Tried to repurpose of old touchscreen-all-in-one PC

[Alphahelix]

Hi and welcome...

 

1) Disclaimer & security warning
2) How it started & Home Assistant
3) pfSense with 2 bridged connections
4) Dreams for the setup
5) Use-case

 

Hardware specs from tools->System Devices:
[8086:0f00]    00:00.0 Host bridge: Intel Corporation Atom Processor Z36xxx/Z37xxx Series SoC Transaction Register (rev 0e)
[8086:0f31]    00:02.0 VGA compatible controller: Intel Corporation Atom Processor Z36xxx/Z37xxx Series Graphics & Display (rev 0e)
[8086:0f23]    00:13.0 SATA controller: Intel Corporation Atom Processor E3800 Series SATA AHCI Controller (rev 0e)
[8086:0f35]    00:14.0 USB controller: Intel Corporation Atom Processor Z36xxx/Z37xxx, Celeron N2000 Series USB xHCI (rev 0e)
[8086:0f18]    00:1a.0 Encryption controller: Intel Corporation Atom Processor Z36xxx/Z37xxx Series Trusted Execution Engine (rev 0e)
[8086:0f04]    00:1b.0 Audio device: Intel Corporation Atom Processor Z36xxx/Z37xxx Series High Definition Audio Controller (rev 0e)
[8086:0f48]    00:1c.0 PCI bridge: Intel Corporation Atom Processor E3800 Series PCI Express Root Port 1 (rev 0e)
[8086:0f4a]    00:1c.1 PCI bridge: Intel Corporation Atom Processor E3800 Series PCI Express Root Port 2 (rev 0e)
[8086:0f4c]    00:1c.2 PCI bridge: Intel Corporation Atom Processor E3800 Series PCI Express Root Port 3 (rev 0e)
[8086:0f4e]    00:1c.3 PCI bridge: Intel Corporation Atom Processor E3800 Series PCI Express Root Port 4 (rev 0e)
[8086:0f34]    00:1d.0 USB controller: Intel Corporation Atom Processor Z36xxx/Z37xxx Series USB EHCI (rev 0e)
[8086:0f1c]    00:1f.0 ISA bridge: Intel Corporation Atom Processor Z36xxx/Z37xxx Series Power Control Unit (rev 0e)
[8086:0f12]    00:1f.3 SMBus: Intel Corporation Atom Processor E3800 Series SMBus Controller (rev 0e)
[10ec:8168]    01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
[8086:088e]    02:00.0 Network controller: Intel Corporation Centrino Advanced-N 6235 (rev 24)
[10ec:8168]    03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)

 

1) This little guide is foremost to give inspiration, not good in practical, as this is not wise security wise. (https://forums.unraid.net/topic/104669-warning-unraid-servers-exposed-to-the-internet-are-being-hacked/)

 

2) Since I am a bit craz... I mean dedicated, I like to repurpose old hardware to give it new life. Recently I started playing around HASS (Home Assistant), and remembered I had 2 old "All-In-One" PC's with touchscreen laying around unused. So I set one up with Mint and firefox in kiosk mode. No problem... Then I thought at should be able to run HASS in a virtual environment (either docker or VM) and sure it could. Now my problem is, I have tried all my best (including Google searching) to pass-through a USB device (Zigbee) into said docker or VM. But I guess I am a better in other ares than Linux/Docker... I then thought if I used unRaid as passing anything through in unRaid is so easy. And sure no problem... But I still want a browser in kiosk mode. And since my two PCs are defently not build for VM use I soon realized that I do not have IOMMU so passing the GPU through to a linux VM was out of my abilities once again. (please let me know if there is a way to do this)

 

3) My main goal was to use one of these old PC with touchscreen as a terminal that run pfSense, HASS and a browser in kisok mode. Preferably on a linux host as they use less resources compared to Windows. But as mentioned above, I cannot pass-through any PCIe device. So a Linux VM in unRaid without the GPU would not make it possible to use the screen. Forcing me to use a Linux with GUI as host (I know unRaid have a GUI, but I have no keyboard or on-screen keyboard so I am stuck at the login screen).

 

4) But since I was playing with these two I wondered if I could install pfSense since they have 2 x 1gb NIC. But remember I have no way to pass the PCIe device through to a VM, even tried this as it mentioned splitting NIC that all are in one IOMMU:

So I took another approach...
    a) Start the download of the pfSense ISO
    b) Removed the bonding in settings->network settings
    c) Made sure "enable bridging" was set to yes
    d) Configured eth1 (my second NIC) to "IPv4 address assignment" to none
    e) After the array was up I created a VM with the free BSD profile
        I   ) Changed BIOS to SeaBIOS
        II  ) in OS Install ISO select pfSense I have downloaded before
        III ) Changed Primary vDisk Bus to SATA
        IV  ) Added a second Network and selected br1
        V   ) Removed the checkin  "Start VM after creation"
        VI  ) Clicked create
        VII ) Edited the new VM and click on the "Form view" button so it changes to XML view
        VIII) Scrolling down to <interface tyope='bridge'>
        IX  ) Change model from virtio or virtio-net to e1000e on both birdge configurations
        X   ) Click update
    f) Start the pfSense VM and configure it with br0 as LAN and br1 as WAN

 

5) Since unRaid is technically exposed to the big bad internet I would not use this for other than to test new features in pfSense or to get familiar with pfSense. It should be safe enough if your ISP is protecting you as a customer with a NAT firewall, but I would rather be safe and just find another solution.

 

But at least I figured out how to setup a pfSense VM without passing through any PCIe devices, though its rather academic in nature..

Last, if anyone know how of a good solution please let me know.