got running.

Technically yes, but the real problem here is CGN behind the WAN port. VPN client should be possible, but not a VPN-Server (at least not that easy).

I'd recommend using a SDN-WAN solution, like zerotioer anyways.

 

 

Link to comment
  • bi7l changed the title to How to setup pfSense VMware on unraid OS with 2 NIC ports?
3 hours ago, bi7l said:

Okay but why do you not recommend it, will it decrease my speeds or is it for privacy reasons, 

...using that for WAN will definitely compromise your setup too easily

Also there is a good chance, if you are changing things in that network, the virtual NIC is attached to, that your MAC will be blacklisted by the ISP....leaving you in the dark.

For LAN (and WAN) the privacy risk is present as well, especially if you have Dockers with access from outside networks in that network path.

In general there is an increased risk for instability / unavailablity for these kind of links...especially when there is mixture of Dockers and VMs on the same unraid bridge.

 

Availability of your Internet Services is the one why I do not recommend such a setup (main router in a VM) at all.

When your unraid has a scheduled/unscheduled downtime, there most likely is low-to-zero tolerance for your site dropping off the internet.

In times of home-schooling and home-office, from friends and famaliy, relying on your services...in short, there is no WAF ;-)

 

3 hours ago, bi7l said:

and buying a dual/quad nic port card is not really an option for me right now but if there’s no choice i’d have to figure out a way to get my hands on one, but for now i’ll have to get it working with only 2 nic ports 

 

is there any guide you’d recommend for setting up the 2 NIC ports for pfsense vmware and the virtual lan for unraid 

because i have no idea how to use unraid and configure it, i’m quite new to all this stuff

There is some guidance around here for how to passthrough a NIC and the setup of pfsense in a VM for unraid.

For the LAN port, the setting is quite simple.

With two NICs, when unraid starts, it will allocate both into a bridge and enable an active backup bond.

So the first task is to remove one NIC (for later WAN) from that...this will happen automagically, when you follow the instructions to passthrough the NIC. There the first step is, to exclude its IOMMU group from the use by the unraid host, so it can be allowed to passthrough for a VM. Mind you, that your Hardware - both CPU and Chipset - must be capable and configured in the BIOS to allow this. unraid will tell you in the system info, if IOMMU is enabled/available.

 

After that, now with only one NIC left / seen in the unraid host, you create the VM with one NIC (the other) from passthrough and a second one (which will be created in the VM template by default) as a virtio/virtio-net model. 

Then assign WAN and LAN properly in the pfsense VM during startup. You will be able to distinguish these by the name/driver used. One one will be real, using the driver for your hardware NIC, the other will be virtual.

 

3 hours ago, bi7l said:

you mentioned SDN-WAN, what exactly is it 

Its a "Software Defined Network" (SDN). It will allow you to create a "second" LAN, exclusively managed by you for endpoints scattered across the internet.

The benefit is, that each member/host of that "LAN2" will only need a client to connect (from this perspective, working like accessing a VPN).

There is no need for port forwarding in your local WAN. In your setup, pfsense will see WAN, LAN (local home) and LAN2 (SDN) and you can simply manage access via routing / firewall rules.

 

3 hours ago, bi7l said:

do they provide you access to a public ip and access to port forwarding?

nope....see above

 

3 hours ago, bi7l said:

is there it a paid subscription service?

there a free tiers available...have a look at zerotier https://www.zerotier.com/pricing/

In your scenario, behind CGN, the "Basic" plan is what you should go for.

 

3 hours ago, bi7l said:

is it similar to a VPN server like airvpn?

nope, not really. It gives you a fully controllable L2/L3 network over IP.

It all comes down to know how routing works and what a firewall will do in this respect....not with port forwarding.

 

3 hours ago, bi7l said:

if it’s something like that it’ll save me alot of money, right now i use airvpn to port forward 

This is something you would most likely use for close / well known members, like family and friends. All they need is a (free) zerotier client and you need to grant access to your zt-network in your plan, when they first connect/want to join.

 

Of couse you could setup a free tier on a VPS and enable more networks, even for unknown users of your services, for the cost of that VPS.

 

  • Thanks 2
Link to comment
  • 5 months later...
On 10/29/2021 at 4:54 AM, Ford Prefect said:

There is some guidance around here for how to passthrough a NIC and the setup of pfsense in a VM for unraid.

For the LAN port, the setting is quite simple.

With two NICs, when unraid starts, it will allocate both into a bridge and enable an active backup bond.

So the first task is to remove one NIC (for later WAN) from that...this will happen automagically, when you follow the instructions to passthrough the NIC. There the first step is, to exclude its IOMMU group from the use by the unraid host, so it can be allowed to passthrough for a VM. Mind you, that your Hardware - both CPU and Chipset - must be capable and configured in the BIOS to allow this. unraid will tell you in the system info, if IOMMU is enabled/available.

 

After that, now with only one NIC left / seen in the unraid host, you create the VM with one NIC (the other) from passthrough and a second one (which will be created in the VM template by default) as a virtio/virtio-net model. 

Then assign WAN and LAN properly in the pfsense VM during startup. You will be able to distinguish these by the name/driver used. One one will be real, using the driver for your hardware NIC, the other will be virtual.

 

Outstanding post.  This is exactly the information I needed!

 

I have an Intel X550-T2 NBASE-T PCI NIC.  The two NIC's on my MB are only 1GB.  I have 2.5Gb WAN and 10Gb LAN, so I want to only use the to 10Gb ports; one for WAN and the other for LAN.  However, I still want unRAID to have full access to 2.5GB internet service.  unRAID is my primary OS with VM's, so at my desk I want it all.

 

Right now the only router I have found that has separate (two ports) multi-gig ports for WAN and LAN is the Verizon 5G router I am using.  ASUS has a couple new ones out, but they are junk too so this will push me to finally dive into pfSense.

 

Thank you,

craigr

Link to comment




Right now the only router I have found that has separate (two ports) multi-gig ports for WAN and LAN is the Verizon 5G router I am using.  ASUS has a couple new ones out, but they are junk too so this will push me to finally dive into pfSense.


...you can look for Mikrotik line of Routers.
RouterOS is very powerful and flexible, hence it comes with a steep learning curve.
But value for money is great.
The RB5009 should be able to drive a 2.5G WAN and 10G Uplink to your main Switch.
RouterOS us not free but the license is paid with the hardware price. When you want to try it in a VM a Mikrotik CHR will need much less resources than pfsense.

Gesendet von meinem SM-G780G mit Tapatalk

  • Thanks 1
Link to comment
9 hours ago, Ford Prefect said:

...you can look for Mikrotik line of Routers.
RouterOS is very powerful and flexible, hence it comes with a steep learning curve.
But value for money is great.
The RB5009 should be able to drive a 2.5G WAN and 10G Uplink to your main Switch.
RouterOS us not free but the license is paid with the hardware price. When you want to try it in a VM a Mikrotik CHR will need much less resources than pfsense.

Gesendet von meinem SM-G780G mit Tapatalk
 

 

 

Thank you again!

 

That router looks like it would fit the bill quite well actually.  There is only one lacking however that is the same shortcoming I am dealing with now.  My current router connects to my home network through 1Gb LAN to my Brocade switch.  The 2.5Gb LAN port on the router connects directly to unRAID via one of the 10Gb nics (10BASE-T).  unRaid's other 10Gb nic goes back to the Brocade switch so that the media server can feed the whole house at 10Gb.  The shortcoming is that there is no way to distribute the 2.5Gb WAN throughout the house as it goes directly to unRAID (does my family care...).

 

With pfSense on unRAID, I can use one 10Gb port for WAN and connect to the modem at 5Gb instead of just 2.5Gb because the modem has a 5Gb ethernet port (this would be cool because my connection is usually actually between 2800-3500Gb).  I can then use the other 10Gb port on unRAID to run back to my Brocade switch.  This would provide full +2.5Gb internet to be divvied up throughout the house via 1Gb pipes and also still provide 10Gb for media sharing.

 

I'll have to look at the Mikrotik routers though as I think this may really be a better solution.  I'm guessing that they make one with a 5Gb or maybe a couple 10BASE-T ports.  My Brocade switches require 10Gb only and do not support 10BASE-T too.

 

I don't know how I will find the time for a steep learning curve either, but somehow I always seem to make the time for these sort of projects 🙂

 

Kind regards,

craigr

Link to comment

...the RB5009 is fairly new, as is ROSv7.
If you want to be flexible, go for an all 10G model.
I am running the RB4001.
Mind you, for inter-VLAN routing that needs to be abke to sustain 10ag on L3 you need an even more beefier model...maybe CCR2004.
The Mikrotik S-RJ10 SFP+ Module can sync at 1/2.5/5 and 10G...but these get very hot. 10G consumes more energy, when on Base-T.

...if you can, go for fiber in the house...

Gesendet von meinem SM-G780G mit Tapatalk

  • Thanks 1
Link to comment
3 hours ago, Ford Prefect said:

...the RB5009 is fairly new, as is ROSv7.
If you want to be flexible, go for an all 10G model.
I am running the RB4001.
Mind you, for inter-VLAN routing that needs to be abke to sustain 10ag on L3 you need an even more beefier model...maybe CCR2004.
The Mikrotik S-RJ10 SFP+ Module can sync at 1/2.5/5 and 10G...but these get very hot. 10G consumes more energy, when on Base-T.

...if you can, go for fiber in the house...

Gesendet von meinem SM-G780G mit Tapatalk
 

The RB5009 sure looks like the best fit at a reasonable price to boot.  As far as I am concerned, Mikrotik is very good quality.  The RB5009 could be a router that lasts me a very long time.  I'll do some more research and/or wait to see how the 2.5Gb port seems to be.  If it has a problem, perhaps they may fix it with firmware?  I wonder what controler chip it is using.

 

As I think about it, I could connect the RB5009 2.5Gb port to my modem, run the 10Gb SFP+ to my Brocade, and then run just one 10Gb between my Brocade and unRaid.

 

I don't need to sustain 10Gb.  Worst possible use case is four simultaneous 4k UHD uncompressed Blu-ray video streams on the LAN while also downloading at 250MB/s from WAN.  That will possibly never even happen, or if it does very rarely.  That said, fiber is better, but when I bought my unRAID nic I knew I would have to use copper for my router at that time so...  I now wish I had gotten the Intel NIC with SFP+ ports and just popped an SFP+ RJ45 module in one of the two ports for WAN.

 

craigr

Link to comment

...agree, based on what you describe, the RB5009 looks fine.
They are updating and fixing the firmware constantly. I still have items, that were sold with v3 and are still maintaining running v7 now.

On their product website, each one should have a data sheet and a block diagram. The chipset for the RB5009 is a Marvell SoC with Switch and CPU, I think.
On their help site, you can find information on the L2 and L3 Hardware capabilities including hw acceleration for certain network scenarios. With v7.1 for example, they activated L2 VLAN switching on the switch chip for my rb4011, that wasn't there in v6 when I bought it. Now it's basically doing the same job, but running idle where before it was running 25+ percent CPU load

Gesendet von meinem SM-G780G mit Tapatalk

Link to comment

Initial setup for basic router usage doesn't look terribly complicated based on their white paper:

https://help.gowifi.co.nz/support/solutions/articles/48001077268-beginners-guide-to-configuring-a-mikrotik-router-from-start-to-finish

 

These routers go deep though.  I still haven't mastered FastIron by any stretch 😅.

 

Hardware acceleration would be great.  Did you have to manually enable it or did it just start happening with the OS update?

 

Right now the RB5009 isn't in stock anywhere.  I found one online seller, but I think their web page may be a scam 🤯

Link to comment

It seems like I am trying to do this just a bit too soon and from my experience early adoption can be a nightmare.  The RB5009UG literally seems to be the ONLY router that fits the bill at a reasonable price that I am willing to pay.  Unfortunately, with supply chain issues they are just out of stock everywhere.  Now with this month long lockdown in Shanghai still going on, who knows when they will ever be in stock. 

 

I do want to make sure the 2.5Gb port gets fixed.  It would be a shame if it happens to be a hardware issue.  If they can't fix it for some reason I doubt I'd be able to get my money back out of it.  Reading, it's surprising how many people think this is the "perfect" router for their usage case.  MikroTik has a hot item on their hands.  Hopefully they can catch up building the hardware to maintain market advantage before other companies release similar products.

 

I sent MikroTik a support message asking about the 2.5GB port.  I await their response.

 

For now as a stop gap, I think I will setup pfSense on unRAID and see what speeds I get and how well it works.  Obvious disadvantage is loss of internet if unRAID goes down, but I typically go months between reboots.  Advantage with unRAID would be potentially up to 3.8 Gb download speeds, not just 2.5 Gb.

 

craigr 

Edited by craigr
addition
Link to comment
7 minutes ago, craigr said:

I think I will setup pfSense on unRAID and see what speeds I get and how well it works.  Obvious disadvantage is loss of internet if unRAID goes down, but I typically go months between reboots. 

If you have another pc not in use, if you can get 2 ethernet ports in it you can use it as a quick way to keep your internet up if you need to reboot unraid. pfSense backup files are plain XML, it's easy to edit the ports to match the hardware so you can seamlessly move your pfSense install to pretty much any compatible hardware in minutes. Simply install pfSense on the device you want to use, take a basic backup to get the port names correct, then take your live backup and edit the port names to match the backup hardware and restore your live backup to the temporary box. All your firewall rules, VPN's, everything else should come back up.

 

I have an old laptop with a second ethernet cardbus adapter that I can fire up in a minute or two if I need to take the server down for an extended period of time.

Link to comment
3 hours ago, JonathanM said:

If you have another pc not in use, if you can get 2 ethernet ports in it you can use it as a quick way to keep your internet up if you need to reboot unraid. pfSense backup files are plain XML, it's easy to edit the ports to match the hardware so you can seamlessly move your pfSense install to pretty much any compatible hardware in minutes. Simply install pfSense on the device you want to use, take a basic backup to get the port names correct, then take your live backup and edit the port names to match the backup hardware and restore your live backup to the temporary box. All your firewall rules, VPN's, everything else should come back up.

 

I have an old laptop with a second ethernet cardbus adapter that I can fire up in a minute or two if I need to take the server down for an extended period of time.

Ultimately I think that's the way to do it assuming pfSense works out well for me.  Spaceinvader One has a script setup to send a WOL packet when he shuts down unRAID to automatically wake the dedicated pfSense machine.  I'm sure I can coble some machine around here together for the purpose.

 

I spoke to a couple sales reps today about the RB5009.  They say it's the only MikroTik hardware that has not been coming in at all and has been backordered for months.  I was told most of there other products have a 4-6 week lead time, but that the RB5009 has been backordered for over four months now!  I suspect that MikroTik may have discovered a hardware problem with the 2.5Gb port and are revising the board.  Just my guess anyway.  Everyone agrees the 2.5Gb port is only usable at 1Gb if it can be forced to work at all.  I'd be holding out even if they were in stock anywhere, which they are not.  Something for me to look forward to in the future though I hope.

 

Thanks guys,

craigr

Link to comment
On 10/29/2021 at 4:54 AM, Ford Prefect said:

For the LAN port, the setting is quite simple.

With two NICs, when unraid starts, it will allocate both into a bridge and enable an active backup bond.

So the first task is to remove one NIC (for later WAN) from that...this will happen automagically, when you follow the instructions to passthrough the NIC. There the first step is, to exclude its IOMMU group from the use by the unraid host, so it can be allowed to passthrough for a VM. Mind you, that your Hardware - both CPU and Chipset - must be capable and configured in the BIOS to allow this. unraid will tell you in the system info, if IOMMU is enabled/available.

 

After that, now with only one NIC left / seen in the unraid host, you create the VM with one NIC (the other) from passthrough and a second one (which will be created in the VM template by default) as a virtio/virtio-net model. 

Then assign WAN and LAN properly in the pfsense VM during startup. You will be able to distinguish these by the name/driver used. One one will be real, using the driver for your hardware NIC, the other will be virtual.

 

So this is working well for me now with only one problem.  My binhex-nzbget docker is only downloading around 60MB/s now, where I am getting ~235MB/s with my ISP router.

 

I think I've been at it too long.  I'll have to look tomorrow and see what I find.

 

Thanks again,

craigr

Link to comment

...235MB/sec is a 2.5Gbps connection, while 60MB/sec is more like 500Mbps connection.
Remember that the pfsense does not have Hardware acceleration for NAT, like maybe your router has.

Is this kind of performance drop also present, when using a vanilla speedtest, not via VPN?
Also, is then WAN connection initiated via ppoe? This as well can be a bottleneck as it could be a single threaded process, again without hw optimization on the pfsense. You need to give sufficient resources, CPU Cores and RAM to the VM.
If normal speedtest is OK, check other design "flaws", like running via L3/routing (did you run the test on a single network or maybe two?). Also check that virtio and not virtio-net drivers are used (although this sometimes causes trouble with dockers and VMs on the same bridge/network).

Gesendet von meinem SM-G780G mit Tapatalk

  • Thanks 1
Link to comment
45 minutes ago, Ford Prefect said:

...235MB/sec is a 2.5Gbps connection, while 60MB/sec is more like 500Mbps connection.
Remember that the pfsense does not have Hardware acceleration for NAT, like maybe your router has.

Is this kind of performance drop also present, when using a vanilla speedtest, not via VPN?
Also, is then WAN connection initiated via ppoe? This as well can be a bottleneck as it could be a single threaded process, again without hw optimization on the pfsense. You need to give sufficient resources, CPU Cores and RAM to the VM.
If normal speedtest is OK, check other design "flaws", like running via L3/routing (did you run the test on a single network or maybe two?). Also check that virtio and not virtio-net drivers are used (although this sometimes causes trouble with dockers and VMs on the same bridge/network).

Gesendet von meinem SM-G780G mit Tapatalk
 

 

I'm not sure, but perhaps newsdemon is just running slow.  After my post las night, there have been times when the speed picked up, but not consistent like most times in the past.  I may have to just wait and see over a couple days.

 

With speedtest.net I am indeed able to maintain over 2000 Mbps down.  I am on a VM attached to the same unRAID machine running pfSense.  I gave pfSense three cores (six with HT) and they are all maintaining low utilization even when downloading at maximum speed.  I've tried different amounts of RAM and have settled on 1GB for now as it never seems to go about 25% utilization.

 

I am using virtio as as my network model.

 

"If normal speedtest is OK, check other design "flaws", like running via L3/routing (did you run the test on a single network or maybe two?)."

 

This I am not sure about what you mean.  How could my nzbget docker be running L3 routing?  And please explain further "on a single network or maybe two."

 

Once again thank you!

craigr

Edited by craigr
Link to comment

Unrelated but strange; my dual nic Intel X550-T2 has MAC addresses of a0:36:9f:20:64:48 and a0:36:9f:20:64:4A.  I wonder why they skipped an address in-between?  I assigned my virtio MAC address to a0:36:9f:20:64:49. there shouldn't be a problem with this should there?  Just grasping at straws.

 

Also, I am not running nzbget through a VPN, just TLS.  With PIA I only get about 100 Mbps.

 

craigr

Edited by craigr
Link to comment

...by referring to L3/routing and usage of more than one (IP-)network, I was referring to on what layer your traffic actually was being processed. Should you have introduced a second network (IP range and netmask) in your pfsense, besides your already existing LAN, the traffic would have to pass via the firewall, causing a higher load and potentially lower speeds.

No, the MAC itself is of no concern, as long as it is unique.
Virtio network model should give you speed in the range of the CPU bandwidth.
So, basically everything looks OK, what you did setup. No clue why it shouldn't work.
You need to run some more tests, using a client VM is a good move, and find the missing link by systematically trying and ruling out things.

Gesendet von meinem SM-G780G mit Tapatalk

  • Thanks 1
Link to comment

So I just hit 261 MB/s on a download, fastest than ever.  However, it progressively slowed down to around 122 MB/s.  This was on a 6.5GB file and I often download 80GB files or larger.  

 

Trouble with troubleshooting... I have no other computers on my network that support 10GB and my switches only support 10GB and 1GB.  Thus, I must test only on the VM's and dockers themselves to see about full speeds.  I have a 2.5GB PCI nic that I could put in another computer, but no switch or router to hook it up to.

 

* WAIT! I could put the 2.5GB nic into a computer and connect that to the LAN port on unRAID for testing!  That would be a perfect test I think; direct connection to modem without long cables or switches!

 

The modem is outside and is powered by a PoE injector in my equipment room.  The cabling between the PoE injector and model is first rate and is what I have been using since day one.  However, with the pfSense setup, I now have a CAT6 cable run from the PoE injector all the way back to the unRAID pfSense VM (about 15 meters).  I am suspicious of the 15 meter CAT6 run, but I am getting very few errors showing up in pfSense, so I have trouble believing it's the cable.  I also re-terminated it yesterday.

 

pferrors.png.3506c3b4663dde3142ce7625d595f508.png

 

Best regards,

craigr

 

Edited by craigr
Link to comment

This I find a little weird:

 

715068757_pfsenseinterfaces.png.b997f4b4b641d3ae37590a1aeb40b13c.png

 

WAN showing "unknown" when it's connected to a 10GB port.  However, I tried to use ifconfig to set the WAN port to 2500baseTX and tried 5000baseTX and got error messages basically saying what I think means FreeBSD does not understand 2.5GB or 5GB:

 

[2.6.0-RELEASE][[email protected]]/root: ifconfig ix0
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8138b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER>
        ether a0:36:9f:20:64:4a
        inet6 fe80::xxxx:xxxx:xxxx:644a%ix0 prefixlen 64 scopeid 0x2
        inet 75.xxx.xxx.110 netmask 0xfffffffc broadcast 75.xxx.xxx.111
        media: Ethernet autoselect (Unknown <rxpause,txpause>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
[2.6.0-RELEASE][[email protected]]/root: ifconfig ix0 192.168.1.1 media 2500baseTX mediaopt full-duplex
ifconfig: unknown media subtype: 2500baseTX
[2.6.0-RELEASE][[email protected]]/root:

 

I also tried 2500baseT, 5000baseTX, and and 5000baseT (not sure which is correct with new FreeBSD distributions).  Did I do this correctly?

 

Is there a way I can actually see the speed that may WAN port auto negotiated with my modem that you know of?  The modem has a 5GB port and that is it in bridge mode.  I think it's certainly connected at least at 2.5GB or I wouldn't have the speeds that I do at all, but I would like to verify what it is doing.

Edited by craigr
Link to comment

...the command/tool to check ethnert link/interface details would be ethertool, but I don't know if this exists in pfsense/freebsd.

By second thought about your statement for the MAC of the virtio interface....it sounds like you did set the Mac manually? I don't think that this is useful/needed. Just make sure, that you attach the virtio nic to the unraid bridge br0, your LAN.


Edit: instead of pfsense, you could try opnsense as well...maybe this has other /updated drivers for the Intel 10G cards.

Gesendet von meinem SM-G780G mit Tapatalk



Link to comment
9 hours ago, Ford Prefect said:

...the command/tool to check ethnert link/interface details would be ethertool, but I don't know if this exists in pfsense/freebsd.

By second thought about your statement for the MAC of the virtio interface....it sounds like you did set the Mac manually? I don't think that this is useful/needed. Just make sure, that you attach the virtio nic to the unraid bridge br0, your LAN.


Edit: instead of pfsense, you could try opnsense as well...maybe this has other /updated drivers for the Intel 10G cards.

Gesendet von meinem SM-G780G mit Tapatalk

I like ethtool a lot better, but all FreeBSD seems to have is ifconfig instead.  I am not proficent in ifconfig as I am in ethtool.

 

"By second thought about your statement for the MAC of the virtio interface....it sounds like you did set the Mac manually? I don't think that this is useful/needed. Just make sure, that you attach the virtio nic to the unraid bridge br0, your LAN."

 

When I created the pfsense VM you can allow it to randomly choose a MAC or enter one manually.  I just chase the MAC I did because it's exactly in the middle of my two physical MAC addresses.  The both are identical XX:XX:XX:XX:64:48 and XX:XX:XX:XX:64:4A.  I figured XX:XX:XX:XX:64:49 would just be easy to remember is all.

 

This has been done in pfsense, I assume you mean also in my dockers?  Just for the heck of it, I tried setting nzbget to bro, bridge, and even host.  All perform the same.

 

lans.thumb.png.9d556738b36bbfdb1140331881b69f1e.png

 

I may give opnsense a try, but I would think my nic should be well supported by pfsense.  Both opnsense and pfsense run on FreeBSD so...

 

After hours when the family is asleep I'm going to try my ISP router again to make sure things aren't slow there too.

 

Thanks again for all your help,

craigr

Edited by craigr
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.