Pfsense VM

[NeoDude]

I know that there has been posts about this in the past but I'm just about to take the plunge with replacing my ASUS router with a Pfsense VM and wanted to check if there are any updated guides for how to do this?

 

Also, I'm looking at buying a Dual NIC card for use by Pfsense and I'm slightly confused at the vastly differing prices on Amazon.

 

Would this or this do the job if passed through to my Pfsense VM? Any reason to go for the other cards costing 4 or 5 times as much?

 

 

[3605481mah]

I'd recommend a miniPC with 2 lan for this (I went this way) or VM in ESXI (had this before going bare metal)

 

Sent from my SM-G920F using Tapatalk

 

 

[NeoDude]

I want to avoid having extra boxes and PCs. I'd prefer to have it running under UnRaid as a VM. I understand the limitations regarding losing internet access when UnRaid is down.

[CateFul]

go ahead and do it, I did it with a Mikrotik CHR vm and it works flawlessly with pppoe connection. Though I only have 2 ports on my unRaid box so I had to use the old router as a switch. If you have the right wifi module you can even pass it to the vm and set it up as a wireless AP as well.

[NeoDude]

I have a Ubiquiti AP I'm planning on using for WiFi and I've just ordered a PCI Dual NIC that I plan on using passed through to pfSense. I just now kinda need a step by step on how to get it all working. I've downloaded the FreeBSD & pfSense ISOs but unsure where to start, lol.

[NeoDude]

Do I even need to install FreeBSD first? Can I not just install pfSense to the VM? I'm planning on 4GB RAM, is that enough? How much HDD space is needed for pfSense?

[CateFul]

not sure about pfsense, I use mikrotik.

 

I would imagine just install it with the iso and pass through the network device

[ezhik]

I'd recommend setting up a dedicated box rather than hosting pfSense in a VM (you might check out opnsense.org as well ) for security reasons that is.

[NeoDude]

I managed to work it out. I have pfSense running as a VM now, just need to wait for my NIC to arrive to start setup.

 

ezhik, in what way would running pfSense as a VM have security concerns?

[ezhik]

Remember that since you are emulating it, the actual packets are received by the host. The concern is breaking host security before it even gets to your pfsense VM.

[NeoDude]

How are the packets received first by the Host? The host has it's own network connection to the LAN, it has nothing to do with the WAN interface which would be used only by the pfSense VM.

[ezhik]

Only if you are going to do passthrough for the nic then your VM will be receiving if it directly, unless you virtualize it.

[NeoDude]

Yep, I stated in my first post that the plan was to pass through a NIC. Keep up man! 

[ezhik]

Yep, I stated in my first post that the plan was to pass through a NIC. Keep up man! 

 

[greg_gorrell]

I currently have pfsense running as a vm on my unraid box with an Intel dual nic passed through.  It works very well, the only issue you may experience is if you lose power to unraid, you lose your network.  Make sure to keep a machine set up with a static ip or you won't be able to connect in that situation.  The host will not receive any packets from the nic if you have it passed through to pfsense vm, so no security concerns there.

 

Sent from my SM-N910V using Tapatalk

 

 

[NeoDude]

Greg, do you use the second port on your NIC as the LAN connection back to your switch? or do you use the VLAN for the LAN connection?

[bigjme]

As a side note to overcome the ip access issue if your on a newer unraid just leave a screen etc. connected and access unraid directly via the gui - removes the issue of being unable to connect as it's all localhost then

[NeoDude]

Yep, I have the UnRaid GUI on a different input on my monitor. UnRaid and most of the machines on my network are all using static IPs anyways.