November 12, 20169 yr I know that there has been posts about this in the past but I'm just about to take the plunge with replacing my ASUS router with a Pfsense VM and wanted to check if there are any updated guides for how to do this? Also, I'm looking at buying a Dual NIC card for use by Pfsense and I'm slightly confused at the vastly differing prices on Amazon. Would this or this do the job if passed through to my Pfsense VM? Any reason to go for the other cards costing 4 or 5 times as much?
November 12, 20169 yr I'd recommend a miniPC with 2 lan for this (I went this way) or VM in ESXI (had this before going bare metal) Sent from my SM-G920F using Tapatalk
November 12, 20169 yr Author I want to avoid having extra boxes and PCs. I'd prefer to have it running under UnRaid as a VM. I understand the limitations regarding losing internet access when UnRaid is down.
November 12, 20169 yr go ahead and do it, I did it with a Mikrotik CHR vm and it works flawlessly with pppoe connection. Though I only have 2 ports on my unRaid box so I had to use the old router as a switch. If you have the right wifi module you can even pass it to the vm and set it up as a wireless AP as well.
November 12, 20169 yr Author I have a Ubiquiti AP I'm planning on using for WiFi and I've just ordered a PCI Dual NIC that I plan on using passed through to pfSense. I just now kinda need a step by step on how to get it all working. I've downloaded the FreeBSD & pfSense ISOs but unsure where to start, lol.
November 12, 20169 yr Author Do I even need to install FreeBSD first? Can I not just install pfSense to the VM? I'm planning on 4GB RAM, is that enough? How much HDD space is needed for pfSense?
November 12, 20169 yr not sure about pfsense, I use mikrotik. I would imagine just install it with the iso and pass through the network device
November 12, 20169 yr I'd recommend setting up a dedicated box rather than hosting pfSense in a VM (you might check out opnsense.org as well ) for security reasons that is.
November 12, 20169 yr Author I managed to work it out. I have pfSense running as a VM now, just need to wait for my NIC to arrive to start setup. ezhik, in what way would running pfSense as a VM have security concerns?
November 12, 20169 yr Remember that since you are emulating it, the actual packets are received by the host. The concern is breaking host security before it even gets to your pfsense VM.
November 12, 20169 yr Author How are the packets received first by the Host? The host has it's own network connection to the LAN, it has nothing to do with the WAN interface which would be used only by the pfSense VM.
November 12, 20169 yr Only if you are going to do passthrough for the nic then your VM will be receiving if it directly, unless you virtualize it.
November 13, 20169 yr Author Yep, I stated in my first post that the plan was to pass through a NIC. Keep up man!
November 13, 20169 yr Yep, I stated in my first post that the plan was to pass through a NIC. Keep up man!
November 13, 20169 yr I currently have pfsense running as a vm on my unraid box with an Intel dual nic passed through. It works very well, the only issue you may experience is if you lose power to unraid, you lose your network. Make sure to keep a machine set up with a static ip or you won't be able to connect in that situation. The host will not receive any packets from the nic if you have it passed through to pfsense vm, so no security concerns there. Sent from my SM-N910V using Tapatalk
November 14, 20169 yr Author Greg, do you use the second port on your NIC as the LAN connection back to your switch? or do you use the VLAN for the LAN connection?
November 14, 20169 yr As a side note to overcome the ip access issue if your on a newer unraid just leave a screen etc. connected and access unraid directly via the gui - removes the issue of being unable to connect as it's all localhost then
November 14, 20169 yr Author Yep, I have the UnRaid GUI on a different input on my monitor. UnRaid and most of the machines on my network are all using static IPs anyways.
Archived
This topic is now archived and is closed to further replies.