Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

newbe pfsense Q's

Featured Replies

Hi

I have a HP Microserver gen 10 plus with integrated 4 port 1G nics (ie no other seperate NIC cards installed)

Is it possible to use two of these ports for a pfsense VM 

This Unraid server will have Frigate (using USB corral) pihole pfsense and maybe HAS.

This is for a share house so the "client" (my daughter) has her internet locked down etc.

I have setup several other Unraid servers (on better H/W) but not with pfsense.

Spaceinvadeone has the howto but is 6+ years old.

Any links to vids/forums etc would be greatly appreciated. 

 

Thanks

  • Author

..another quick question re frigate (if it's not too cheeky) - How do I prevent internal users from accessing unsecured webpage on port 5000?

If you want to use PFSense as a blocking/filtering device, and you can forward one or two ports to the VM seperately, you can set one of the forwarded ports to output to the client, and use the other port or the unraid network as incoming. That way you could block or allow whatever you want. You'll just have to check in the system devices under tools if you can pass them through one port at a time, or if it's all or nothing.

  • Author

Thanks Wody

This new UnRaid server is the first one I've used with Version 7

Under Tools/system devices - each had their own IOMMU group (13,14,15 ect) even though they had the same ID - just ticked the ones I wanted to bind to VFIO at boot, and followed spaceinvaderone's video (8 years old!) after that.

- ticked the PCI Devices which were the two NICS in the VM settings

- Removed the "Interface" settings (XML View)

Manually set the interfaces and their IP addresses - then was able to login to the pfSense interface via the server using a keyboard/mouse and monitor.

 

NOTE: it is tricky to setup if you are using the "Trial" version of unraid - as it requires an internet connection before it will mount so doing any reboots you need to bypass the pfSense router (obviously as it isnt running) - Im still waiting for a new USB and internal drives to arrive in the post before I pay for the license.

 

If anything happens that stops the mount/docker/VM from running - I'll try and have a plan "B" (probably need access to the actual server hardware and use  Kb mouse and monitor).

 

 

On 3/14/2025 at 8:40 PM, WaldonPaul said:

This Unraid server will have Frigate (using USB corral) pihole pfsense and maybe HAS.

 

That's a fine setup if that instance of pfSense is not your primary routing device. If instead you plan to run a pfSense VM as a primary router (for the whole premises), I strongly advise not running anything else on the system other than pfSense itself - along with possibly anything else required to support its features, like piHole. You don't want to bring down your internet access, DNS, network, when playing around with other apps/dockers/VMs.

I run small, but dedicated machines on Unraid, for each of pfSense and Home Assistant VMs.

 

 

 

 

Edited by Espressomatic

  • Community Expert

^ This

 

I too thought of running pfSense/OPNsense on my main Unraid server.  The 2 port 1GBe nic PCIe card I picked up just for that purpose is still in the server.  But after thinking through the details, there was just too much down side to it.  Things that Espessomatic mentioned above, security concerns, remote management setups for both the firewall and the Unraid server and the services running on it,  I just couldn't get comfortable with how it all was going to be modeled.

 

Ended up buying one of those inexpensive 4 2.5GBe port Celeron N5105 PC boxes and loading OPNsense on it bare metal.  Completely isolated from any of my other systems (other than the WAN/LAN, of course).  Hasn't missed a beat, 100% pleased with the decision.

  • Author

Thanks for all the replies - Im well aware of the big downside running it in a VM on the UnRaid server (the voices in my head are telling me the same). 

 

This setup is to just get something into place at the moment to protect my daughter - cost being the main issue and I have these (almost new) parts laying around.

The plan is to migrate the pfSense to its own dedicated hardware later on.  

 

As done in the past - hotspot her computer to her phone and I can automatically log in anytime if this setup/internet goes down.

 

The cheapest NUC available to me is A$380 plus freight (no memory/hd). Apart from the 4 security cams, this build is only ~$400 including the Corral USB!

 

RE piHole - I wont be using now as pfSense fits the role. Im waiting for the Corral USB still - if UnRaid CPU usage becomes too high I will pull the trigger on a NUC straight away.

 

Thanks again - Great community!

 

 

Nothing wrong with pfSense virtualized, IMO. The recommendation I was making is just not to run all your other non-edge services on the same Unraid machine, so that when you need to take the machine down, you don't take down your internet/DNS connection.

 

Unless you really love (and want to manage) haproxy, I strongly recommend piHole or AdGuard Home for DNS black-hole use. They're both much friendlier and easier to manage and update.

 

My preferred way to handle DNS is: pfSense DHCP -> AdGuard Home DNS -> UnBound Resolver on pfSense -> Quad9 upstream

 

So pfSense gives out the AGH IP as the local DNS server to everyone that connects, AGH does its filtering and uses UnBound for local/private resolution and upstream, UnBound directs a list of local domain overrides to my Reverse Proxy IP plus other machines as per IP reservations, and passes public queries to Quad9.  UnBound runs on port 53 as default.

 

 

Edited by Espressomatic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.