March 15, 20251 yr Hi I have a HP Microserver gen 10 plus with integrated 4 port 1G nics (ie no other seperate NIC cards installed) Is it possible to use two of these ports for a pfsense VM This Unraid server will have Frigate (using USB corral) pihole pfsense and maybe HAS. This is for a share house so the "client" (my daughter) has her internet locked down etc. I have setup several other Unraid servers (on better H/W) but not with pfsense. Spaceinvadeone has the howto but is 6+ years old. Any links to vids/forums etc would be greatly appreciated. Thanks
March 15, 20251 yr Author ..another quick question re frigate (if it's not too cheeky) - How do I prevent internal users from accessing unsecured webpage on port 5000?
March 15, 20251 yr If you want to use PFSense as a blocking/filtering device, and you can forward one or two ports to the VM seperately, you can set one of the forwarded ports to output to the client, and use the other port or the unraid network as incoming. That way you could block or allow whatever you want. You'll just have to check in the system devices under tools if you can pass them through one port at a time, or if it's all or nothing.
March 16, 20251 yr Author Thanks Wody This new UnRaid server is the first one I've used with Version 7 Under Tools/system devices - each had their own IOMMU group (13,14,15 ect) even though they had the same ID - just ticked the ones I wanted to bind to VFIO at boot, and followed spaceinvaderone's video (8 years old!) after that. - ticked the PCI Devices which were the two NICS in the VM settings - Removed the "Interface" settings (XML View) Manually set the interfaces and their IP addresses - then was able to login to the pfSense interface via the server using a keyboard/mouse and monitor. NOTE: it is tricky to setup if you are using the "Trial" version of unraid - as it requires an internet connection before it will mount so doing any reboots you need to bypass the pfSense router (obviously as it isnt running) - Im still waiting for a new USB and internal drives to arrive in the post before I pay for the license. If anything happens that stops the mount/docker/VM from running - I'll try and have a plan "B" (probably need access to the actual server hardware and use Kb mouse and monitor).
March 16, 20251 yr On 3/14/2025 at 8:40 PM, WaldonPaul said: This Unraid server will have Frigate (using USB corral) pihole pfsense and maybe HAS. That's a fine setup if that instance of pfSense is not your primary routing device. If instead you plan to run a pfSense VM as a primary router (for the whole premises), I strongly advise not running anything else on the system other than pfSense itself - along with possibly anything else required to support its features, like piHole. You don't want to bring down your internet access, DNS, network, when playing around with other apps/dockers/VMs. I run small, but dedicated machines on Unraid, for each of pfSense and Home Assistant VMs. Edited March 16, 20251 yr by Espressomatic
March 16, 20251 yr Community Expert ^ This I too thought of running pfSense/OPNsense on my main Unraid server. The 2 port 1GBe nic PCIe card I picked up just for that purpose is still in the server. But after thinking through the details, there was just too much down side to it. Things that Espessomatic mentioned above, security concerns, remote management setups for both the firewall and the Unraid server and the services running on it, I just couldn't get comfortable with how it all was going to be modeled. Ended up buying one of those inexpensive 4 2.5GBe port Celeron N5105 PC boxes and loading OPNsense on it bare metal. Completely isolated from any of my other systems (other than the WAN/LAN, of course). Hasn't missed a beat, 100% pleased with the decision.
March 17, 20251 yr Author Thanks for all the replies - Im well aware of the big downside running it in a VM on the UnRaid server (the voices in my head are telling me the same). This setup is to just get something into place at the moment to protect my daughter - cost being the main issue and I have these (almost new) parts laying around. The plan is to migrate the pfSense to its own dedicated hardware later on. As done in the past - hotspot her computer to her phone and I can automatically log in anytime if this setup/internet goes down. The cheapest NUC available to me is A$380 plus freight (no memory/hd). Apart from the 4 security cams, this build is only ~$400 including the Corral USB! RE piHole - I wont be using now as pfSense fits the role. Im waiting for the Corral USB still - if UnRaid CPU usage becomes too high I will pull the trigger on a NUC straight away. Thanks again - Great community!
March 18, 20251 yr Nothing wrong with pfSense virtualized, IMO. The recommendation I was making is just not to run all your other non-edge services on the same Unraid machine, so that when you need to take the machine down, you don't take down your internet/DNS connection. Unless you really love (and want to manage) haproxy, I strongly recommend piHole or AdGuard Home for DNS black-hole use. They're both much friendlier and easier to manage and update. My preferred way to handle DNS is: pfSense DHCP -> AdGuard Home DNS -> UnBound Resolver on pfSense -> Quad9 upstream So pfSense gives out the AGH IP as the local DNS server to everyone that connects, AGH does its filtering and uses UnBound for local/private resolution and upstream, UnBound directs a list of local domain overrides to my Reverse Proxy IP plus other machines as per IP reservations, and passes public queries to Quad9. UnBound runs on port 53 as default. Edited March 18, 20251 yr by Espressomatic
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.